[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 4 21:17:34 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2145f3e by Salvatore Bonaccorso at 2022-07-04T22:16:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,7 @@ CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-2269
 	RESERVED
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2267
 	RESERVED
 CVE-2022-2266
@@ -7040,7 +7040,7 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
 	NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050)
 CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF checks ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1966
 	REJECTED
 CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
@@ -7916,7 +7916,7 @@ CVE-2022-1948
 CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...)
 	- apache2 2.4.54-1 (bug #1012513)
 	[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
@@ -16297,7 +16297,7 @@ CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not saniti
 CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...)
 	NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function  ...)
 	NOT-FOR-US: TRUMPF TruTops
 CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...)
@@ -33929,7 +33929,7 @@ CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the jso
 CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...)
 	- gitlab <unfixed>
 CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
@@ -96743,7 +96743,7 @@ CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress p
 CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25066 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize us ...)
@@ -96763,7 +96763,7 @@ CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to
 CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25056 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2145f3e5e61cd725053ab28c28918c7aebcf51b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2145f3e5e61cd725053ab28c28918c7aebcf51b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/aae85ad3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list