[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 11 21:15:02 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b4376c8 by Salvatore Bonaccorso at 2022-07-11T22:14:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4404,7 +4404,7 @@ CVE-2022-29921
CVE-2022-26084
RESERVED
CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2122
RESERVED
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
@@ -4924,15 +4924,15 @@ CVE-2022-2095
CVE-2022-2094
RESERVED
CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2090
RESERVED
CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33758
RESERVED
CVE-2022-33757
@@ -6732,7 +6732,7 @@ CVE-2022-2052
CVE-2022-2051
RESERVED
CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-32957
RESERVED
CVE-2022-32956
@@ -8887,9 +8887,9 @@ CVE-2022-1959
CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
NOT-FOR-US: FileCloud
CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...)
NOT-FOR-US: oxen-io/session-android
CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...)
@@ -8897,9 +8897,9 @@ CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1950
RESERVED
CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...)
@@ -9653,9 +9653,9 @@ CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration i
CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1938 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1937 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [Sanitizing and other XSS protections]
- spip 4.1.2+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u4
@@ -9831,7 +9831,7 @@ CVE-2022-1912
CVE-2022-1911
RESERVED
CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...)
NOT-FOR-US: organizr
CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
@@ -10027,7 +10027,7 @@ CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanit
CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape and s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
NOT-FOR-US: Zoo Management System
CVE-2022-31733
@@ -12174,7 +12174,7 @@ CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not ha
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1757 (The Pagebar WordPress plugin through 2.65 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1755
@@ -12419,7 +12419,7 @@ CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...)
NOT-FOR-US: Metasonic Doc WebClient
CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
@@ -13624,7 +13624,7 @@ CVE-2022-1628
CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...)
@@ -14193,7 +14193,7 @@ CVE-2022-1601
CVE-2022-1600
RESERVED
CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...)
@@ -14389,7 +14389,7 @@ CVE-2022-1578
CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...)
@@ -14742,7 +14742,7 @@ CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly re
CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30114
RESERVED
CVE-2022-30113
@@ -15745,7 +15745,7 @@ CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions be
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4)
CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, contains ...)
[experimental] - openssl 3.0.3-1
- openssl <not-affected> (Only affects OpenSSL 3.0)
@@ -19176,7 +19176,7 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...)
NOT-FOR-US: pimcore
CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...)
@@ -21987,7 +21987,7 @@ CVE-2022-1059
CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
- gitea <removed>
CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46739
RESERVED
CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...)
@@ -182185,7 +182185,7 @@ CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive o
CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...)
NOT-FOR-US: IBM
CVE-2020-4150 (IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, suc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4149
RESERVED
CVE-2020-4148
@@ -182209,7 +182209,7 @@ CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-si
CVE-2020-4139
RESERVED
CVE-2020-4138 (IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locall ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4137
RESERVED
CVE-2020-4136
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4376c826b5e0a0bbc6e751e715978e865a7a0f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4376c826b5e0a0bbc6e751e715978e865a7a0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/7dea568b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list