[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 7 06:00:10 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54b7c150 by Salvatore Bonaccorso at 2022-06-07T06:59:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1842,7 +1842,7 @@ CVE-2022-31770
 CVE-2022-31769
 	RESERVED
 CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-31767
 	RESERVED
 CVE-2022-31766
@@ -4825,13 +4825,13 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2
 CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An  ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio  ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1710
 	RESERVED
 CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1708
 	RESERVED
 CVE-2022-1707
@@ -5086,31 +5086,31 @@ CVE-2022-1697
 CVE-2022-1696
 	RESERVED
 CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1694
 	RESERVED
 CVE-2022-1693
 	RESERVED
 CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1691 (The Realty Workstation WordPress plugin through 1.0.6 does not sanitis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not proper ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...)
 	NOT-FOR-US: facturascripts
 CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...)
@@ -5273,7 +5273,7 @@ CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp
 	NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938)
 	NOTE: Negligible security impact; crash in CLI tool
 CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1672
 	RESERVED
 CVE-2022-1671
@@ -5399,7 +5399,7 @@ CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in rada
 CVE-2022-1648
 	RESERVED
 CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-30526
 	RESERVED
 CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
@@ -6065,9 +6065,9 @@ CVE-2022-1600
 CVE-2022-1599
 	RESERVED
 CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1596
 	RESERVED
 CVE-2022-1595
@@ -6252,7 +6252,7 @@ CVE-2022-1579
 CVE-2022-1578
 	RESERVED
 CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1576
 	RESERVED
 CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
@@ -6266,9 +6266,9 @@ CVE-2022-1572
 CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...)
 	NOT-FOR-US: facturascripts
 CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46810
@@ -7096,7 +7096,7 @@ CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudik
 CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1540
 	RESERVED
 CVE-2022-1539
@@ -7407,7 +7407,7 @@ CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_f
 	NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
 	NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
 CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
 	NOT-FOR-US: RSVPMaker plugin for WordPress
 CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...)
@@ -7597,7 +7597,7 @@ CVE-2022-1471
 CVE-2022-1470
 	RESERVED
 CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29808
 	RESERVED
 CVE-2022-29807
@@ -8444,7 +8444,7 @@ CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and
 CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not prop ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...)
@@ -14944,7 +14944,7 @@ CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does
 CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not sanitise the ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
 	NOT-FOR-US: OTRS
 	NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
@@ -18080,7 +18080,7 @@ CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
 CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0786
@@ -18098,7 +18098,7 @@ CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitis
 CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate the file ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
 	{DSA-5103-1 DLA-2953-1 DLA-2952-1}
 	- openssl 1.1.1n-1
@@ -30553,7 +30553,7 @@ CVE-2022-22398
 CVE-2022-22397
 	RESERVED
 CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum Protect Plus ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22395
 	RESERVED
 CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220607/27adfc2e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list