[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 20 21:20:50 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7c3560c by Salvatore Bonaccorso at 2022-06-20T22:20:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5636,7 +5636,7 @@ CVE-2022-31801
CVE-2022-31800
RESERVED
CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
@@ -5661,7 +5661,7 @@ CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration i
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1938
RESERVED
CVE-2022-1937
@@ -5831,7 +5831,7 @@ CVE-2022-1917
CVE-2022-1916
RESERVED
CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1914
RESERVED
CVE-2022-1913
@@ -5855,7 +5855,7 @@ CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
CVE-2022-1906
RESERVED
CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1904
RESERVED
CVE-2022-1903
@@ -6027,9 +6027,9 @@ CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)
CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanitise o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1894
RESERVED
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
@@ -6324,7 +6324,7 @@ CVE-2022-1891
CVE-2022-1890
RESERVED
CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1888
RESERVED
CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...)
@@ -7273,19 +7273,19 @@ CVE-2022-1833
RESERVED
NOT-FOR-US: Red Hat AMQ Broker
CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1831 (The WPlite WordPress plugin through 1.3.1 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1830 (The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1829 (The Inline Google Maps WordPress plugin through 5.11 does not have CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1828 (The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1827 (The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1826 (The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository collective ...)
NOT-FOR-US: collectiveaccess/providence
CVE-2022-1824 (An uncontrolled search path vulnerability in McAfee Consumer Product R ...)
@@ -7303,7 +7303,7 @@ CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Refle
CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...)
NOT-FOR-US: Student Information System
CVE-2022-1818 (The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1817 (A vulnerability, which was classified as problematic, was found in Bad ...)
NOT-FOR-US: Badminton Center Management System
CVE-2022-1816 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7460,7 +7460,7 @@ CVE-2022-31217 (Vulnerabilities in the Drive Composer allow a low privileged att
CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...)
NOT-FOR-US: Drive Composer
CVE-2022-1801 (The Very Simple Contact Form WordPress plugin before 11.6 exposes the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1799
@@ -8817,7 +8817,7 @@ CVE-2022-30759
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...)
- webmin <removed>
CVE-2022-1717 (The Custom Share Buttons with Floating Sidebar WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
NOT-FOR-US: Keep My Notes
CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...)
@@ -9532,7 +9532,7 @@ CVE-2022-1632
CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...)
NOT-FOR-US: microweber
CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect its log d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository vim/ ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
@@ -10068,7 +10068,7 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
CVE-2022-1615
RESERVED
CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1613
RESERVED
CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...)
@@ -10076,7 +10076,7 @@ CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1609
RESERVED
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
@@ -10090,7 +10090,7 @@ CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF
CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1603 (The Mail Subscribe List WordPress plugin before 2.1.4 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...)
- uclibc <unfixed> (unimportant)
NOTE: https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
@@ -11643,7 +11643,7 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, cont
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3)
CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1471
RESERVED
CVE-2022-1470
@@ -14770,7 +14770,7 @@ CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise
CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1264
@@ -24424,7 +24424,7 @@ CVE-2022-0665 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.3
CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
NOT-FOR-US: Go github.com/gravitl/netmaker
CVE-2022-0663 (The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
@@ -34654,7 +34654,7 @@ CVE-2022-22416
CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...)
NOT-FOR-US: IBM
CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user to obta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-22412
@@ -34846,9 +34846,9 @@ CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scriptin
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...)
NOT-FOR-US: IBM
CVE-2022-22318 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22317 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and a ...)
NOT-FOR-US: IBM
CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user w ...)
@@ -94052,7 +94052,7 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve
NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin through 1.5 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and automa ...)
@@ -94086,7 +94086,7 @@ CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator W
CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25104 (The Ocean Extra WordPress plugin before 1.9.5 does not escape generate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin before 4.4. ...)
@@ -94118,7 +94118,7 @@ CVE-2021-25090 (The Portfolio Gallery, Product Catalog WordPress plugin before 2
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25088 (The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7c3560c3e942a4330f0c9fd9c7a711bae83257f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7c3560c3e942a4330f0c9fd9c7a711bae83257f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/f431d366/attachment.htm>
More information about the debian-security-tracker-commits
mailing list