[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 27 21:23:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0bb79063 by Salvatore Bonaccorso at 2022-06-27T22:22:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4711,9 +4711,9 @@ CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
NOTE: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 (v8.2.5072)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2041 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2040 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46819
RESERVED
CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
@@ -5513,9 +5513,9 @@ CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub reposi
NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/
NOTE: https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10
CVE-2022-1995 (The Malware Scanner WordPress plugin before 4.5.2 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1994 (The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been d ...)
NOT-FOR-US: Navetti PricePoint
CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been c ...)
@@ -6013,7 +6013,7 @@ CVE-2022-1992 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ..
CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...)
NOT-FOR-US: Fast Food Ordering System
CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape and sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1989
RESERVED
CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...)
@@ -6135,7 +6135,7 @@ CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Sit
CVE-2022-1978
RESERVED
CVE-2022-1977 (The Import Export All WordPress Images, Users & Post Types WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer dereference in ver ...)
NOT-FOR-US: Microsoft
CVE-2022-32229
@@ -6253,7 +6253,7 @@ CVE-2022-32204
CVE-2022-32203
RESERVED
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1970
RESERVED
NOT-FOR-US: Keycloak
@@ -6273,7 +6273,7 @@ CVE-2022-1966
CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
NOT-FOR-US: CODESYS
CVE-2022-1964 (The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
- libjpeg 0.0~git20220615.842c7ba-1 (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7
@@ -6433,7 +6433,7 @@ CVE-2022-1962
CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check in pla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1959
RESERVED
CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
@@ -6447,7 +6447,7 @@ CVE-2022-1955
CVE-2022-1954
RESERVED
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1952
RESERVED
CVE-2022-1951
@@ -7337,13 +7337,13 @@ CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to Cross-
CVE-2022-1917
RESERVED
CVE-2022-1916 (The Active Products Tables for WooCommerce. Professional products tabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1914 (The Clean-Contact WordPress plugin through 1.6 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1912
RESERVED
CVE-2022-1911
@@ -7365,9 +7365,9 @@ CVE-2022-1906
CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1904 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1903 (The ARMember WordPress plugin before 3.4.8 is vulnerable to account ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...)
NOT-FOR-US: Platinum Mobile
CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array vulnera ...)
@@ -7850,7 +7850,7 @@ CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 (v8.2.5016)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1885 (The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1884
RESERVED
CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
@@ -8078,17 +8078,17 @@ CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior t
CVE-2022-1848 (Business Logic Errors in GitHub repository erudika/para prior to 1.45. ...)
NOT-FOR-US: erudika/para
CVE-2022-1847 (The Rotating Posts WordPress plugin through 1.11 does not have CSRF ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1846 (The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1845 (The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1844 (The WP Sentry WordPress plugin through 1.0 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1843 (The MailPress WordPress plugin through 7.2.1 does not have CSRF checks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1842 (The OpenBook Book Data WordPress plugin through 3.5.2 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4230 (A vulnerability has been found in Airfield Online and classified as pr ...)
NOT-FOR-US: Airfield Online
CVE-2021-4229 (A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has b ...)
@@ -9562,7 +9562,7 @@ CVE-2022-1778
CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- gpac <unfixed>
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -10944,7 +10944,7 @@ CVE-2022-1655
CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow ...)
NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin
CVE-2022-1653 (The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
@@ -11066,11 +11066,11 @@ CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository
CVE-2022-1628
RESERVED
CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1626
RESERVED
CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...)
@@ -11649,7 +11649,7 @@ CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the
CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
NOT-FOR-US: clinical-genomics/scout
CVE-2022-1591
@@ -11839,11 +11839,11 @@ CVE-2022-1576
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1573 (The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1572 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...)
NOT-FOR-US: facturascripts
CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...)
@@ -13186,7 +13186,7 @@ CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does no
CVE-2022-1471
RESERVED
CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29808
@@ -15210,9 +15210,9 @@ CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions start
NOTE: https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
NOTE: https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84
CVE-2022-1327 (The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1325
RESERVED
CVE-2022-1324
@@ -15222,7 +15222,7 @@ CVE-2022-1323
CVE-2022-1322
RESERVED
CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pr ...)
@@ -18245,7 +18245,7 @@ CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishD
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.5.10 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
@@ -18860,7 +18860,7 @@ CVE-2022-1096
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1095 (The Mihdan: No External Links WordPress plugin through 4.8.0 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...)
@@ -20484,7 +20484,7 @@ CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain
CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to versio ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2022-1029 (The Limit Login Attempts WordPress plugin before 4.0.72 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1028 (The WordPress Security Firewall, Malware Scanner, Secure Login and Bac ...)
TODO: check
CVE-2022-27249 (An unrestricted file upload vulnerability in IdeaRE RefTree before 202 ...)
@@ -20595,7 +20595,7 @@ CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE
[bullseye] - linux 5.10.106-1
NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
CVE-2022-1010 (The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and escape a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...)
@@ -22566,7 +22566,7 @@ CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstac
CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0875 (The Google Authenticator WordPress plugin before 1.0.5 does not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanit ...)
@@ -29233,7 +29233,7 @@ CVE-2022-0446
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3011-1}
- vim 2:8.2.4659-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bb7906327dee7d517596222fa33a371bea52c21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bb7906327dee7d517596222fa33a371bea52c21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220627/0308604c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list