[Git][security-tracker-team/security-tracker][master] Process various new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 1 08:27:38 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba65eb8e by Salvatore Bonaccorso at 2022-03-01T09:17:36+01:00
Process various new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5872,9 +5872,9 @@ CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0410
RESERVED
CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
@@ -6251,7 +6251,7 @@ CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
CVE-2022-0386
RESERVED
CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0384
RESERVED
CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -6509,7 +6509,7 @@ CVE-2022-23974
CVE-2022-23103
RESERVED
CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
- linux 5.15.15-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6525,7 +6525,7 @@ CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/micro
CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0376
RESERVED
CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
@@ -6659,7 +6659,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -6761,9 +6761,9 @@ CVE-2021-4210
CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
NOT-FOR-US: Apache ActiveMQ Artemis
CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23910
RESERVED
CVE-2022-23909
@@ -6875,7 +6875,7 @@ CVE-2022-0347
CVE-2022-0346
RESERVED
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0344
RESERVED
CVE-2022-0343
@@ -7391,7 +7391,7 @@ CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
CVE-2022-0329
REJECTED
CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0327
RESERVED
CVE-2021-46403
@@ -9716,7 +9716,7 @@ CVE-2022-0191
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0187
@@ -11116,7 +11116,7 @@ CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions sta
CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...)
@@ -70563,7 +70563,7 @@ CVE-2021-25120
CVE-2021-25119
RESERVED
CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25117
RESERVED
CVE-2021-25116
@@ -70575,7 +70575,7 @@ CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not
CVE-2021-25113
RESERVED
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25111
RESERVED
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
@@ -70637,7 +70637,7 @@ CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin befor
CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25081 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...)
@@ -70715,7 +70715,7 @@ CVE-2021-25044
CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
@@ -70731,7 +70731,7 @@ CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected b
CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25034 (The WP User WordPress plugin before 7.0 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
@@ -70777,9 +70777,9 @@ CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisa
CVE-2021-25012
RESERVED
CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25009
RESERVED
CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
@@ -70811,7 +70811,7 @@ CVE-2021-24996
CVE-2021-24995
RESERVED
CVE-2021-24994 (The Migration, Backup, Staging WordPress plugin before 0.9.69 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
@@ -70845,7 +70845,7 @@ CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not
CVE-2021-24978
RESERVED
CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
@@ -70857,7 +70857,7 @@ CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitis
CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24971 (The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
@@ -70933,7 +70933,7 @@ CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escap
CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24933 (The Dynamic Widgets WordPress plugin through 1.5.16 does not escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
@@ -70959,7 +70959,7 @@ CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF c
CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24920 (The StatCounter WordPress plugin before 2.0.7 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
@@ -70973,7 +70973,7 @@ CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not ha
CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24912
RESERVED
CVE-2021-24911
@@ -70993,17 +70993,17 @@ CVE-2021-24905
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24901 (The Security Audit WordPress plugin through 1.0.0 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24898 (The EditableTable WordPress plugin through 0.1.4 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24897
RESERVED
CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...)
@@ -71071,7 +71071,7 @@ CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not proper
CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24864 (The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...)
@@ -71153,13 +71153,13 @@ CVE-2021-24825
CVE-2021-24824
RESERVED
CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have any CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24821
RESERVED
CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.4 allows users with a r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
@@ -71193,7 +71193,7 @@ CVE-2021-24805
CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
@@ -71339,7 +71339,7 @@ CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPre
CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24730 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...)
@@ -71391,7 +71391,7 @@ CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress pl
CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the process_bulk_acti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
@@ -71421,9 +71421,9 @@ CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does no
CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24689 (The Contact Forms - Drag & Drop Contact Form Builder WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24688 (The Orange Form WordPress plugin through 1.0.1 does not have any autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba65eb8ef831178814e596ebc00198e3fa105a03
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba65eb8ef831178814e596ebc00198e3fa105a03
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220301/db6c6957/attachment.htm>
More information about the debian-security-tracker-commits
mailing list