[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 7 20:24:00 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b226bdb by Salvatore Bonaccorso at 2022-03-07T21:23:03+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5199,7 +5199,7 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
 	NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
 	NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8)
 CVE-2022-0535 (The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
 	{DLA-2928-1}
 	- htmldoc 1.9.15-1 (unimportant)
@@ -5208,7 +5208,7 @@ CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the sta
 	NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18  ...)
 	NOT-FOR-US: cri-o
 CVE-2022-0531
@@ -6340,13 +6340,13 @@ CVE-2022-0450
 CVE-2022-0449
 	RESERVED
 CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0447
 	RESERVED
 CVE-2022-0446
 	RESERVED
 CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0444
 	RESERVED
 CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
@@ -6356,13 +6356,13 @@ CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
 	NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
 CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to validate som ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0440 (The Catch Themes Demo Import WordPress plugin before 2.1.1 does not va ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0439 (The Email Subscribers & Newsletters WordPress plugin before 5.3.2  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0438
 	RESERVED
 CVE-2021-46670
@@ -6467,7 +6467,7 @@ CVE-2022-0435
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
 	NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
 CVE-2022-0434 (The Page View Count WordPress plugin before 2.4.15 does not sanitise a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS]
 	RESERVED
 	- linux <not-affected> (Vulnerable code newer in a supported Debian release; only affected experimental)
@@ -6480,13 +6480,13 @@ CVE-2022-0431
 CVE-2022-0430
 	RESERVED
 CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0428
 	RESERVED
 CVE-2022-0427
 	RESERVED
 CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0425
 	RESERVED
 CVE-2022-0424
@@ -6494,11 +6494,11 @@ CVE-2022-0424
 CVE-2022-0423
 	RESERVED
 CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0421
 	RESERVED
 CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-24271
 	RESERVED
 CVE-2022-24270
@@ -6863,7 +6863,7 @@ CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI Wo
 CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0410 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
 	- linux 5.15.15-2
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -7160,7 +7160,7 @@ CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse
 CVE-2022-0390
 	RESERVED
 CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0388
 	RESERVED
 CVE-2021-4217 [Null pointer dereference in Unicode strings code]
@@ -7240,7 +7240,7 @@ CVE-2022-0386
 CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Bentley View
 CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -7854,11 +7854,11 @@ CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub reposi
 CVE-2022-0350
 	RESERVED
 CVE-2022-0349 (The NotificationX WordPress plugin before 2.3.9 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0346
 	RESERVED
 CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
@@ -9708,7 +9708,7 @@ CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforc
 CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
 	NOT-FOR-US: Grav CMS
 CVE-2022-0267 (The AdRotate WordPress plugin before 5.8.22 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-46399
 	RESERVED
 CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser <  ...)
@@ -10495,7 +10495,7 @@ CVE-2022-0207
 CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0205 (The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
 	RESERVED
 	- bluez <unfixed> (bug #1003712)
@@ -11364,7 +11364,7 @@ CVE-2022-0165
 CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have authorisa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325  ...)
 	NOT-FOR-US: TP-Link
 CVE-2022-0161
@@ -13208,7 +13208,7 @@ CVE-2022-22353
 CVE-2022-22352
 	RESERVED
 CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trust ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
 	NOT-FOR-US: IBM
 CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...)
@@ -36457,9 +36457,9 @@ CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged
 CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
 	NOT-FOR-US: IBM
 CVE-2021-38989 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38988 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38987
 	RESERVED
 CVE-2021-38986 (IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after  ...)
@@ -71592,7 +71592,7 @@ CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s
 CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25098 (The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
@@ -71614,7 +71614,7 @@ CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before
 CVE-2021-25088
 	RESERVED
 CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25086
 	RESERVED
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape  ...)
@@ -71710,9 +71710,9 @@ CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vul
 CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25039 (The WordPress Multisite Content Copier/Updater WordPress plugin before ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25038 (The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
@@ -71770,7 +71770,7 @@ CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.
 CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25009 (The CorreosExpress WordPress plugin through 2.6.0 generates log files  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25007
@@ -71866,9 +71866,9 @@ CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escap
 CVE-2021-24962
 	RESERVED
 CVE-2021-24961 (The WordPress File Upload WordPress plugin before 4.16.3, wordpress-fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24960 (The WordPress File Upload WordPress plugin before 4.16.3, wordpress-fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24959
 	RESERVED
 CVE-2021-24958
@@ -71882,9 +71882,9 @@ CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership
 CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24953 (The Advanced iFrame WordPress plugin before 2022 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24952 (The Conversios.io WordPress plugin before 4.6.2 does not sanitise, val ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24950
@@ -72136,17 +72136,17 @@ CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin befor
 CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24826 (The Custom Content Shortcode WordPress plugin before 4.0.2 does not es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24825 (The Custom Content Shortcode WordPress plugin before 4.0.2 does not va ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24824 (The [field] shortcode included with the Custom Content Shortcode WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have any CSRF ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24821 (The Cost Calculator WordPress plugin before 1.6 allows users with a ro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.6 allows authenticated  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not  ...)
@@ -72168,7 +72168,7 @@ CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise
 CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24810 (The WP Event Manager WordPress plugin before 3.1.23 does not escape so ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
@@ -72232,9 +72232,9 @@ CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not
 CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24778 (The test parameter of the xmlfeed in the Tradetracker-Store WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24777 (The view submission functionality in the Hotscot Contact Form WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...)
@@ -73356,7 +73356,7 @@ CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJ
 CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24216 (The All-in-One WP Migration WordPress plugin before 7.41 does not vali ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b226bdbcc726362a46d19dd95f0bd3d71c4ed3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b226bdbcc726362a46d19dd95f0bd3d71c4ed3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220307/db367c5a/attachment.htm>


More information about the debian-security-tracker-commits mailing list