[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 28 21:19:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
63fe433b by Salvatore Bonaccorso at 2022-03-28T22:19:16+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1117,7 +1117,7 @@ CVE-2022-27664
CVE-2022-27663
RESERVED
CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-27657
RESERVED
CVE-2022-27656
@@ -4380,7 +4380,7 @@ CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe bu
NOTE: https://www.openwall.com/lists/oss-security/2022/03/07/1
NOTE: https://dirtypipe.cm4all.com/
CVE-2022-0846 (The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-lightning ...)
NOT-FOR-US: pytorchlightning
CVE-2022-26387
@@ -4508,7 +4508,7 @@ CVE-2022-0835
CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -4596,7 +4596,7 @@ CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardc
CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. ...)
- dolibarr <removed>
CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0817
RESERVED
CVE-2022-0816
@@ -5136,13 +5136,13 @@ CVE-2022-0789
CVE-2022-0788
RESERVED
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0786
RESERVED
CVE-2022-0785
RESERVED
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0783
RESERVED
CVE-2022-0782
@@ -5174,7 +5174,7 @@ CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms
CVE-2022-0771
RESERVED
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0769
RESERVED
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...)
@@ -6347,7 +6347,7 @@ CVE-2022-0722
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...)
NOT-FOR-US: microweber
CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2022-0718
@@ -7186,9 +7186,9 @@ CVE-2022-0682
CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0680 (The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0677
@@ -7465,7 +7465,7 @@ CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x seri
CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin before 1.0 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
@@ -7479,11 +7479,11 @@ CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
[stretch] - linux 4.9.290-1
NOTE: https://git.kernel.org/linus/032146cda85566abcd1c4884d9d23e4e30a07e9a (5.15-rc7)
CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0642
RESERVED
CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
@@ -7630,11 +7630,11 @@ CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: snipe-it
CVE-2022-0621 (The dTabs WordPress plugin through 1.4 does not sanitize and escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0620 (The Delete Old Orders WordPress plugin through 0.2 does not sanitize a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0619 (The Database Peek WordPress plugin through 1.2 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
@@ -7860,9 +7860,9 @@ CVE-2022-0602
CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0598
RESERVED
CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
@@ -7870,7 +7870,7 @@ CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0594
RESERVED
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...)
@@ -9846,7 +9846,7 @@ CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD,
- linux 5.16.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0498
REJECTED
CVE-2022-0497
@@ -9865,7 +9865,7 @@ CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl f
- linux 5.16.14-1
NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
- atftp 0.7.git20210915-1 (bug #1004974)
[bullseye] - atftp 0.7.git20120829-3.3+deb11u2
@@ -10156,7 +10156,7 @@ CVE-2022-0480
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477
@@ -10343,7 +10343,7 @@ CVE-2022-0452
CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
NOT-FOR-US: Dart SDK
CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
@@ -10961,7 +10961,7 @@ CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin befo
CVE-2022-0398
RESERVED
CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...)
TODO: check
CVE-2017-20016
@@ -11212,7 +11212,7 @@ CVE-2022-0390
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
RESERVED
- unzip <unfixed> (unimportant)
@@ -75979,13 +75979,13 @@ CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF check
CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25071 (The WordPress plugin through 2.0.1 does not sanitise and escape the tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25070 (The Block Bad Bots WordPress plugin before 6.88 does not properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25066
@@ -75993,7 +75993,7 @@ CVE-2021-25066
CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25063 (The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
@@ -76097,7 +76097,7 @@ CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authori
CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25012 (The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...)
@@ -76165,7 +76165,7 @@ CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sani
CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24978 (The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
@@ -76629,7 +76629,7 @@ CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not p
CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24746 (The Social Sharing Plugin WordPress plugin before 3.3.40 does not esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fe433b892c019349c15eacc933f6ca9d5201b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fe433b892c019349c15eacc933f6ca9d5201b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/bb18c57c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list