[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 2 21:27:47 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4462b21 by Salvatore Bonaccorso at 2022-05-02T22:27:30+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3823,9 +3823,9 @@ CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in
NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not properly esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...)
- linux 5.15.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
@@ -3844,13 +3844,13 @@ CVE-2022-1275
CVE-2022-1274
RESERVED
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1272
RESERVED
CVE-2022-1270
RESERVED
CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1268
RESERVED
CVE-2022-1267
@@ -3876,7 +3876,7 @@ CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for
CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...)
NOT-FOR-US: McAfee
CVE-2022-1255 (The Import and export users and customers WordPress plugin before 1.19 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
@@ -3889,7 +3889,7 @@ CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-1251
RESERVED
CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...)
NOT-FOR-US: SAP
CVE-2022-1247
@@ -3953,7 +3953,7 @@ CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub r
NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
@@ -4197,7 +4197,7 @@ CVE-2022-28574
CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...)
TODO: check
CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a command injec ...)
TODO: check
CVE-2022-28570
@@ -6880,7 +6880,7 @@ CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound
CVE-2022-1047
RESERVED
CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...)
NOT-FOR-US: Trudesk
CVE-2022-1044
@@ -8311,7 +8311,7 @@ CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Sho
CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not have aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...)
NOT-FOR-US: ShowDoc
CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
@@ -11043,7 +11043,7 @@ CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0781
@@ -11067,11 +11067,11 @@ CVE-2022-0775
CVE-2022-0774
RESERVED
CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
NOT-FOR-US: LibreNMS
CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...)
@@ -13223,7 +13223,7 @@ CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netm
CVE-2022-0663
RESERVED
CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
@@ -13345,7 +13345,7 @@ CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection
CVE-2022-0650
RESERVED
CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
NOT-FOR-US: Siemens
CVE-2022-25257
@@ -16550,7 +16550,7 @@ CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in Git
CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...)
TODO: check
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
@@ -16863,7 +16863,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -20888,7 +20888,7 @@ CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s
CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...)
NOT-FOR-US: Lenovo
CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...)
@@ -70293,7 +70293,7 @@ CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged loca
CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
NOT-FOR-US: IBM
CVE-2021-29859 (IBM ICP4A - User Management System Component (IBM Cloud Pak for Busine ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29858
RESERVED
CVE-2021-29857
@@ -82330,7 +82330,7 @@ CVE-2021-25104
CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin before 4.4. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
@@ -82362,7 +82362,7 @@ CVE-2021-25088
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
@@ -82530,7 +82530,7 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP fil
CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220502/cbfeed76/attachment.htm>
More information about the debian-security-tracker-commits
mailing list