[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 9 21:12:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60742f3b by Salvatore Bonaccorso at 2022-05-09T22:11:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1047,7 +1047,7 @@ CVE-2022-1553
CVE-2022-1552
RESERVED
CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30125
RESERVED
CVE-2022-30124
@@ -3744,7 +3744,7 @@ CVE-2022-1340
CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and earlier allo ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1336
@@ -4158,7 +4158,7 @@ CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs
NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u
NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...)
NOT-FOR-US: MZ Automation LibIEC61850
CVE-2022-1301
@@ -6368,7 +6368,7 @@ CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repo
NOTE: https://github.com/gpac/gpac/issues/2153
NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
CVE-2022-1171 (The Vertical scroll recent post WordPress plugin before 14.0 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there ...)
NOT-FOR-US: Wordpress theme
CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
@@ -7267,7 +7267,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby pr
CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
- gitlab <unfixed>
CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1103
RESERVED
CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...)
@@ -8052,7 +8052,7 @@ CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
CVE-2022-1047 (The Themify Post Type Builder Search Addon WordPress plugin before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...)
@@ -9113,7 +9113,7 @@ CVE-2022-1015 (A flaw was found in the Linux kernel in linux/net/netfilter/nf_ta
CVE-2022-1014
RESERVED
CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1012
RESERVED
CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE files ...)
@@ -9501,7 +9501,7 @@ CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0948 (The Order Listener for WooCommerce WordPress plugin before 3.2.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [wordpress 5.9.2]
- wordpress 5.9.2+dfsg1-1 (bug #1007145)
[stretch] - wordpress 4.7.23+dfsg-0+deb9u1
@@ -10454,7 +10454,7 @@ CVE-2022-0900
CVE-2022-0899
RESERVED
CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...)
- libvirt 8.2.0-1 (bug #1009075)
[bullseye] - libvirt <no-dsa> (Minor issue)
@@ -11038,7 +11038,7 @@ CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 doe
CVE-2022-0875
RESERVED
CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0873
RESERVED
CVE-2022-26532
@@ -11532,7 +11532,7 @@ CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hesti
CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0836 (The SEMA API WordPress plugin through 3.64 does not properly sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26365
RESERVED
CVE-2022-26364
@@ -11616,7 +11616,7 @@ CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the uniq
CVE-2022-0827
RESERVED
CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...)
@@ -11692,13 +11692,13 @@ CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15
CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0817 (The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0816
RESERVED
CVE-2022-0815 (Improper access control vulnerability in McAfee WebAdvisor Chrome and ...)
NOT-FOR-US: McAfee
CVE-2022-0814 (The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ...)
- phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
NOTE: https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
@@ -14667,7 +14667,7 @@ CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and e
CVE-2022-0626
RESERVED
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0624
RESERVED
CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
@@ -15001,7 +15001,7 @@ CVE-2022-0594
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0592 (The MapSVG WordPress plugin before 6.2.20 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate the URL ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not sanitise ...)
@@ -17777,7 +17777,7 @@ CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2
CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...)
NOT-FOR-US: Irker
CVE-2022-0424 (The Popup by Supsystic WordPress plugin before 1.10.9 does not have an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...)
@@ -24431,7 +24431,7 @@ CVE-2022-22483
CVE-2022-22482
RESERVED
CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22480
RESERVED
CVE-2022-22479
@@ -24755,7 +24755,7 @@ CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored
CVE-2022-22320
RESERVED
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22318
RESERVED
CVE-2022-22317
@@ -96050,7 +96050,7 @@ CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable
CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...)
NOT-FOR-US: IBM
CVE-2021-20479 (IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some situations t ...)
NOT-FOR-US: IBM
CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60742f3bfae9fc04aded3653477e5bc2e921f88e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60742f3bfae9fc04aded3653477e5bc2e921f88e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/bdb77d98/attachment.htm>
More information about the debian-security-tracker-commits
mailing list