[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 23 21:20:52 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdf487ff by Salvatore Bonaccorso at 2022-05-23T22:20:20+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3531,7 +3531,7 @@ CVE-2022-1560 (The Amministrazione Aperta WordPress plugin through 3.7.3 does no
CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through 1.2.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1556
@@ -3596,7 +3596,7 @@ CVE-2022-1549
CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1546
RESERVED
CVE-2022-30114
@@ -6556,7 +6556,7 @@ CVE-2022-1322
CVE-2022-1321
RESERVED
CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pr ...)
NOT-FOR-US: ZOHO ManageEngine
CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...)
@@ -6762,7 +6762,7 @@ CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service func
CVE-2022-1299
RESERVED
CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
@@ -6973,7 +6973,7 @@ CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.
CVE-2022-28945
RESERVED
CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: Download of C ...)
- TODO: check
+ NOT-FOR-US: EMCO
CVE-2022-28943
RESERVED
CVE-2022-28942
@@ -7623,7 +7623,7 @@ CVE-2022-1270
CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1266
@@ -7877,13 +7877,13 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...)
NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1220
RESERVED
CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...)
NOT-FOR-US: pimcore
CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does not sanit ...)
@@ -8751,7 +8751,7 @@ CVE-2022-1194
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
- gitlab <unfixed>
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46779
RESERVED
CVE-2021-46778
@@ -10139,7 +10139,7 @@ CVE-2022-1095
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...)
@@ -11855,7 +11855,7 @@ CVE-2022-1015 (A flaw was found in the Linux kernel in linux/net/netfilter/nf_ta
NOTE: Exploitable after: https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/6e1acfa387b9ff82cfc7db8cc3b6959221a95851
CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1012
@@ -14989,7 +14989,7 @@ CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0779
@@ -21992,7 +21992,7 @@ CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore
CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 2.0.4 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf487ff0a9599d1c70917d693722e702f4c1279
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf487ff0a9599d1c70917d693722e702f4c1279
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220523/0c18b120/attachment.htm>
More information about the debian-security-tracker-commits
mailing list