[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 30 21:17:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e6109ea by Salvatore Bonaccorso at 2022-05-30T22:16:53+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3596,13 +3596,13 @@ CVE-2022-30526
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
NOT-FOR-US: Zyxel
CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1645 (The Amazon Link WordPress plugin through 3.2.10 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1644 (The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1643 (The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...)
@@ -4213,7 +4213,7 @@ CVE-2022-1613
CVE-2022-1612
RESERVED
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1610
RESERVED
CVE-2022-1609
@@ -4272,7 +4272,7 @@ CVE-2022-1591
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reserv ...)
- squirrel3 <unfixed>
[bullseye] - squirrel3 <no-dsa> (Minor issue)
@@ -4424,9 +4424,9 @@ CVE-2022-30228
CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-1583 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1581
RESERVED
CVE-2022-1580
@@ -4454,7 +4454,7 @@ CVE-2022-1570
CVE-2022-1569
RESERVED
CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46810
RESERVED
CVE-2021-46809
@@ -4700,15 +4700,15 @@ CVE-2022-30127
CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...)
NOT-FOR-US: WP-JS plugin for WordPress
CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1565
RESERVED
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1563
RESERVED
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploade ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1561
RESERVED
CVE-2022-1560 (The Amministrazione Aperta WordPress plugin before 3.8 does not valida ...)
@@ -4720,7 +4720,7 @@ CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise and
CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through 1.2.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1556 (The StaffList WordPress plugin before 3.1.5 does not properly sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/micro ...)
NOT-FOR-US: microweber
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...)
@@ -5278,7 +5278,7 @@ CVE-2022-29490
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
NOT-FOR-US: scoold
CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1541
RESERVED
CVE-2022-1540
@@ -5317,9 +5317,9 @@ CVE-2022-1529
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529
CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4227
RESERVED
CVE-2022-29908
@@ -5860,7 +5860,7 @@ CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openem
CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & EditProd ...)
NOT-FOR-US: facturascripts
CVE-2022-1456 (The Poll Maker WordPress plugin before 4.0.2 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46789 (Configuration defects in the secure OS module.Successful exploitation ...)
NOT-FOR-US: Huawei
CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...)
@@ -6614,7 +6614,7 @@ CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easy
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1394
RESERVED
CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...)
@@ -6867,7 +6867,7 @@ CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino R
CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...)
NOT-FOR-US: Rebooter
CVE-2022-1387 (The No Future Posts WordPress plugin through 1.4 does not escape its s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29405 (In Apache Archiva, any registered user can reset password for any user ...)
@@ -7982,7 +7982,7 @@ CVE-2022-1301
CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...)
NOT-FOR-US: TRUMPF TruTops
CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Ta ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...)
@@ -7996,7 +7996,7 @@ CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub re
CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...)
NOT-FOR-US: fullpage.js
CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1293
RESERVED
CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...)
@@ -8838,7 +8838,7 @@ CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mru
NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
NOTE: https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize or esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1274
RESERVED
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...)
@@ -9786,7 +9786,7 @@ CVE-2022-1204
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1202
RESERVED
CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repositor ...)
@@ -13106,7 +13106,7 @@ CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE
CVE-2022-1010
RESERVED
CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and escape a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
@@ -18649,7 +18649,7 @@ CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0642 (The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitize and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...)
@@ -22909,7 +22909,7 @@ CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/mi
CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0376 (The User Meta WordPress plugin before 2.4.3 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6109ea5128492f0ff4c1ac32fb39c96edab9b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6109ea5128492f0ff4c1ac32fb39c96edab9b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220530/29adb771/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list