[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 7 20:14:30 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3dfd7f9 by Salvatore Bonaccorso at 2022-11-07T21:13:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7920,7 +7920,7 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic.
 	[buster] - exim4 <no-dsa> (Minor issue)
 	NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
 CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3557
 	RESERVED
 CVE-2022-3556
@@ -7980,9 +7980,9 @@ CVE-2022-3539
 CVE-2022-3538
 	RESERVED
 CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42986
 	RESERVED
 CVE-2022-42985
@@ -8323,7 +8323,7 @@ CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Manage
 CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public  ...)
 	NOT-FOR-US: SourceCodester
 CVE-2022-3494 (The Complianz WordPress plugin before 6.3.4, and Complianz Premium Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
@@ -8333,7 +8333,7 @@ CVE-2022-3491
 CVE-2022-3490
 	RESERVED
 CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3488
 	RESERVED
 CVE-2022-3487
@@ -8351,7 +8351,7 @@ CVE-2022-3483
 CVE-2022-3482
 	RESERVED
 CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3480
 	RESERVED
 CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
@@ -8443,9 +8443,9 @@ CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge M
 CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...)
 	NOT-FOR-US: puppyCMS
 CVE-2022-3463 (The Contact Form Plugin WordPress plugin before 4.3.13 does not valida ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...)
 	- commons-text 1.10.0-1 (bug #1021787)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4
@@ -8784,7 +8784,7 @@ CVE-2022-42736
 CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability  ...)
 	NOT-FOR-US: Lemon8 App
 CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3450
 	RESERVED
 	{DSA-5253-1}
@@ -9470,7 +9470,7 @@ CVE-2022-41789
 CVE-2022-41611
 	RESERVED
 CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3417
 	RESERVED
 CVE-2022-3416
@@ -21323,7 +21323,7 @@ CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/c
 CVE-2022-2712
 	RESERVED
 CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
@@ -27011,7 +27011,7 @@ CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Ne
 CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2387 (The Easy Digital Downloads WordPress plugin before 3.0 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3dfd7f9ee33363ddac6f363a16fabcf65b6a025

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3dfd7f9ee33363ddac6f363a16fabcf65b6a025
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/8461378b/attachment.htm>

More information about the debian-security-tracker-commits mailing list