[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 28 20:44:34 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e518c535 by Salvatore Bonaccorso at 2022-11-28T21:41:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4166,7 +4166,7 @@ CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload i
- nomad <not-affected> (Only affects 1.4)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3864
RESERVED
CVE-2022-3863
@@ -5412,13 +5412,13 @@ CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site
CVE-2022-3851
RESERVED
CVE-2022-3850 (The Find and Replace All WordPress plugin before 1.3 does not have CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3849 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44643
RESERVED
CVE-2022-44642
@@ -5517,7 +5517,7 @@ CVE-2022-3841
CVE-2022-3840
RESERVED
CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3838
RESERVED
CVE-2022-3837
@@ -5527,19 +5527,19 @@ CVE-2022-3836
CVE-2022-3835
RESERVED
CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3832
RESERVED
CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3830
RESERVED
CVE-2022-3829
RESERVED
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...)
- centreon-web <itp> (bug #913903)
CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified as pro ...)
@@ -5547,11 +5547,11 @@ CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified a
CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as critical ...)
NOT-FOR-US: Huaxia ERP
CVE-2022-3824 (The WP Admin UI Customize WordPress plugin before 1.5.13 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
- systemd 251.3-1
[bullseye] - systemd <no-dsa> (Minor issue)
@@ -6093,9 +6093,9 @@ CVE-2022-3771 (A vulnerability, which was classified as critical, has been found
CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...)
NOT-FOR-US: Yunjing CMS
CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3767
RESERVED
- gitlab <unfixed>
@@ -9386,7 +9386,7 @@ CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.
CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43760
@@ -10312,7 +10312,7 @@ CVE-2022-3612
CVE-2022-3611
RESERVED
CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3609
RESERVED
CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -10329,7 +10329,7 @@ CVE-2022-3605
CVE-2022-3604
RESERVED
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...)
- openssl 3.0.7-1
[bullseye] - openssl <not-affected> (Only affects 3.0)
@@ -10339,7 +10339,7 @@ CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verificati
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3 (openssl-3.0.7)
NOTE: https://github.com/colmmacc/CVE-2022-3602
CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
@@ -11756,7 +11756,7 @@ CVE-2022-3513
CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...)
NOT-FOR-US: Cloudflare
CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...)
- protobuf <unfixed>
NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
@@ -11849,7 +11849,7 @@ CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodeste
CVE-2022-3491
RESERVED
CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3488
@@ -14752,7 +14752,7 @@ CVE-2022-41734
CVE-2022-41733
RESERVED
CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-41731
RESERVED
CVE-2022-41730
@@ -22330,7 +22330,7 @@ CVE-2022-2985 (In music service, there is a missing permission check. This could
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
NOT-FOR-US: Unisoc
CVE-2022-2983 (The Salat Times WordPress plugin before 3.2.2 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
- vim 2:9.0.0626-1 (bug #1019590; unimportant)
[buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
@@ -31874,7 +31874,7 @@ CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windo
CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2311 (The Find and Replace All WordPress plugin before 1.3 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...)
@@ -130622,7 +130622,7 @@ CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affecte
CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25059 (The Download Plugin WordPress plugin before 2.0.0 does not properly va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e518c53538f55e89e87694086a096fa0793efd2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e518c53538f55e89e87694086a096fa0793efd2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221128/725942e2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list