[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 5 21:15:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f887d2cc by Salvatore Bonaccorso at 2022-09-05T22:15:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4692,7 +4692,7 @@ CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweb
 CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...)
 	NOT-FOR-US: SourceCodester Gym Management System
 CVE-2022-2775 (The Fast Flow WordPress plugin before 1.2.13 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...)
 	NOT-FOR-US: SourceCodester Library Management System
 CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
@@ -6556,7 +6556,7 @@ CVE-2022-2659
 CVE-2022-2658
 	RESERVED
 CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
 CVE-2022-2655
@@ -6940,7 +6940,7 @@ CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim
 	NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
 	NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101)
 CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to  ...)
 	- node-fetch <not-affected> (Vulnerable code not present)
 	NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/
@@ -7684,7 +7684,7 @@ CVE-2022-2567
 CVE-2022-2566
 	RESERVED
 CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin befo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to  ...)
 	NOT-FOR-US: Mongoose
 CVE-2022-2563
@@ -8223,7 +8223,7 @@ CVE-2022-2545
 CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2542
 	RESERVED
 CVE-2022-2541
@@ -11105,7 +11105,7 @@ CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not
 CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2376 (The Directorist WordPress plugin before 7.3.1 discloses the email addr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does  ...)
@@ -13193,7 +13193,7 @@ CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not prop
 CVE-2022-2272 (This vulnerability allows remote attackers to bypass authentication on ...)
 	NOT-FOR-US: Sante PACS Server
 CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...)
@@ -17186,7 +17186,7 @@ CVE-2022-2084 [logged schema failures can include password hashes]
 	NOTE: https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c
 	NOTE: https://bugs.launchpad.net/cloud-init/+bug/1978422
 CVE-2022-2083 (The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...)
 	NOT-FOR-US: Robustel R1510
 CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f887d2ccbb88072b254a73ca96ec7b041c4a7c5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f887d2ccbb88072b254a73ca96ec7b041c4a7c5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/a12cf19c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list