[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 6 21:27:19 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd86a2fa by Salvatore Bonaccorso at 2022-09-06T22:26:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3036,7 +3036,7 @@ CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for
CVE-2022-3027
RESERVED
CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...)
- TODO: check
+ NOT-FOR-US: WP Users Exporter plugin for WordPress
CVE-2022-3025
RESERVED
CVE-2022-3024
@@ -3579,19 +3579,19 @@ CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ..
NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246)
CVE-2022-2945 (The WordPress Infinite Scroll – Ajax Load More plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2944
RESERVED
CVE-2022-2943 (The WordPress Infinite Scroll – Ajax Load More plugin for Wordpr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2942
RESERVED
CVE-2022-2941 (The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WP-UserOnline plugin for WordPress
CVE-2022-2940
RESERVED
CVE-2022-2939 (The WP Cerber Security plugin for WordPress is vulnerable to security ...)
- TODO: check
+ NOT-FOR-US: WP Cerber Security plugin for WordPress
CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure Stal ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -3600,9 +3600,9 @@ CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure
CVE-2022-2937
RESERVED
CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
CVE-2022-2934 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
TODO: check
CVE-2022-2933
@@ -5824,9 +5824,9 @@ CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
NOTE: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49
CVE-2022-2718 (The JoomSport – for Sports: Team & League, Football, Hockey ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2717 (The JoomSport – for Sports: Team & League, Football, Hockey ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2716 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
TODO: check
CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...)
@@ -7112,7 +7112,7 @@ CVE-2022-37350
CVE-2022-37349
RESERVED
CVE-2022-2633 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...)
- TODO: check
+ NOT-FOR-US: All-in-One Video Gallery plugin for WordPress
CVE-2022-2632
RESERVED
CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...)
@@ -8603,11 +8603,11 @@ CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protec
CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2542 (The uContext for Clickbank plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: uContext for Clickbank plugin for WordPress
CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: uContext for Amazon plugin for WordPress
CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: Link Optimizer Lite plugin for WordPress
CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does n ...)
@@ -8988,7 +8988,7 @@ CVE-2022-36586
CVE-2022-36585
RESERVED
CVE-2022-36584 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...)
NOT-FOR-US: DedeCMS
CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
@@ -9444,11 +9444,11 @@ CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
CVE-2022-2518 (The Stockists Manager for Woocommerce plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: Stockists Manager for Woocommerce plugin for WordPress
CVE-2022-2517 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
TODO: check
CVE-2022-2516 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Visual Composer Website Builder plugin for WordPress
CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...)
{DSA-5186-1}
- djangorestframework 3.10.2-1
@@ -9518,7 +9518,7 @@ CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite &#
CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2515 (The Simple Banner plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: Simple Banner plugin for WordPress
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
- fava <unfixed> (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
@@ -9832,7 +9832,7 @@ CVE-2022-2475
CVE-2022-2474
RESERVED
CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WP-UserOnline plugin for WordPress
CVE-2022-2472
RESERVED
CVE-2022-2471
@@ -9902,9 +9902,9 @@ CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0 throu
CVE-2022-2463 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-36277
RESERVED
CVE-2022-36276
@@ -10832,7 +10832,7 @@ CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin fo
CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2442 (The Migration, Backup, Staging – WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2441
RESERVED
CVE-2022-2440
@@ -10840,25 +10840,25 @@ CVE-2022-2440
CVE-2022-2439
RESERVED
CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to deserial ...)
- TODO: check
+ NOT-FOR-US: Broken Link Checker plugin for WordPress
CVE-2022-2437 (The Feed Them Social – for Twitter feed, Youtube and more plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2436 (The Download Manager plugin for WordPress is vulnerable to deserializa ...)
- TODO: check
+ NOT-FOR-US: Download Manager plugin for WordPress
CVE-2022-2435 (The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2434 (The String Locator plugin for WordPress is vulnerable to deserializati ...)
- TODO: check
+ NOT-FOR-US: String Locator plugin for WordPress
CVE-2022-2433 (The WordPress Infinite Scroll – Ajax Load More plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2432 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Ecwid Ecommerce Shopping Cart plugin for WordPress
CVE-2022-2431 (The Download Manager plugin for WordPress is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Download Manager plugin for WordPress
CVE-2022-2430 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Visual Composer Website Builder plugin for WordPress
CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress
CVE-2022-2428
RESERVED
[experimental] - gitlab 15.2.3+ds1-1
@@ -13901,7 +13901,7 @@ CVE-2022-34744
CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...)
NOT-FOR-US: mySCADA myPRO
CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: Banner Cycler plugin for WordPress
CVE-2022-2232
RESERVED
CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
@@ -25595,7 +25595,7 @@ CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository
NOTE: https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd (v8.2.4925)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1628 (The Simple SEO plugin for WordPress is vulnerable to attribute-based s ...)
- TODO: check
+ NOT-FOR-US: Simple SEO plugin for WordPress
CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd86a2fa8554d223073b02c5eb1ed97a94a231eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd86a2fa8554d223073b02c5eb1ed97a94a231eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/67c488ba/attachment.htm>
More information about the debian-security-tracker-commits
mailing list