[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 7 08:34:54 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1eef5a30 by Salvatore Bonaccorso at 2023-02-07T09:34:27+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5287,7 +5287,7 @@ CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk all
CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0282 (The YourChannel WordPress plugin before 1.2.2 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280
@@ -5635,7 +5635,7 @@ CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vuln
CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin ...)
NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress
CVE-2023-0252 (The Contextual Related Posts WordPress plugin before 3.3.1 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0251
RESERVED
CVE-2023-0250
@@ -5670,11 +5670,11 @@ CVE-2023-0238
CVE-2023-0237
REJECTED
CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0235
REJECTED
CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0233
RESERVED
CVE-2023-0232
@@ -6920,23 +6920,23 @@ CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN
NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2
NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/
CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0177
RESERVED
CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0175
RESERVED
CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0172
RESERVED
CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0169
RESERVED
CVE-2023-0168
@@ -7019,23 +7019,23 @@ CVE-2023-0156
CVE-2023-0155
RESERVED
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0152
RESERVED
CVE-2023-0151
RESERVED
CVE-2023-0150 (The Cloak Front End Email WordPress plugin through 1.9.1 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0149 (The WordPrezi WordPress plugin through 0.8.2 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0148 (The Gallery Factory Lite WordPress plugin through 2.0.0 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0147 (The Flexible Captcha WordPress plugin through 4.1 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0145
RESERVED
CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...)
@@ -7107,9 +7107,9 @@ CVE-2023-22885
CVE-2023-22884 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- airflow <itp> (bug #819700)
CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0142
RESERVED
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
@@ -7915,9 +7915,9 @@ CVE-2023-0098
CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0095 (The Page View Count WordPress plugin before 2.6.1 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4879 (A vulnerability was found in Forged Alliance Forever up to 3746. It ha ...)
NOT-FOR-US: Forged Alliance Forever
CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS. Affect ...)
@@ -8063,9 +8063,9 @@ CVE-2023-0084
CVE-2023-0083
RESERVED
CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0080
RESERVED
CVE-2023-0079
@@ -8159,11 +8159,11 @@ CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not valid
CVE-2023-0073
RESERVED
CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0069
RESERVED
CVE-2023-0068
@@ -8179,7 +8179,7 @@ CVE-2023-0064
CVE-2023-0063
RESERVED
CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0061
RESERVED
CVE-2023-0060
@@ -8866,17 +8866,17 @@ CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4838 (The Clean Login WordPress plugin before 1.13.7 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4837 (The CPO Companion WordPress plugin before 1.1.0 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4836 (The Breadcrumb WordPress plugin before 1.5.33 does not validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4835 (The Social Sharing Toolkit WordPress plugin through 2.6 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4834 (The CPT Bootstrap Carousel WordPress plugin through 1.12 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4833 (The YourChannel: Everything you want in a YouTube plugin WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin ...)
@@ -8890,11 +8890,11 @@ CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not val
CVE-2022-4827
RESERVED
CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48190
RESERVED
CVE-2022-48189
@@ -9732,7 +9732,7 @@ CVE-2022-4764
CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4761
RESERVED
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
@@ -9744,7 +9744,7 @@ CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not valid
CVE-2022-4757
RESERVED
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
NOT-FOR-US: FlatPress
CVE-2022-4754
@@ -9762,7 +9762,7 @@ CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 d
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
NOT-FOR-US: FlatPress
CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin before 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...)
NOT-FOR-US: OpenMRS
CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...)
@@ -9960,7 +9960,7 @@ CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior
CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4717 (The Strong Testimonials WordPress plugin before 3.0.3 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...)
@@ -10041,7 +10041,7 @@ CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
CVE-2022-4682
RESERVED
CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly sanitiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -10107,13 +10107,13 @@ CVE-2022-4679
CVE-2022-4678
RESERVED
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4676
RESERVED
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46739
RESERVED
CVE-2022-46735
@@ -10127,7 +10127,7 @@ CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2
CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4669
RESERVED
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
@@ -10139,7 +10139,7 @@ CVE-2022-4666
CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
- ampache <removed>
CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46419
RESERVED
CVE-2022-45878
@@ -10180,7 +10180,7 @@ CVE-2022-4659
CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4656
RESERVED
CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...)
@@ -10302,7 +10302,7 @@ CVE-2022-4628
CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and escape so ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...)
@@ -12353,7 +12353,7 @@ CVE-2022-4579
CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4575
@@ -12839,7 +12839,7 @@ CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not val
CVE-2022-4490
RESERVED
CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4488
RESERVED
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
@@ -13037,7 +13037,7 @@ CVE-2022-4461
CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4458
RESERVED
CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App ...)
@@ -14528,7 +14528,7 @@ CVE-2022-4386
CVE-2022-4385
RESERVED
CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users with l ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
@@ -15117,7 +15117,7 @@ CVE-2022-43474
CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...)
NOT-FOR-US: maku-boot
CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4319
@@ -29927,7 +29927,7 @@ CVE-2022-42441
CVE-2022-42440
RESERVED
CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-42438
RESERVED
CVE-2022-42437
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eef5a30ab42c746124f74c28abd1bf1ea028bb6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eef5a30ab42c746124f74c28abd1bf1ea028bb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230207/2ff26524/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list