[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 3 08:48:08 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00797c96 by Salvatore Bonaccorso at 2023-01-03T09:47:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5630,7 +5630,7 @@ CVE-2022-4419
CVE-2022-4418
RESERVED
CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
NOT-FOR-US: yikes-inc-easy-mailchimp-extender
CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3.5. I ...)
@@ -5927,7 +5927,7 @@ CVE-2022-4382
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4380
RESERVED
CVE-2022-4379
@@ -5961,15 +5961,15 @@ CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has be
CVE-2022-4374
RESERVED
CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4371 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4368
RESERVED
CVE-2022-4367
@@ -6065,29 +6065,29 @@ CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne
CVE-2022-4363
RESERVED
CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4361
RESERVED
CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4358 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4357 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4356 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4355 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...)
NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...)
NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4352 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4351 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...)
@@ -6199,7 +6199,7 @@ CVE-2022-46752
CVE-2022-46751
RESERVED
CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4339
REJECTED
CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
@@ -6235,7 +6235,7 @@ CVE-2022-4331
CVE-2022-4330
RESERVED
CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4328
RESERVED
CVE-2022-4327
@@ -6245,7 +6245,7 @@ CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix End
CVE-2022-4325
RESERVED
CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4323
RESERVED
CVE-2018-25048
@@ -6583,7 +6583,7 @@ CVE-2022-4304
CVE-2022-4303
RESERVED
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4301
RESERVED
CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...)
@@ -6591,9 +6591,9 @@ CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critic
CVE-2022-4299
RESERVED
CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not have autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4296 (A vulnerability classified as problematic has been found in TP-Link TL ...)
NOT-FOR-US: TP-Link
CVE-2022-46663
@@ -7503,7 +7503,7 @@ CVE-2023-21524
CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...)
NOT-FOR-US: Rapid7 Nexpose and InsightVM
CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4259
RESERVED
CVE-2022-4258
@@ -7511,7 +7511,7 @@ CVE-2022-4258
CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...)
NOT-FOR-US: C-DATA Web Management System
CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4255
RESERVED
CVE-2022-4254
@@ -7585,9 +7585,9 @@ CVE-2022-4239 (The Workreap WordPress theme before 2.6.4 does not verify that an
CVE-2022-4238
RESERVED
CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4235
RESERVED
CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...)
@@ -7837,11 +7837,11 @@ CVE-2022-4201
RESERVED
- gitlab <unfixed>
CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4199
RESERVED
CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4196
@@ -8792,7 +8792,7 @@ CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device em
CVE-2022-4143
RESERVED
CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...)
- vim 2:9.0.1000-1 (bug #1027146)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -8800,7 +8800,7 @@ CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allow
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947)
CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4139
RESERVED
{DLA-3244-1}
@@ -9119,7 +9119,7 @@ CVE-2022-4121 [Null pointer dereference in mailimap_mailbox_data_status_free in
CVE-2022-4120 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4118
RESERVED
CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a parame ...)
@@ -9150,7 +9150,7 @@ CVE-2022-4111 (Unrestricted file size limit can lead to DoS in tooljet/tooljet &
CVE-2022-4110 (The Eventify™ WordPress plugin through 2.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4109 (The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4108 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does n ...)
@@ -9770,7 +9770,7 @@ CVE-2022-4101
CVE-2022-4100
RESERVED
CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series are pron ...)
NOT-FOR-US: Wiesemann&Theis products of ComServer Series
CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...)
@@ -9894,11 +9894,11 @@ CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly va
CVE-2022-4060
RESERVED
CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-21523
RESERVED
CVE-2023-21522
@@ -9943,7 +9943,7 @@ CVE-2022-4051 (A vulnerability has been found in Hostel Searching Project and cl
CVE-2022-4050 (The JoomSport WordPress plugin before 5.2.8 does not properly sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4049 (The WP User WordPress plugin through 7.0 does not properly sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4048
RESERVED
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin before ...)
@@ -10142,7 +10142,7 @@ CVE-2022-43660 (Improper neutralization of Server-Side Includes (SSW) within a w
CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...)
NOT-FOR-US: TeraWallet plugin for WordPress
CVE-2022-3994 (The Authenticator WordPress plugin before 1.3.1 does not prevent subsc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-21518
RESERVED
CVE-2023-21517
@@ -11148,7 +11148,7 @@ CVE-2022-3938
CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize and escap ...)
@@ -11349,7 +11349,7 @@ CVE-2022-3913
CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...)
- linux 5.19.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -12266,7 +12266,7 @@ CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 d
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...)
NOT-FOR-US: Betheme theme for WordPress
CVE-2022-3860 (The Visual Email Designer for WooCommerce WordPress plugin before 1.7. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...)
NOT-FOR-US: Trellix
CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeC ...)
@@ -24683,7 +24683,7 @@ CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 d
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...)
NOT-FOR-US: microweber
CVE-2022-3241 (The Build App Online WordPress plugin before 1.0.19 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on G ...)
NOT-FOR-US: ebuild package for Logcheck on Gentoo
CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00797c9618b9961f2c7d59a8fc10175854e7ebb2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00797c9618b9961f2c7d59a8fc10175854e7ebb2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230103/63b68db0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list