[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 16 20:20:59 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d29848b by Salvatore Bonaccorso at 2023-01-16T21:20:26+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5025,17 +5025,17 @@ CVE-2022-4660
 CVE-2022-4659
 	REJECTED
 CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4657
 	RESERVED
 CVE-2022-4656
 	RESERVED
 CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4654
 	RESERVED
 CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4652
 	RESERVED
 CVE-2022-4651
@@ -5053,7 +5053,7 @@ CVE-2022-47925
 CVE-2022-47924
 	RESERVED
 CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
 	NOT-FOR-US: microweber
 CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
@@ -7185,7 +7185,7 @@ CVE-2022-4580
 CVE-2022-4579
 	REJECTED
 CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4577
 	RESERVED
 CVE-2022-4576
@@ -7199,7 +7199,7 @@ CVE-2022-4573
 CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: UBI reader
 CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4570
 	RESERVED
 CVE-2022-4569
@@ -7289,17 +7289,17 @@ CVE-2022-4551
 CVE-2022-4550
 	RESERVED
 CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4548
 	RESERVED
 CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4546
 	RESERVED
 CVE-2022-4545
 	RESERVED
 CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
@@ -7614,9 +7614,9 @@ CVE-2022-47407 (An issue was discovered in the fp_masterquiz (aka Master-Quiz) e
 CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change password for  ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2022-4508 (The ConvertKit WordPress plugin before 2.0.5 does not validate and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
 	NOT-FOR-US: OpenEMR
 CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr prior to  ...)
@@ -7676,29 +7676,29 @@ CVE-2022-4489
 CVE-2022-4488
 	RESERVED
 CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not validate and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4485
 	RESERVED
 CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4482 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4481 (The Mesmerize Companion WordPress plugin before 1.6.135 does not valid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4480 (The Click to Chat WordPress plugin before 3.18.1 does not validate and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4478 (The Font Awesome WordPress plugin before 4.3.2 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4477 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4476 (The Download Manager WordPress plugin before 3.2.62 does not validate  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-21773 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-21772 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -7850,7 +7850,7 @@ CVE-2022-4471
 CVE-2022-4470
 	RESERVED
 CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not validate  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4467
@@ -7858,9 +7858,9 @@ CVE-2022-4467
 CVE-2022-4466
 	RESERVED
 CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4463
 	RESERVED
 CVE-2022-4462
@@ -7868,7 +7868,7 @@ CVE-2022-4462
 CVE-2022-4461
 	RESERVED
 CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4459
 	RESERVED
 CVE-2022-4458
@@ -7992,19 +7992,19 @@ CVE-2022-4455 (A vulnerability, which was classified as problematic, was found i
 CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...)
 	NOT-FOR-US: m0ver bible-online
 CVE-2022-4453 (The 3D FlipBook WordPress plugin through 1.13.2 does not validate or e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4452
 	RESERVED
 CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4450
 	RESERVED
 CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not validate  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4448
 	RESERVED
 CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly sanitize a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior  ...)
 	NOT-FOR-US: Corebos
 CVE-2022-4445
@@ -8014,7 +8014,7 @@ CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as
 CVE-2022-4443
 	RESERVED
 CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress plugin befor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...)
 	- pacparser <unfixed> (bug #1026106)
 	[bullseye] - pacparser <no-dsa> (Minor issue)
@@ -8400,7 +8400,7 @@ CVE-2022-4433 (A buffer over-read vulnerability was reported in the ThinkPadX13s
 CVE-2022-4432 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-4431 (The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4430
 	RESERVED
 CVE-2022-43669
@@ -9641,13 +9641,13 @@ CVE-2022-4332
 CVE-2022-4331
 	RESERVED
 CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4328
 	RESERVED
 CVE-2022-4327 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...)
 	NOT-FOR-US: Trellix Endpoint Agent (xAgent)
 CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does not  ...)
@@ -9926,7 +9926,7 @@ CVE-2022-4322 (A vulnerability, which was classified as critical, was found in m
 CVE-2022-4321
 	RESERVED
 CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 does not s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4319
 	RESERVED
 CVE-2022-4318
@@ -9977,7 +9977,7 @@ CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file p
 CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4308
 	RESERVED
 CVE-2022-4307
@@ -9997,7 +9997,7 @@ CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not s
 CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...)
 	NOT-FOR-US: FastCMS
 CVE-2022-4299 (The Metricool WordPress plugin before 1.18 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not have autho ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does not san ...)
@@ -10037,7 +10037,7 @@ CVE-2022-43496
 CVE-2022-43473
 	RESERVED
 CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not sanitise  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46644
 	RESERVED
 CVE-2022-46643
@@ -11259,7 +11259,7 @@ CVE-2022-4201
 CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...)
@@ -13191,7 +13191,7 @@ CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does no
 CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4101 (The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4100
 	RESERVED
 CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly s ...)
@@ -13317,7 +13317,7 @@ CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote
 CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not limit wha ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does no ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...)
@@ -14843,7 +14843,7 @@ CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not sani
 CVE-2022-3905
 	REJECTED
 CVE-2022-3904 (The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transceiver U ...)
 	- linux 5.19.11-1
 	[bullseye] - linux 5.10.148-1
@@ -38023,7 +38023,7 @@ CVE-2022-2660 (Delta Industrial Automation DIALink versions 1.4.0.0 and prior ar
 CVE-2022-2659
 	RESERVED
 CVE-2022-2658 (The WP Spell Check WordPress plugin before 9.13 does not escape ignore ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d29848bbe4c8a4bc85eab51105e3b08b2347b8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d29848bbe4c8a4bc85eab51105e3b08b2347b8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230116/13e5b27a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list