[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 23 20:49:23 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7df37c23 by Salvatore Bonaccorso at 2023-01-23T21:48:48+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -195,9 +195,9 @@ CVE-2023-0449
CVE-2023-0448
RESERVED
CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...)
- TODO: check
+ NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: My YouTube Channel plugin for WordPress
CVE-2023-0445
RESERVED
CVE-2023-0444
@@ -5918,7 +5918,7 @@ CVE-2022-4834
CVE-2022-4833
RESERVED
CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4831
RESERVED
CVE-2022-4830
@@ -6508,9 +6508,9 @@ CVE-2022-4792
CVE-2022-4791
RESERVED
CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4788
RESERVED
CVE-2022-4787
@@ -6651,7 +6651,7 @@ CVE-2022-4777
CVE-2022-4776
RESERVED
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4774
RESERVED
CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
@@ -6773,11 +6773,11 @@ CVE-2022-4762
CVE-2022-4761
RESERVED
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4759
RESERVED
CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4757
RESERVED
CVE-2022-4756
@@ -6787,11 +6787,11 @@ CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problema
CVE-2022-4754
RESERVED
CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4752
RESERVED
CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4750
RESERVED
CVE-2022-4749
@@ -6840,7 +6840,7 @@ CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been
CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Pl ...)
NOT-FOR-US: Zoho
CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a vis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4745
RESERVED
CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as ...)
@@ -6987,13 +6987,13 @@ CVE-2022-4720 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.
CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4717
RESERVED
CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4714
RESERVED
CVE-2022-4713
@@ -7017,7 +7017,7 @@ CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to
CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-4706 (The Genesis Columns Advanced WordPress plugin before 2.0.4 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
@@ -7046,7 +7046,7 @@ CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4693 (The User Verification WordPress plugin before 1.0.94 was affected by a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
@@ -7140,7 +7140,7 @@ CVE-2022-4677
CVE-2022-4676
RESERVED
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4674
RESERVED
CVE-2022-46739
@@ -7150,9 +7150,9 @@ CVE-2022-46735
CVE-2022-46734
RESERVED
CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4671
RESERVED
CVE-2022-4670
@@ -7160,7 +7160,7 @@ CVE-2022-4670
CVE-2022-4669
RESERVED
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4667
RESERVED
CVE-2022-4666
@@ -7223,7 +7223,7 @@ CVE-2022-4652
CVE-2022-4651
RESERVED
CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4649
RESERVED
CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.g ...)
@@ -7323,19 +7323,19 @@ CVE-2022-46300
CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal ...)
NOT-FOR-US: daloRADIUS
CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before 2.6.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46286
RESERVED
CVE-2022-4628
RESERVED
CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4626
RESERVED
CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4623
RESERVED
CVE-2022-45876
@@ -9380,7 +9380,7 @@ CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 d
CVE-2022-4577
RESERVED
CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4575
RESERVED
CVE-2022-4574
@@ -9392,7 +9392,7 @@ CVE-2022-4572 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4569
RESERVED
CVE-2022-4568
@@ -9482,13 +9482,13 @@ CVE-2022-4550
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4546
RESERVED
CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...)
@@ -9506,7 +9506,7 @@ CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Serve
CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...)
NOT-FOR-US: SAP
CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4541
RESERVED
CVE-2022-4540
@@ -9709,7 +9709,7 @@ CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified
CVE-2022-4510
RESERVED
CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...)
NOT-FOR-US: GE Digital
CVE-2022-38469 (An unauthorized user with network access and the decryption key could ...)
@@ -9871,7 +9871,7 @@ CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validat
CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not validate and e ...)
@@ -10029,9 +10029,9 @@ CVE-2022-47376
CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...)
NOT-FOR-US: Squirrel.Windows
CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4473
RESERVED
CVE-2022-4472
@@ -10045,7 +10045,7 @@ CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not vali
CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4466
RESERVED
CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate ...)
@@ -10203,7 +10203,7 @@ CVE-2022-4445
CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...)
NOT-FOR-US: ipti br.tag
CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress plugin befor ...)
NOT-FOR-US: WordPress plugin
CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...)
@@ -11535,7 +11535,7 @@ CVE-2022-4385
CVE-2022-4384
RESERVED
CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
@@ -11760,7 +11760,7 @@ CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x th
CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Apache Sling
CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4343
RESERVED
CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -11852,7 +11852,7 @@ CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does
CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25048
RESERVED
CVE-2023-21673
@@ -12178,15 +12178,15 @@ CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF c
CVE-2022-4308
RESERVED
CVE-2022-4307 (The پلاگین پرد&# ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4306
RESERVED
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4304
RESERVED
CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...)
@@ -13216,7 +13216,7 @@ CVE-2022-4232 (A vulnerability, which was classified as critical, was found in S
CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Tribal Systems Zenario CMS
CVE-2022-4230 (The WP Statistics WordPress plugin before 13.2.9 does not escape a par ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...)
NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -15661,7 +15661,7 @@ CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plu
CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4017 (The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...)
@@ -19460,7 +19460,7 @@ CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC
CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...)
NOT-FOR-US: Huawei
CVE-2022-3811 (The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified ...)
NOT-FOR-US: Bento4
CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...)
@@ -26789,7 +26789,7 @@ CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Re
CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os]
RESERVED
- linux 6.1.4-1
@@ -145366,7 +145366,7 @@ CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24881 (The Passster WordPress plugin before 3.5.5.9 does not properly check f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
@@ -145454,7 +145454,7 @@ CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have aut
CVE-2021-24838 (The AnyComment WordPress plugin before 0.3.5 has an API endpoint which ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24837 (The Passster WordPress plugin before 3.5.5.8 does not escape the area ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7df37c234323a059921245f4be15125f50a07473
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7df37c234323a059921245f4be15125f50a07473
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230123/aa37fa7b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list