[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 31 08:19:06 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b98a43d by Salvatore Bonaccorso at 2023-01-31T09:18:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6154,7 +6154,7 @@ CVE-2023-0099
CVE-2023-0098
RESERVED
CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0096
RESERVED
CVE-2023-0095
@@ -6396,13 +6396,13 @@ CVE-2023-0076
CVE-2023-0075
RESERVED
CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0073
RESERVED
CVE-2023-0072
RESERVED
CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0070
RESERVED
CVE-2023-0069
@@ -6520,7 +6520,7 @@ CVE-2022-4874 (Authentication bypass in Netcomm router models NF20MESH, NF20, an
CVE-2022-4873 (On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buff ...)
NOT-FOR-US: Netcomm
CVE-2022-4872 (The Chained Products WordPress plugin before 2.12.0 does not have auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48217 (** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operatin ...)
NOT-FOR-US: ROS tf_remapper_node
CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy. This woul ...)
@@ -6631,7 +6631,7 @@ CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been dec
CVE-2023-0034
RESERVED
CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4870
RESERVED
CVE-2015-10011 (A vulnerability classified as problematic has been found in OpenDNS Op ...)
@@ -7072,25 +7072,25 @@ CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
CVE-2022-4838
RESERVED
CVE-2022-4837 (The CPO Companion WordPress plugin before 1.1.0 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4836
RESERVED
CVE-2022-4835 (The Social Sharing Toolkit WordPress plugin through 2.6 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4834 (The CPT Bootstrap Carousel WordPress plugin through 1.12 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4833
RESERVED
CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4830
RESERVED
CVE-2022-4829
RESERVED
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4827
RESERVED
CVE-2022-4826
@@ -7664,11 +7664,11 @@ CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/me
CVE-2022-4795
RESERVED
CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4792 (The News & Blog Designer Pack WordPress plugin before 3.3 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4791
RESERVED
CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...)
@@ -7678,7 +7678,7 @@ CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not valid
CVE-2022-4788
RESERVED
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4786
RESERVED
CVE-2022-4785
@@ -7690,7 +7690,7 @@ CVE-2022-4783
CVE-2022-4782
RESERVED
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...)
NOT-FOR-US: ISOS firmwares
CVE-2022-4779 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...)
@@ -7814,7 +7814,7 @@ CVE-2022-47969
CVE-2022-4777
RESERVED
CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4774
@@ -7930,11 +7930,11 @@ CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to 0.
CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. I ...)
NOT-FOR-US: dolibarr_project_timesheet
CVE-2022-4765 (The Portfolio for Elementor WordPress plugin before 2.3.1 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4764
RESERVED
CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4762
RESERVED
CVE-2022-4761
@@ -7962,7 +7962,7 @@ CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate
CVE-2022-4750
RESERVED
CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
NOT-FOR-US: FlatPress
CVE-2022-4747
@@ -8203,7 +8203,7 @@ CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable to
CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-4699 (The MediaElement.js WordPress plugin through 4.2.8 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: ProfilePress plugin for WordPress
CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -8302,7 +8302,7 @@ CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x throu
CVE-2022-47914
RESERVED
CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes user ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4679
RESERVED
CVE-2022-4678
@@ -8326,7 +8326,7 @@ CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not validate
CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4670
RESERVED
CVE-2022-4669
@@ -8334,7 +8334,7 @@ CVE-2022-4669
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4667 (The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4666
RESERVED
CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
@@ -8387,17 +8387,17 @@ CVE-2022-4656
CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4652
RESERVED
CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4649 (The WP Extended Search WordPress plugin before 2.1.2 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.g ...)
NOT-FOR-US: destiny.gg chat
CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...)
@@ -10648,9 +10648,9 @@ CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization
CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...)
NOT-FOR-US: B2B Customer Ordering System
CVE-2022-4553 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4551
RESERVED
CVE-2022-4550
@@ -11026,7 +11026,7 @@ CVE-2022-4498 (In TP-Link routers, Archer C5 and WR710N-V1, running the latest a
CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4496 (The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: collective.dms.basecontent
CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...)
@@ -11212,11 +11212,11 @@ CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not valid
CVE-2022-4473
RESERVED
CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4471
RESERVED
CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
@@ -12539,7 +12539,7 @@ CVE-2022-46894
CVE-2022-46893
RESERVED
CVE-2022-4395 (The Membership For WooCommerce WordPress plugin before 2.1.7 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...)
@@ -13371,7 +13371,7 @@ CVE-2022-4308
CVE-2022-4307 (The پلاگین پرد&# ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4304
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b98a43d89e9765e83ed407d54537cc90422548f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b98a43d89e9765e83ed407d54537cc90422548f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230131/4aedf048/attachment.htm>
More information about the debian-security-tracker-commits
mailing list