Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dd4f2712 by Salvatore Bonaccorso at 2022-02-14T21:23:56+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5440,7 +5440,7 @@ CVE-2022-23369
CVE-2022-23368
RESERVED
CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Fulusso
CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via p ...)
NOT-FOR-US: HMS (Hospital Managment System)
CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via d ...)
@@ -6230,7 +6230,7 @@ CVE-2022-0216
CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock
notifier ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1
autoloa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -6238,7 +6238,7 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer
Overflow ...)
NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
NOTE: Fixed by:
https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26
(v8.2.4074)
CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0211
RESERVED
CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP
Google Map ...)
@@ -6345,12 +6345,12 @@ CVE-2022-0210 (The Random Banner WordPress plugin is
vulnerable to Stored Cross-
CVE-2022-0209
RESERVED
CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0207
RESERVED
- vdsm <itp> (bug #668538)
CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not
properly escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0205
RESERVED
CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt
protocol]
@@ -6367,9 +6367,9 @@ CVE-2022-0203 (Improper Access Control in GitHub
repository crater-invoice/crate
CVE-2022-0202
RESERVED
CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and
Permalin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0199
RESERVED
CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159
devices. ...)
@@ -6558,17 +6558,17 @@ CVE-2022-21134 (A firmware update vulnerability exists
in the &quot;update&a
CVE-2022-0194
RESERVED
CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the
s para ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0192
RESERVED
CVE-2022-0191
RESERVED
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before
1.2.6 is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0189
RESERVED
CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even
not logge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0187
RESERVED
CVE-2022-0186
@@ -7169,7 +7169,7 @@ CVE-2022-22856
CVE-2022-22855
RESERVED
CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of
Hospital Pat ...)
- TODO: check
+ NOT-FOR-US: Hospital Patient Record Management System
CVE-2022-22853
RESERVED
CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Sourcecodt ...)
@@ -7183,7 +7183,7 @@ CVE-2022-22849
CVE-2022-22149
RESERVED
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before
1.2.9.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer()
can lead to info leak]
RESERVED
- virglrenderer <unfixed>
@@ -11749,9 +11749,9 @@ CVE-2021-45423
CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected
cross-site scr ...)
NOT-FOR-US: Reprise License Manager
CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500
products are a ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500
products are a ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-45419 (Certain Starcharge products are affected by Improper Input
Validation. ...)
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory
Traversal via ...)
@@ -11816,7 +11816,7 @@ CVE-2021-45394 (An issue was discovered in Spipu
HTML2PDF before 5.2.4. Attacker
CVE-2021-45393
RESERVED
CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12
V22.03.01. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-45391
RESERVED
CVE-2021-45390
@@ -16740,7 +16740,7 @@ CVE-2022-21661 (WordPress is a free and open-source
content management system wr
NOTE: https://hackerone.com/reports/1378209
NOTE:
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue
and gin. I ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-21659 (Flask-AppBuilder is an application development framework,
built on top ...)
- flask-appbuilder <itp> (bug #998029)
NOTE:
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
@@ -32000,9 +32000,9 @@ CVE-2021-39082
CVE-2021-39081
RESERVED
CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for
Android appli ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to
version ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39078
RESERVED
CVE-2021-39077
@@ -67279,7 +67279,7 @@ CVE-2021-25117
CVE-2021-25116
RESERVED
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does
not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25113
@@ -67289,13 +67289,13 @@ CVE-2021-25112
CVE-2021-25111
RESERVED
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any
logged in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by
a SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape
some of ...)
@@ -67409,7 +67409,7 @@ CVE-2021-25052 (The Button Generator WordPress plugin
before 2.3.3 within the wo
CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the
wow-company ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25048
@@ -67443,7 +67443,7 @@ CVE-2021-25035 (The Backup and Staging by WP Time
Capsule WordPress plugin befor
CVE-2021-25034
RESERVED
CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1,
PublishPr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects,
Lightbox, Co ...)
@@ -67473,7 +67473,7 @@ CVE-2021-25020 (The CAOS | Host Google Analytics
Locally WordPress plugin before
CVE-2021-25019
RESERVED
CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not
have au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape
the searc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro
WordPress plugin ...)
@@ -67481,7 +67481,7 @@ CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3
and Chaty Pro WordPress
CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and
escape th ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have
authorisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have
authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25012
@@ -67701,7 +67701,7 @@ CVE-2021-24906 (The Protect WP Admin WordPress plugin
before 3.6.2 does not chec
CVE-2021-24905
RESERVED
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does
not impl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24903
RESERVED
CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress
plugin be ...)
@@ -67761,7 +67761,7 @@ CVE-2021-24876 (The Registrations for the Events
Calendar WordPress plugin befor
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin
before 3.0.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by
Sendinblu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows
users w ...)
@@ -68617,7 +68617,7 @@ CVE-2021-24448 (The User Registration & User
Profile – Profile Builder
CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not
validate its ta ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does
not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not
sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags,
Categories W ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4f27124cf3c8b44bc35cce648dad8807346839
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4f27124cf3c8b44bc35cce648dad8807346839
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
