[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Mon, 21 Feb 2022 12:19:37 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0d0a7aa7 by Salvatore Bonaccorso at 2022-02-21T21:18:59+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,7 @@ CVE-2022-25601
 CVE-2022-25600
        RESERVED
 CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to 
event delet ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-25598
        RESERVED
 CVE-2022-0712
@@ -4728,9 +4728,9 @@ CVE-2022-23988
 CVE-2022-23987
        RESERVED
 CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz 
WordPress plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to 
plugin Sett ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for 
WooCommer ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create 
brands in W ...)
@@ -5629,7 +5629,7 @@ CVE-2022-0327
 CVE-2021-46403
        RESERVED
 CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-23809
        RESERVED
 CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An 
attacker ca ...)
@@ -6450,7 +6450,7 @@ CVE-2022-23457
 CVE-2022-0314
        RESERVED
 CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF 
check  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0312
        RESERVED
 CVE-2022-0299
@@ -6621,7 +6621,7 @@ CVE-2022-0289 (Use after free in Safe browsing in Google 
Chrome prior to 97.0.46
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro 
WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0287
        RESERVED
 CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer 
dereference in bo ...)
@@ -6646,7 +6646,7 @@ CVE-2022-0281 (Exposure of Sensitive Information to an 
Unauthorized Actor in Pac
 CVE-2022-0280
        RESERVED
 CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a 
race co ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist 
microweber/microweber ...)
        NOT-FOR-US: microweber
 CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber 
prior to 1. ...)
@@ -7220,13 +7220,13 @@ CVE-2022-0257 (pimcore is vulnerable to Improper 
Neutralization of Input During
 CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input 
During Web P ...)
        NOT-FOR-US: pimcore
 CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not 
properl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0254
        RESERVED
 CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of 
Input Durin ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the 
json par ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
        NOT-FOR-US: pimcore
 CVE-2022-0250
@@ -7472,7 +7472,7 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of 
Sensitive Information to
        NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
        NOTE: Fixed by: 
https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80
 (v3.1.1)
 CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0233 (The ProfileGrid &#8211; User Profiles, Memberships, Groups and 
Communi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0232 (The User Registration, Login &amp; Landing Pages WordPress 
plugin is v ...)
@@ -7484,7 +7484,7 @@ CVE-2022-0230
 CVE-2022-0229
        RESERVED
 CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not 
validate and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-46304
        RESERVED
 CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 
allows local ...)
@@ -7603,7 +7603,7 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
 CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not 
sanitise a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not 
sanitise a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP 
Google Map ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered 
in [GWA] ...)
@@ -7621,7 +7621,7 @@ CVE-2021-4205
 CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability 
discovere ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) 
vulnerability discov ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in 
PHP Ever ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-23209
@@ -7734,7 +7734,7 @@ CVE-2022-0201 (The Permalink Manager Lite WordPress 
plugin before 2.2.15 and Per
 CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not 
sanitise ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 
3.6.8 doe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 
devices.  ...)
        NOT-FOR-US: Crestron devices
 CVE-2022-23177
@@ -7935,7 +7935,7 @@ CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 
allows any user, even not
 CVE-2022-0187
        RESERVED
 CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin 
before 3.5.3 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the 
legacy_pars ...)
        {DSA-5050-1}
        - linux 5.15.15-1
@@ -8578,7 +8578,7 @@ CVE-2022-0166 (A privilege escalation vulnerability in 
the McAfee Agent prior to
 CVE-2022-0165
        RESERVED
 CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 
3.6.8 doe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0163
        RESERVED
 CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 
160325  ...)
@@ -9452,7 +9452,7 @@ CVE-2022-0135 [out-of-bounds write in 
read_transfer_data()]
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
        TODO: Check introducing information for issue
 CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have 
CSRF check ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...)
        - peertube <itp> (bug #950821)
 CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) 
...)
@@ -68767,11 +68767,11 @@ CVE-2021-25103 (The Translate WordPress with 
GTranslate WordPress plugin before
 CVE-2021-25102
        RESERVED
 CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress 
plugin be ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the 
s parame ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise 
and escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25098
        RESERVED
 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper 
authori ...)
@@ -68805,7 +68805,7 @@ CVE-2021-25084 (The Advanced Cron Manager WordPress 
plugin before 2.4.2 and Adva
 CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin 
before 2.7. ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not 
validate and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25081
        RESERVED
 CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does 
not valida ...)
@@ -68819,7 +68819,7 @@ CVE-2021-25077 (The Store Toolkit for WooCommerce 
WordPress plugin before 2.3.2
 CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not 
validate  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does 
not have ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 
contains a  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF 
checks in v ...)
@@ -68831,7 +68831,7 @@ CVE-2021-25071
 CVE-2021-25070
        RESERVED
 CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25068
        RESERVED
 CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was 
affected  ...)
@@ -68849,13 +68849,13 @@ CVE-2021-25062 (The Orders Tracking for WooCommerce 
WordPress plugin before 1.1.
 CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was 
affected by a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin 
before 2.1. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25059
        RESERVED
 CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable 
to Authe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25056
        RESERVED
 CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a 
Reflected C ...)
@@ -69127,7 +69127,7 @@ CVE-2021-24923 (The Newsletter, SMTP, Email marketing 
and Subscribe forms by Sen
 CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF 
check w ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24920
        RESERVED
 CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not 
sanitise an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0a7aa7481e8283b96f0e9cb274f64aad76cbcb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0a7aa7481e8283b96f0e9cb274f64aad76cbcb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to