Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad2eaf08 by Salvatore Bonaccorso at 2022-03-21T21:21:17+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3800,7 +3800,7 @@ CVE-2022-26088
CVE-2022-0761
RESERVED
CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does
not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0759
RESERVED
CVE-2022-26085
@@ -4329,7 +4329,7 @@ CVE-2022-0749 (This affects all versions of package
SinGooCMS.Utility. The socke
CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary
Code Ex ...)
TODO: check
CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not
validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr
prior to ...)
- dolibarr <removed>
CVE-2022-0745
@@ -4417,7 +4417,7 @@ CVE-2022-0741
CVE-2022-0740
RESERVED
CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to
properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0738
RESERVED
- gitlab <not-affected> (Vulnerable code introduced later)
@@ -5474,7 +5474,7 @@ CVE-2022-25370
CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1
improperly handl ...)
NOT-FOR-US: EC-CUBE
CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0693
RESERVED
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube
prior to ...)
@@ -5496,7 +5496,7 @@ CVE-2022-0689 (Use multiple time the one-time coupon in
Packagist microweber/mic
CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior
to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs
into actu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
- node-url-parse 1.5.9+~1.4.8-1
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered
by security support)
@@ -5629,7 +5629,7 @@ CVE-2022-0683 (The Essential Addons for Elementor Lite
WordPress plugin is vulne
CVE-2022-0682
RESERVED
CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0680
RESERVED
CVE-2022-0679
@@ -5920,7 +5920,7 @@ CVE-2022-0642
CVE-2022-0641
RESERVED
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
- node-url-parse 1.5.7-1
[bullseye] - node-url-parse <no-dsa> (Minor issue)
@@ -5965,9 +5965,9 @@ CVE-2022-0629 (Stack-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
NOTE:
https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc
(v8.2.4397)
CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0626
RESERVED
CVE-2022-0625
@@ -6095,7 +6095,7 @@ CVE-2022-0617 (A flaw null pointer dereference in the
Linux kernel UDF file syst
NOTE:
https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
NOTE:
https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
CVE-2022-0616 (The Amelia WordPress plugin before 1.0.47 does not have CSRF
check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products
for Lin ...)
NOT-FOR-US: ESET
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to
3.2. ...)
@@ -6310,9 +6310,9 @@ CVE-2022-0593 (The Login with phone number WordPress
plugin before 1.3.7 include
CVE-2022-0592
RESERVED
CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate
the URL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist
librenms/librenms pri ...)
NOT-FOR-US: LibreNMS
CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in
Packagis ...)
@@ -8926,7 +8926,7 @@ CVE-2022-0425
CVE-2022-0424
RESERVED
CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have
authorisa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0421
@@ -10097,7 +10097,7 @@ CVE-2022-0366 (An authenticated and authorized agent
user could potentially gain
CVE-2022-0365 (The affected product is vulnerable to an authenticated OS
command inje ...)
NOT-FOR-US: Ricon Mobile
CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0363
RESERVED
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
@@ -12752,7 +12752,7 @@ CVE-2022-0231 (livehelperchat is vulnerable to
Cross-Site Request Forgery (CSRF)
CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin
through 1.4. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before
5.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46304
@@ -15635,7 +15635,7 @@ CVE-2022-22396
CVE-2022-22395
RESERVED
CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a
remote attack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22393
RESERVED
CVE-2022-22392
@@ -74394,7 +74394,7 @@ CVE-2021-25021 (The OMGF | Host Google Fonts Locally
WordPress plugin before 4.5
CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin
before 4.1.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25019 (The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12
does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not
have au ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape
the searc ...)
@@ -74622,7 +74622,7 @@ CVE-2021-24907 (The Contact Form, Drag and Drop Form
Builder for WordPress plugi
CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not
check for ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24905 (The Advanced Contact form 7 DB WordPress plugin before 1.8.7
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does
not impl ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not
sanitise ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2eaf088e969080dccd64f7d64f3bb87d4c922f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2eaf088e969080dccd64f7d64f3bb87d4c922f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
