Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
63fe433b by Salvatore Bonaccorso at 2022-03-28T22:19:16+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1117,7 +1117,7 @@ CVE-2022-27664
CVE-2022-27663
RESERVED
CVE-2022-27658 (Under certain conditions, SAP Innovation management - version
2.0, all ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-27657
RESERVED
CVE-2022-27656
@@ -4380,7 +4380,7 @@ CVE-2022-0847 (A flaw was found in the way the "flags"
member of the new pipe bu
NOTE: https://www.openwall.com/lists/oss-security/2022/03/07/1
NOTE: https://dirtypipe.cm4all.com/
CVE-2022-0846 (The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0845 (Code Injection in GitHub repository
pytorchlightning/pytorch-lightning ...)
NOT-FOR-US: pytorchlightning
CVE-2022-26387
@@ -4508,7 +4508,7 @@ CVE-2022-0835
CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site
Scripting due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have
authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -4596,7 +4596,7 @@ CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in
GitHub repository orchardc
CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to
15.0.1. ...)
- dolibarr <removed>
CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before
4.16.4.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0817
RESERVED
CVE-2022-0816
@@ -5136,13 +5136,13 @@ CVE-2022-0789
CVE-2022-0788
RESERVED
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin
before 5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0786
RESERVED
CVE-2022-0785
RESERVED
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0783
RESERVED
CVE-2022-0782
@@ -5174,7 +5174,7 @@ CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in
GitHub repository librenms
CVE-2022-0771
RESERVED
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before
2.9.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0769
RESERVED
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository
rudloff/alltub ...)
@@ -6347,7 +6347,7 @@ CVE-2022-0722
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in
GitHub repos ...)
NOT-FOR-US: microweber
CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper
authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
NOT-FOR-US: microweber
CVE-2022-0718
@@ -7186,9 +7186,9 @@ CVE-2022-0682
CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0680 (The Plezi WordPress plugin before 1.0.3 has a REST endpoint
allowing u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to
validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist
microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0677
@@ -7465,7 +7465,7 @@ CVE-2022-21142 (Authentication bypass vulnerability in
a-blog cms Ver.2.8.x seri
CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin
before 1.0 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not
sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component
Transpo ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://lore.kernel.org/all/[email protected]/T/
@@ -7479,11 +7479,11 @@ CVE-2022-0644 [vfs: check fd has read access in
kernel_read_file_from_fd()]
[stretch] - linux 4.9.290-1
NOTE:
https://git.kernel.org/linus/032146cda85566abcd1c4884d9d23e4e30a07e9a (5.15-rc7)
CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not
sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0642
RESERVED
CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not
sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
@@ -7630,11 +7630,11 @@ CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby
prior to 3.2. ...)
CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in
Packag ...)
NOT-FOR-US: snipe-it
CVE-2022-0621 (The dTabs WordPress plugin through 1.4 does not sanitize and
escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0620 (The Delete Old Orders WordPress plugin through 0.2 does not
sanitize a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0619 (The Database Peek WordPress plugin through 1.2 does not
sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not
configure its XM ...)
NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and
earlier use ...)
@@ -7860,9 +7860,9 @@ CVE-2022-0602
CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before
2.2.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0598
RESERVED
CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to
1.2.11. ...)
@@ -7870,7 +7870,7 @@ CVE-2022-0597 (Open Redirect in Packagist
microweber/microweber prior to 1.2.11.
CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior
to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before
1.3.6.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0594
RESERVED
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7
includes a f ...)
@@ -9846,7 +9846,7 @@ CVE-2022-0500 (A flaw was found in unrestricted eBPF
usage by the BPF_BTF_LOAD,
- linux 5.16.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0498
REJECTED
CVE-2022-0497
@@ -9865,7 +9865,7 @@ CVE-2022-0494 (A kernel information leak flaw was
identified in the scsi_ioctl f
- linux 5.16.14-1
NOTE:
https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not
properly val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an
array, and co ...)
- atftp 0.7.git20210915-1 (bug #1004974)
[bullseye] - atftp 0.7.git20120829-3.3+deb11u2
@@ -10156,7 +10156,7 @@ CVE-2022-0480
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
NOTE:
https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477
@@ -10343,7 +10343,7 @@ CVE-2022-0452
CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih
includes aut ...)
NOT-FOR-US: Dart SDK
CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.8
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and
escape va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise
and esc ...)
@@ -10961,7 +10961,7 @@ CVE-2022-0399 (The Advanced Product Labels for
WooCommerce WordPress plugin befo
CVE-2022-0398
RESERVED
CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before
2.9.4 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25030 (A vulnerability classified as problematic has been found in
Mirmay Sec ...)
TODO: check
CVE-2017-20016
@@ -11212,7 +11212,7 @@ CVE-2022-0390
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
RESERVED
- unzip <unfixed> (unimportant)
@@ -75979,13 +75979,13 @@ CVE-2021-25073 (The WP125 WordPress plugin before
1.5.5 does not have CSRF check
CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin
before 4 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25071 (The WordPress plugin through 2.0.1 does not sanitise and
escape the tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25070 (The Block Bad Bots WordPress plugin before 6.88 does not
properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was
affected ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25066
@@ -75993,7 +75993,7 @@ CVE-2021-25066
CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before
4.1.1 was a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not
sanitize us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25063 (The Skins for Contact Form 7 WordPress plugin before 2.5.1
does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before
1.1.10 doe ...)
@@ -76097,7 +76097,7 @@ CVE-2021-25014 (The Ibtana WordPress plugin before
1.1.4.9 does not have authori
CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have
authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25012 (The Pz-LinkCard WordPress plugin through 2.4.4.4 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before
1.8.1 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have
CSRF che ...)
@@ -76165,7 +76165,7 @@ CVE-2021-24980 (The Gwolle Guestbook WordPress plugin
before 4.2.0 does not sani
CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does
not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24978 (The OSMapper WordPress plugin through 2.1.5 contains an AJAX
action to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin
before 6.2.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not
sanitise and ...)
@@ -76629,7 +76629,7 @@ CVE-2021-24748 (The Email Before Download WordPress
plugin before 6.8 does not p
CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for
authenticated S ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24746 (The Social Sharing Plugin WordPress plugin before 3.3.40 does
not esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before
1.4.12 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fe433b892c019349c15eacc933f6ca9d5201b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fe433b892c019349c15eacc933f6ca9d5201b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
