Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
577d7c26 by Salvatore Bonaccorso at 2022-04-25T22:16:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -765,7 +765,7 @@ CVE-2022-1398
CVE-2022-1397
RESERVED
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1395
RESERVED
CVE-2022-1394
@@ -773,11 +773,11 @@ CVE-2022-1394
CVE-2022-1393
RESERVED
CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not
validate t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1391 (The Cab fare calculator WordPress plugin through 1.0.3 does not
valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does
not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
- snort <unfixed> (bug #1009820)
[bullseye] - snort <no-dsa> (Minor issue)
@@ -3099,7 +3099,7 @@ CVE-2022-1230
CVE-2022-1229
RESERVED
CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1227
RESERVED
- libpod 3.4.7+ds1-1
@@ -3688,11 +3688,11 @@ CVE-2022-1210 (A vulnerability classified as
problematic was found in LibTIFF 4.
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6
does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not
escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-28351
RESERVED
CVE-2022-28350
@@ -3852,7 +3852,7 @@ CVE-2022-26034 (Improper authentication vulnerability in
the communication proto
CVE-2022-1200
RESERVED
CVE-2021-4225 (The SP Project & Document Manager WordPress plugin before
4.24 all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-28299
RESERVED
CVE-2022-28298
@@ -4392,7 +4392,7 @@ CVE-2022-1158
CVE-2022-1157 (Missing sanitization of logged exception messages in all
versions prio ...)
- gitlab <unfixed>
CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does
not es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in
GitHub r ...)
NOT-FOR-US: snipe-it
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim
prior to 8 ...)
@@ -4403,9 +4403,9 @@ CVE-2022-1154 (Use after free in utf_ptr2char in GitHub
repository vim/vim prior
NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
NOTE:
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
(v8.2.4646)
CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and
escape t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1151
RESERVED
CVE-2022-1150
@@ -5267,11 +5267,11 @@ CVE-2022-1096
CVE-2022-1095
RESERVED
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1093
RESERVED
CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have
authorisation a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before
1.9.10 c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does
not sa ...)
@@ -6538,9 +6538,9 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was
discovered to contain an us
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26354
CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-27373
RESERVED
CVE-2022-27372
@@ -6848,7 +6848,7 @@ CVE-2022-27242
CVE-2022-27241 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before
1.2.7 allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of
Net View ...)
NOT-FOR-US: Kyocera printers
CVE-2022-1025
@@ -7291,7 +7291,7 @@ CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in
Shop's O ...)
NOT-FOR-US: microweber
CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0952
RESERVED
CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS
Vulnerability in ...)
@@ -8829,7 +8829,7 @@ CVE-2022-0878 (Electric Vehicle (EV) commonly utilises
the Combined Charging Sys
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository
bookstackapp/ ...)
NOT-FOR-US: bookstack
CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0875
RESERVED
CVE-2022-0874
@@ -10020,7 +10020,7 @@ CVE-2022-0784 (The Title Experiments Free WordPress
plugin before 9.0.1 does not
CVE-2022-0783
RESERVED
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0781
RESERVED
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to
disable th ...)
@@ -10050,7 +10050,7 @@ CVE-2022-0771
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before
2.9.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository
rudloff/alltub ...)
NOT-FOR-US: rudloff/alltube
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated
administr ...)
@@ -11909,7 +11909,7 @@ CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE
4.0.0 to 4.1.1 improperly
CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube
prior to ...)
NOT-FOR-US: alltube
CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
@@ -12201,9 +12201,9 @@ CVE-2022-0659 (The Sync QCloud COS WordPress plugin
before 2.0.1 does not escape
CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0657 (The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who
controls the ...)
- libpgjava 42.3.3-1
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
@@ -12403,7 +12403,7 @@ CVE-2022-0635 (Versions affected: BIND 9.18.0 When a
vulnerable version of named
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-0635
CVE-2022-0634 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin
before 3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium
before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
@@ -14144,7 +14144,7 @@ CVE-2022-0543 (It was discovered, that redis, a
persistent key-value database, d
CVE-2022-0542
RESERVED
CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into
wp-conf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated
attack ...)
NOT-FOR-US: Jira Seraph
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist
ptrofimov/beanstalk_c ...)
@@ -15930,7 +15930,7 @@ CVE-2022-0400 [Out of bounds read in the smc protocol
stack]
CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin
before 1. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0398 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin
before 3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before
2.9.4 d ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25030 (A vulnerability classified as problematic has been found in
Mirmay Sec ...)
@@ -16676,7 +16676,7 @@ CVE-2022-0365 (The affected product is vulnerable to an
authenticated OS command
CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0363 (The myCred WordPress plugin before 2.4.4 does not have any
authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
@@ -18471,7 +18471,7 @@ CVE-2022-0289 (Use after free in Safe browsing in
Google Chrome prior to 97.0.46
CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0287 (The myCred WordPress plugin before 2.4.3.1 does not have any
authorisa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer
dereference in bo ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -22304,7 +22304,7 @@ CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000
server could allow a remote
CVE-2022-22393
RESERVED
CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to
upload arb ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow
an authen ...)
NOT-FOR-US: IBM
CVE-2022-22390
@@ -45863,7 +45863,7 @@ CVE-2021-39042
CVE-2021-39041
RESERVED
CVE-2021-39040 (IBM Planning Analytics Workspace 2.0 could be vulnerable to
malicious ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39039
RESERVED
CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere
Application Ser ...)
@@ -81168,7 +81168,7 @@ CVE-2021-25113 (The Dropdown Menu Widget WordPress
plugin through 1.9.7 does not
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not
sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25111 (The English WordPress Admin WordPress plugin before 1.5.2 does
not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any
logged in u ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by
a SQL I ...)
@@ -81202,7 +81202,7 @@ CVE-2021-25096 (The IP2Location Country Blocker
WordPress plugin before 2.26.5 b
CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25094 (The Tatsu WordPress plugin before 3.3.12 add_custom_font
action can be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have
authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have
CSRF chec ...)
@@ -81476,7 +81476,7 @@ CVE-2021-24959 (The WP Email Users WordPress plugin
through 1.7.6 does not escap
CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin through 5.0.8
does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24955 (The User Registration, Login Form, User Profile &
Membership WordP ...)
@@ -81780,7 +81780,7 @@ CVE-2021-24807 (The Support Board WordPress plugin
before 3.3.5 allows Authentic
CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF
when ad ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24805 (The DW Question & Answer Pro WordPress plugin through
1.3.4 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not
have nonce ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows
to bulk-s ...)
@@ -81790,7 +81790,7 @@ CVE-2021-24802 (The Colorful Categories WordPress
plugin before 2.0.15 does not
CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have
any auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24800 (The DW Question & Answer Pro WordPress plugin through
1.3.4 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not
sanitise a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/577d7c26a374a2fbb5655e21d1e846e17a4a6897
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/577d7c26a374a2fbb5655e21d1e846e17a4a6897
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
