Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60742f3b by Salvatore Bonaccorso at 2022-05-09T22:11:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1047,7 +1047,7 @@ CVE-2022-1553
CVE-2022-1552
RESERVED
CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly
restrict ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30125
RESERVED
CVE-2022-30124
@@ -3744,7 +3744,7 @@ CVE-2022-1340
CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository
pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and
earlier allo ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1336
@@ -4158,7 +4158,7 @@ CVE-2022-1304 (An out-of-bounds read/write vulnerability
was found in e2fsprogs
NOTE:
https://lore.kernel.org/linux-ext4/[email protected]/T/#u
NOTE: Fixed by:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76
CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not
sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an
unauthe ...)
NOT-FOR-US: MZ Automation LibIEC61850
CVE-2022-1301
@@ -6368,7 +6368,7 @@ CVE-2022-1172 (Null Pointer Dereference Caused
Segmentation Fault in GitHub repo
NOTE: https://github.com/gpac/gpac/issues/2153
NOTE:
https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8
CVE-2022-1171 (The Vertical scroll recent post WordPress plugin before 14.0
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster
there ...)
NOT-FOR-US: Wordpress theme
CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
@@ -7267,7 +7267,7 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub
repository mruby/mruby pr
CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE
affecting all ...)
- gitlab <unfixed>
CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1103
RESERVED
CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance
Management System ...)
@@ -8052,7 +8052,7 @@ CVE-2022-1048 (A use-after-free flaw was found in the
Linux kernel’s sound
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
CVE-2022-1047 (The Themify Post Type Builder Search Addon WordPress plugin
before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not
sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository
polonel/trudesk ...)
@@ -9113,7 +9113,7 @@ CVE-2022-1015 (A flaw was found in the Linux kernel in
linux/net/netfilter/nf_ta
CVE-2022-1014
RESERVED
CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to
properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1012
RESERVED
CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s
FUSE files ...)
@@ -9501,7 +9501,7 @@ CVE-2022-0950 (Unrestricted Upload of File with Dangerous
Type in GitHub reposit
CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and
Anti Spa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0948 (The Order Listener for WooCommerce WordPress plugin before
3.2.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [wordpress 5.9.2]
- wordpress 5.9.2+dfsg1-1 (bug #1007145)
[stretch] - wordpress 4.7.23+dfsg-0+deb9u1
@@ -10454,7 +10454,7 @@ CVE-2022-0900
CVE-2022-0899
RESERVED
CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The
virNWFilterObjLis ...)
- libvirt 8.2.0-1 (bug #1009075)
[bullseye] - libvirt <no-dsa> (Minor issue)
@@ -11038,7 +11038,7 @@ CVE-2022-0876 (The Social comments by WpDevArt
WordPress plugin before 2.5.0 doe
CVE-2022-0875
RESERVED
CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0873
RESERVED
CVE-2022-26532
@@ -11532,7 +11532,7 @@ CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected
in GitHub repository hesti
CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper
authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0836 (The SEMA API WordPress plugin through 3.64 does not properly
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26365
RESERVED
CVE-2022-26364
@@ -11616,7 +11616,7 @@ CVE-2022-0828 (The Download Manager WordPress plugin
before 3.2.39 uses the uniq
CVE-2022-0827
RESERVED
CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper
authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub
repository ...)
@@ -11692,13 +11692,13 @@ CVE-2022-0819 (Code Injection in GitHub repository
dolibarr/dolibarr prior to 15
CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before
4.16.4.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0817 (The BadgeOS WordPress plugin through 3.7.0 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0816
RESERVED
CVE-2022-0815 (Improper access control vulnerability in McAfee WebAdvisor
Chrome and ...)
NOT-FOR-US: McAfee
CVE-2022-0814 (The Ubigeo de Perú para Woocommerce WordPress plugin
before 3.6.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve
potentially ...)
- phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
NOTE:
https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
@@ -14667,7 +14667,7 @@ CVE-2022-0627 (The Amelia WordPress plugin before
1.0.47 does not sanitize and e
CVE-2022-0626
RESERVED
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not
sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0624
RESERVED
CVE-2022-25271 (Drupal core's form API has a vulnerability where certain
contributed o ...)
@@ -15001,7 +15001,7 @@ CVE-2022-0594
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7
includes a f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0592 (The MapSVG WordPress plugin before 6.2.20 does not validate and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate
the URL ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not
sanitise ...)
@@ -17777,7 +17777,7 @@ CVE-2022-0426 (The Product Feed PRO for WooCommerce
WordPress plugin before 11.2
CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway
integration in ...)
NOT-FOR-US: Irker
CVE-2022-0424 (The Popup by Supsystic WordPress plugin before 1.10.9 does not
have an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have
authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not
sanitise an ...)
@@ -24431,7 +24431,7 @@ CVE-2022-22483
CVE-2022-22482
RESERVED
CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22480
RESERVED
CVE-2022-22479
@@ -24755,7 +24755,7 @@ CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS
local messaging users stored
CVE-2022-22320
RESERVED
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register
user on t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22318
RESERVED
CVE-2022-22317
@@ -96050,7 +96050,7 @@ CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0
through 6.1.1.0 is vulnerable
CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is
vulnerable to se ...)
NOT-FOR-US: IBM
CVE-2021-20479 (IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses
weaker t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some
situations t ...)
NOT-FOR-US: IBM
CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site
scripting. This ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60742f3bfae9fc04aded3653477e5bc2e921f88e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60742f3bfae9fc04aded3653477e5bc2e921f88e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
