[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Mon, 23 May 2022 13:21:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fdf487ff by Salvatore Bonaccorso at 2022-05-23T22:20:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3531,7 +3531,7 @@ CVE-2022-1560 (The Amministrazione Aperta WordPress 
plugin through 3.7.3 does no
 CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and 
escape  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise 
and escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1557 (The ULeak Security &amp; Monitoring WordPress plugin through 
1.2.3 doe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1556
@@ -3596,7 +3596,7 @@ CVE-2022-1549
 CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly 
restric ...)
        NOT-FOR-US: Mattermost Playbooks plugin
 CVE-2022-1547 (The Check &amp; Log Email WordPress plugin before 1.0.6 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1546
        RESERVED
 CVE-2022-30114
@@ -6556,7 +6556,7 @@ CVE-2022-1322
 CVE-2022-1321
        RESERVED
 CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not 
properly san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password 
Manager Pr ...)
        NOT-FOR-US: ZOHO ManageEngine
 CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js 
allows c ...)
@@ -6762,7 +6762,7 @@ CVE-2022-1300 (Multiple Version of TRUMPF TruTops 
products expose a service func
 CVE-2022-1299
        RESERVED
 CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and 
escape Ta ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in 
GitHub repo ...)
        - radare2 <unfixed>
        NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
@@ -6973,7 +6973,7 @@ CVE-2022-28946 (An issue in the component ast/parser.go 
of Open Policy Agent v0.
 CVE-2022-28945
        RESERVED
 CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: 
Download of C ...)
-       TODO: check
+       NOT-FOR-US: EMCO
 CVE-2022-28943
        RESERVED
 CVE-2022-28942
@@ -7623,7 +7623,7 @@ CVE-2022-1270
 CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not 
sanitise and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not 
sanitise  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1266
@@ -7877,13 +7877,13 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac 
prior to 2.1.0-DEV. ...)
        NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
        NOTE: 
https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
 CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1220
        RESERVED
 CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository 
pimcore ...)
        NOT-FOR-US: pimcore
 CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 
1.1 does  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does 
not sanit ...)
@@ -8751,7 +8751,7 @@ CVE-2022-1194
 CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 
14.7.7, ...)
        - gitlab <unfixed>
 CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not 
saniti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-46779
        RESERVED
 CVE-2021-46778
@@ -10139,7 +10139,7 @@ CVE-2022-1095
 CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise 
or esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have 
authorisation a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 
1.9.10 c ...)
@@ -11855,7 +11855,7 @@ CVE-2022-1015 (A flaw was found in the Linux kernel in 
linux/net/netfilter/nf_ta
        NOTE: Exploitable after: 
https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1)
        NOTE: Fixed by: 
https://git.kernel.org/linus/6e1acfa387b9ff82cfc7db8cc3b6959221a95851
 CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to 
proper ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to 
properl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1012
@@ -14989,7 +14989,7 @@ CVE-2022-0783 (The Multiple Shipping Address 
Woocommerce WordPress plugin before
 CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise 
and escap ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not 
sanitise and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to 
disable th ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0779
@@ -21992,7 +21992,7 @@ CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in 
Packagist pimcore/pimcore
 CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin 
before  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 
2.0.4 doe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin 
before 1.8. ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions 
starting ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf487ff0a9599d1c70917d693722e702f4c1279

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf487ff0a9599d1c70917d693722e702f4c1279
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to