Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e6109ea by Salvatore Bonaccorso at 2022-05-30T22:16:53+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3596,13 +3596,13 @@ CVE-2022-30526
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of
Zyxel USG F ...)
NOT-FOR-US: Zyxel
CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1645 (The Amazon Link WordPress plugin through 3.2.10 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1644 (The Call&Book Mobile Bar WordPress plugin through 1.2.2
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1643 (The Birthdays Widget WordPress plugin through 1.7.18 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30524 (There is an invalid memory access in the TextLine class in
TextOutputD ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and
below i ...)
@@ -4213,7 +4213,7 @@ CVE-2022-1613
CVE-2022-1612
RESERVED
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not
protect i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1610
RESERVED
CVE-2022-1609
@@ -4272,7 +4272,7 @@ CVE-2022-1591
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been
declared as pr ...)
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does
not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain
sq_reserv ...)
- squirrel3 <unfixed>
[bullseye] - squirrel3 <no-dsa> (Minor issue)
@@ -4424,9 +4424,9 @@ CVE-2022-30228
CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior
to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-1583 (The External Links in New Window / New Tab WordPress plugin
before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin
before 1.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1581
RESERVED
CVE-2022-1580
@@ -4454,7 +4454,7 @@ CVE-2022-1570
CVE-2022-1569
RESERVED
CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape
some of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46810
RESERVED
CVE-2021-46809
@@ -4700,15 +4700,15 @@ CVE-2022-30127
CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called
wp-js.php with ...)
NOT-FOR-US: WP-JS plugin for WordPress
CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1565
RESERVED
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1563
RESERVED
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise
uploade ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1561
RESERVED
CVE-2022-1560 (The Amministrazione Aperta WordPress plugin before 3.8 does not
valida ...)
@@ -4720,7 +4720,7 @@ CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2
does not sanitise and
CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through
1.2.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1556 (The StaffList WordPress plugin before 3.1.5 does not properly
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository
microweber/micro ...)
NOT-FOR-US: microweber
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository
clinical-g ...)
@@ -5278,7 +5278,7 @@ CVE-2022-29490
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository
erudika/sco ...)
NOT-FOR-US: scoold
CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1541
RESERVED
CVE-2022-1540
@@ -5317,9 +5317,9 @@ CVE-2022-1529
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529
CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin
before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4227
RESERVED
CVE-2022-29908
@@ -5860,7 +5860,7 @@ CVE-2022-1458 (Stored XSS Leads To Session Hijacking in
GitHub repository openem
CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page &
EditProd ...)
NOT-FOR-US: facturascripts
CVE-2022-1456 (The Poll Maker WordPress plugin before 4.0.2 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46789 (Configuration defects in the secure OS module.Successful
exploitation ...)
NOT-FOR-US: Huawei
CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the
iConnect modul ...)
@@ -6614,7 +6614,7 @@ CVE-2022-1397 (API Privilege Escalation in GitHub
repository alextselegidis/easy
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through
3.2.8.3.1 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1394
RESERVED
CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle
field an ...)
@@ -6867,7 +6867,7 @@ CVE-2022-28717 (Cross-site scripting vulnerability in
Rebooter(WATCH BOOT nino R
CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in
Rebooter(WATCH BOOT ...)
NOT-FOR-US: Rebooter
CVE-2022-1387 (The No Future Posts WordPress plugin through 1.4 does not
escape its s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the
Avada th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29405 (In Apache Archiva, any registered user can reset password for
any user ...)
@@ -7982,7 +7982,7 @@ CVE-2022-1301
CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service
function ...)
NOT-FOR-US: TRUMPF TruTops
CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and
escape Ta ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in
GitHub repo ...)
@@ -7996,7 +7996,7 @@ CVE-2022-1296 (Out-of-bounds read in
`r_bin_ne_get_relocs` function in GitHub re
CVE-2022-1295 (Prototype Pollution in GitHub repository
alvarotrigo/fullpage.js prior ...)
NOT-FOR-US: fullpage.js
CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not
sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1293
RESERVED
CVE-2022-1292 (The c_rehash script does not properly sanitise shell
metacharacters to ...)
@@ -8838,7 +8838,7 @@ CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in
GitHub repository mruby/mru
NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25
NOTE:
https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize
or esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1274
RESERVED
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate
the impo ...)
@@ -9786,7 +9786,7 @@ CVE-2022-1204
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have
authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1202
RESERVED
CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub
repositor ...)
@@ -13106,7 +13106,7 @@ CVE-2022-1011 (A use-after-free flaw was found in the
Linux kernel’s FUSE
CVE-2022-1010
RESERVED
CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and
escape a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1
does not s ...)
@@ -18649,7 +18649,7 @@ CVE-2022-0644 [vfs: check fd has read access in
kernel_read_file_from_fd()]
CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not
sanitize and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0642 (The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not
proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not
sanitize and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does
not sanit ...)
@@ -22909,7 +22909,7 @@ CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected
in Packagist microweber/mi
CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can
upload an im ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0376 (The User Meta WordPress plugin before 2.4.3 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist
remdex/livehelperchat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6109ea5128492f0ff4c1ac32fb39c96edab9b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e6109ea5128492f0ff4c1ac32fb39c96edab9b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
