[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 04 Jul 2022 13:17:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a2145f3e by Salvatore Bonaccorso at 2022-07-04T22:16:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,7 @@ CVE-2022-2270 (An issue has been discovered in GitLab 
affecting all versions sta
 CVE-2022-2269
        RESERVED
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 
accept ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2267
        RESERVED
 CVE-2022-2266
@@ -7040,7 +7040,7 @@ CVE-2022-1968 (Use After Free in GitHub repository 
vim/vim prior to 8.2. ...)
        NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
        NOTE: 
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 
(v8.2.5050)
 CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF 
checks ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1966
        REJECTED
 CVE-2022-1965 (Multiple products of CODESYS implement a improper error 
handling. A lo ...)
@@ -7916,7 +7916,7 @@ CVE-2022-1948
 CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk 
prior t ...)
        NOT-FOR-US: Trudesk
 CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the 
X-Forwarded-* h ...)
        - apache2 2.4.54-1 (bug #1012513)
        [bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point 
release)
@@ -16297,7 +16297,7 @@ CVE-2022-1303 (The Slide Anything WordPress plugin 
before 2.3.44 does not saniti
 CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an 
unauthe ...)
        NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not 
sanitize  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service 
function  ...)
        NOT-FOR-US: TRUMPF TruTops
 CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize 
and esc ...)
@@ -33929,7 +33929,7 @@ CVE-2022-0252 (The GiveWP WordPress plugin before 
2.17.3 does not escape the jso
 CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pimcore/pimco ...)
        NOT-FOR-US: pimcore
 CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 
2.5.0 does  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 
12. Git ...)
        - gitlab <unfixed>
 CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does 
not sa ...)
@@ -96743,7 +96743,7 @@ CVE-2021-25068 (The Sync WooCommerce Product feed to 
Google Shopping WordPress p
 CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was 
affected  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25066 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 
4.1.1 was a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not 
sanitize us ...)
@@ -96763,7 +96763,7 @@ CVE-2021-25058 (The Buffer Button WordPress plugin 
through 1.0 was vulnerable to
 CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was 
vulnerabl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25056 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a 
Reflected C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user 
input i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2145f3e5e61cd725053ab28c28918c7aebcf51b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2145f3e5e61cd725053ab28c28918c7aebcf51b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to