[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 08 Aug 2022 13:21:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50b28d26 by Salvatore Bonaccorso at 2022-08-08T22:21:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4034,7 +4034,7 @@ CVE-2022-36277
 CVE-2022-36276
        RESERVED
 CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly 
escape u ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all 
versions befor ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-2458
@@ -4932,13 +4932,13 @@ CVE-2022-2428
 CVE-2022-2427
        RESERVED
 CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not 
sanitis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does 
not san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not 
sanitise and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2422
        RESERVED
 CVE-2022-2421
@@ -4985,13 +4985,13 @@ CVE-2022-2414 (Access to external entities when parsing 
XML documents can lead t
 CVE-2022-2413
        RESERVED
 CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not 
sanitise and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not 
sanitise and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not 
properly escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and 
earlier fail ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2022-2407
@@ -5264,7 +5264,7 @@ CVE-2022-2399 (Use after free in WebGPU in Google Chrome 
prior to 100.0.4896.88
 CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 
authenticatio ...)
        NOT-FOR-US: Apache CloudStack
 CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does 
not esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2397
        RESERVED
 CVE-2022-2396 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
@@ -5322,7 +5322,7 @@ CVE-2022-29870
 CVE-2022-27170
        RESERVED
 CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise 
and escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive 
parameters wh ...)
        NOT-FOR-US: Puppet Bolt
 CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 
build 202108 ...)
@@ -5471,7 +5471,7 @@ CVE-2022-2393 (A flaw was found in pki-core, which could 
allow a user to get a c
 CVE-2022-2392
        RESERVED
 CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the 
portfolio slide ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2390
        RESERVED
 CVE-2022-2389
@@ -5481,7 +5481,7 @@ CVE-2022-2388
 CVE-2022-2387
        RESERVED
 CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 
100672PRO211719 ...)
        NOT-FOR-US: Nautilus treadmills
 CVE-2022-35647
@@ -5556,9 +5556,9 @@ CVE-2022-2374
 CVE-2022-2373
        RESERVED
 CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper 
authori ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have 
capability che ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have 
capability che ...)
@@ -5566,7 +5566,7 @@ CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 
does not have capabilit
 CVE-2022-2368 (Business Logic Errors in GitHub repository 
microweber/microweber prior ...)
        NOT-FOR-US: microweber
 CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only 
specific ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-35626
        RESERVED
 CVE-2022-35625
@@ -6019,11 +6019,11 @@ CVE-2022-2359
 CVE-2022-2358
        RESERVED
 CVE-2022-2357 (The WSM Downloader WordPress plugin through 1.4.0 allows any 
visitor t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2356 (The Frontend File Manager &amp; Sharing WordPress plugin before 
1.1.3  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does 
not imple ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2354
        RESERVED
 CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an 
unpickle  ...)
@@ -7472,7 +7472,7 @@ CVE-2022-2271
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 
accept ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2267
@@ -12739,7 +12739,7 @@ CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 
9.4.46, and 10.0.0 thru 10.0
        NOTE: 
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
        NOTE: https://github.com/eclipse/jetty.project/pull/8146
 CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows 
administrators to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2045
        RESERVED
 CVE-2022-2044



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b28d263145aec5e5dc73facd9ceac8cb367388

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b28d263145aec5e5dc73facd9ceac8cb367388
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to