[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 26 Sep 2022 13:21:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0dd8ebf2 by Salvatore Bonaccorso at 2022-09-26T22:21:03+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3773,7 +3773,7 @@ CVE-2022-39961
 CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira 
does not ...)
        NOT-FOR-US: Atlassian
 CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not 
sanitise a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. 
...)
        - vim <unfixed> (bug #1019590)
        [bullseye] - vim <no-dsa> (Minor issue)
@@ -4139,7 +4139,7 @@ CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions 
have an incorrect configur
 CVE-2022-3120 (A vulnerability classified as critical was found in 
SourceCodester Cli ...)
        NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 
does not ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. 
It has ...)
        NOT-FOR-US: Sourcecodehero ERP System Project
 CVE-2022-39808
@@ -5413,7 +5413,7 @@ CVE-2022-3099 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0360. ..
        NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
        NOTE: 
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c 
(v9.0.0360)
 CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not 
have CSRF  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3097
        RESERVED
 CVE-2022-3096
@@ -5727,13 +5727,13 @@ CVE-2022-3077 (A buffer overflow vulnerability was 
found in the Linux kernel Int
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309
        NOTE: 
https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1)
 CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows 
high priv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 
105.0.5 ...)
        {DSA-5225-1}
        - chromium 105.0.5195.102-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape 
the slid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3073
        RESERVED
 CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository 
francoisjacqu ...)
@@ -5748,7 +5748,7 @@ CVE-2022-39079
 CVE-2022-39078
        RESERVED
 CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, 
Lacros prio ...)
        {DSA-5223-1}
        - chromium 105.0.5195.52-1
@@ -5815,7 +5815,7 @@ CVE-2022-39049 (An attacker who is logged into OTRS as an 
admin user may manipul
        NOT-FOR-US: OTRS
        NOTE: Could possibly affect Znuny, we'll let their security team figure 
it out
 CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3068 (Improper Privilege Management in GitHub repository 
octoprint/octoprint ...)
        - octoprint <itp> (bug #718591)
 CVE-2022-39048
@@ -5837,7 +5837,7 @@ CVE-2022-3064
 CVE-2022-3063
        REJECTED
 CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not 
escape pa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace 
program coul ...)
        - linux 5.18.2-1
        NOTE: 
https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
@@ -6508,9 +6508,9 @@ CVE-2022-3027 (The CMS8000 device does not properly 
control or sanitize the SSID
 CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV 
Inject ...)
        NOT-FOR-US: WP Users Exporter plugin for WordPress
 CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 
does not h ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does 
not hav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3023
        RESERVED
 CVE-2022-3022
@@ -6742,7 +6742,7 @@ CVE-2022-2989 (An incorrect handling of the supplementary 
groups in the Podman c
 CVE-2022-2988
        RESERVED
 CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress 
plugin befo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2986
        RESERVED
        - moodle <removed>
@@ -7107,7 +7107,7 @@ CVE-2022-2928
 CVE-2022-2927 (Weak Password Requirements in GitHub repository 
notrinos/notrinoserp p ...)
        NOT-FOR-US: NotrinosERP
 CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-38647
        RESERVED
 CVE-2022-38646
@@ -7604,7 +7604,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was 
found in the Linux kernel's
 CVE-2022-2904
        RESERVED
 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 
unserialis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2902
        RESERVED
 CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot 
prior to ...)
@@ -14525,9 +14525,9 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin 
before 5.2.0.4 does not escape
 CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and 
earlie ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not 
have auth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2403 (A credentials leak was found in the OpenShift Container 
Platform. The  ...)
        NOT-FOR-US: OpenShift
 CVE-2022-35863
@@ -15711,7 +15711,7 @@ CVE-2022-35402
 CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper 
neutralization ...)
        NOT-FOR-US: microweber
 CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 
does not  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 
does not  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2350
@@ -27843,7 +27843,7 @@ CVE-2022-1757 (The pagebar WordPress plugin before 2.70 
does not have CSRF check
 CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly 
handle S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Storable  ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not 
configure its ...)
@@ -29879,7 +29879,7 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail 
and give predictable rando
 CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting 
a visi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 
prioritizes g ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not 
have CSRF  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not 
protect i ...)
@@ -114944,7 +114944,7 @@ CVE-2021-24892 (Insecure Direct Object Reference in 
edit function of Advanced Fo
 CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 
does not s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24890 (The Scripts Organizer WordPress plugin before 3.0 does not 
have capabi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 
does not es ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise 
and esca ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd8ebf2bc49f85382240c3eb6c395164603a283

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd8ebf2bc49f85382240c3eb6c395164603a283
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to