[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Mon, 16 Jan 2023 12:21:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5d29848b by Salvatore Bonaccorso at 2023-01-16T21:20:26+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5025,17 +5025,17 @@ CVE-2022-4660
 CVE-2022-4659
        REJECTED
 CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4657
        RESERVED
 CVE-2022-4656
        RESERVED
 CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not 
validate ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4654
        RESERVED
 CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4652
        RESERVED
 CVE-2022-4651
@@ -5053,7 +5053,7 @@ CVE-2022-47925
 CVE-2022-47924
        RESERVED
 CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository 
microweber/mi ...)
        NOT-FOR-US: microweber
 CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
@@ -7185,7 +7185,7 @@ CVE-2022-4580
 CVE-2022-4579
        REJECTED
 CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4577
        RESERVED
 CVE-2022-4576
@@ -7199,7 +7199,7 @@ CVE-2022-4573
 CVE-2022-4572 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: UBI reader
 CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4570
        RESERVED
 CVE-2022-4569
@@ -7289,17 +7289,17 @@ CVE-2022-4551
 CVE-2022-4550
        RESERVED
 CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF 
check i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4548
        RESERVED
 CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress 
plugin throu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4546
        RESERVED
 CVE-2022-4545
        RESERVED
 CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page 
Table Iso ...)
        - linux <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
@@ -7614,9 +7614,9 @@ CVE-2022-47407 (An issue was discovered in the 
fp_masterquiz (aka Master-Quiz) e
 CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change 
password for  ...)
        NOT-FOR-US: TYPO3 extension
 CVE-2022-4508 (The ConvertKit WordPress plugin before 2.0.5 does not validate 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not 
validat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository o ...)
        NOT-FOR-US: OpenEMR
 CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr 
prior to  ...)
@@ -7676,29 +7676,29 @@ CVE-2022-4489
 CVE-2022-4488
        RESERVED
 CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not 
validate and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not 
validate and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4485
        RESERVED
 CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin 
WordPress pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not 
validate and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4482 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4481 (The Mesmerize Companion WordPress plugin before 1.6.135 does 
not valid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4480 (The Click to Chat WordPress plugin before 3.18.1 does not 
validate and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does 
not valid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4478 (The Font Awesome WordPress plugin before 4.3.2 does not 
validate and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4477 (The Smash Balloon Social Post Feed WordPress plugin before 
4.1.6 does  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4476 (The Download Manager WordPress plugin before 3.2.62 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-21773 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
        NOT-FOR-US: Microsoft
 CVE-2023-21772 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
@@ -7850,7 +7850,7 @@ CVE-2022-4471
 CVE-2022-4470
        RESERVED
 CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not 
validate an ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4467
@@ -7858,9 +7858,9 @@ CVE-2022-4467
 CVE-2022-4466
        RESERVED
 CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not 
validate ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4463
        RESERVED
 CVE-2022-4462
@@ -7868,7 +7868,7 @@ CVE-2022-4462
 CVE-2022-4461
        RESERVED
 CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4459
        RESERVED
 CVE-2022-4458
@@ -7992,19 +7992,19 @@ CVE-2022-4455 (A vulnerability, which was classified as 
problematic, was found i
 CVE-2022-4454 (A vulnerability, which was classified as critical, has been 
found in m ...)
        NOT-FOR-US: m0ver bible-online
 CVE-2022-4453 (The 3D FlipBook WordPress plugin through 1.13.2 does not 
validate or e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4452
        RESERVED
 CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not 
validate an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4450
        RESERVED
 CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4448
        RESERVED
 CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly 
sanitize a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos 
prior  ...)
        NOT-FOR-US: Corebos
 CVE-2022-4445
@@ -8014,7 +8014,7 @@ CVE-2022-4444 (A vulnerability was found in ipti br.tag. 
It has been declared as
 CVE-2022-4443
        RESERVED
 CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress 
plugin befor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2019-25078 (A vulnerability classified as problematic was found in 
pacparser up to ...)
        - pacparser <unfixed> (bug #1026106)
        [bullseye] - pacparser <no-dsa> (Minor issue)
@@ -8400,7 +8400,7 @@ CVE-2022-4433 (A buffer over-read vulnerability was 
reported in the ThinkPadX13s
 CVE-2022-4432 (A buffer over-read vulnerability was reported in the 
ThinkPadX13s BIOS ...)
        NOT-FOR-US: Lenovo
 CVE-2022-4431 (The WOOCS WordPress plugin before 1.3.9.4 does not validate and 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4430
        RESERVED
 CVE-2022-43669
@@ -9641,13 +9641,13 @@ CVE-2022-4332
 CVE-2022-4331
        RESERVED
 CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin 
through 1.0 d ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4328
        RESERVED
 CVE-2022-4327 (The Anti-Malware Security and Brute-Force Firewall WordPress 
plugin th ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix 
Endpoint ...)
        NOT-FOR-US: Trellix Endpoint Agent (xAgent)
 CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 
does not  ...)
@@ -9926,7 +9926,7 @@ CVE-2022-4322 (A vulnerability, which was classified as 
critical, was found in m
 CVE-2022-4321
        RESERVED
 CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4319
        RESERVED
 CVE-2022-4318
@@ -9977,7 +9977,7 @@ CVE-2022-46662 (Roxio Creator LJB starts another program 
with an unquoted file p
 CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not 
sanitise ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF 
check  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4308
        RESERVED
 CVE-2022-4307
@@ -9997,7 +9997,7 @@ CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin 
before 2.9.15 does not s
 CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as 
critical. T ...)
        NOT-FOR-US: FastCMS
 CVE-2022-4299 (The Metricool WordPress plugin before 1.18 does not sanitise 
and escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not 
have autho ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does 
not san ...)
@@ -10037,7 +10037,7 @@ CVE-2022-43496
 CVE-2022-43473
        RESERVED
 CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46644
        RESERVED
 CVE-2022-46643
@@ -11259,7 +11259,7 @@ CVE-2022-4201
 CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not 
sanitis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not 
sanitise and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not 
sanitise a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not 
sanitise and ...)
@@ -13191,7 +13191,7 @@ CVE-2022-4103 (The Royal Elementor Addons WordPress 
plugin before 1.3.56 does no
 CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does 
not hav ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4101 (The Images Optimize and Upload CF7 WordPress plugin through 
2.1.4 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4100
        RESERVED
 CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not 
properly s ...)
@@ -13317,7 +13317,7 @@ CVE-2022-44456 (CONPROSYS HMI System (CHS) 
Ver.3.4.4?and earlier allows a remote
 CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly 
validat ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not 
limit wha ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 
does no ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does 
not vali ...)
@@ -14843,7 +14843,7 @@ CVE-2022-3906 (The Easy Form Builder WordPress plugin 
before 3.4.0 does not sani
 CVE-2022-3905
        REJECTED
 CVE-2022-3904 (The MonsterInsights WordPress plugin before 8.9.1 does not 
sanitize or ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3903 (An incorrect read request flaw was found in the Infrared 
Transceiver U ...)
        - linux 5.19.11-1
        [bullseye] - linux 5.10.148-1
@@ -38023,7 +38023,7 @@ CVE-2022-2660 (Delta Industrial Automation DIALink 
versions 1.4.0.0 and prior ar
 CVE-2022-2659
        RESERVED
 CVE-2022-2658 (The WP Spell Check WordPress plugin before 9.13 does not escape 
ignore ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2656 (A vulnerability classified as critical has been found in 
SourceCodeste ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d29848bbe4c8a4bc85eab51105e3b08b2347b8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d29848bbe4c8a4bc85eab51105e3b08b2347b8d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to