Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5b4376c8 by Salvatore Bonaccorso at 2022-07-11T22:14:34+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4404,7 +4404,7 @@ CVE-2022-29921 CVE-2022-26084 RESERVED CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2122 RESERVED CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) @@ -4924,15 +4924,15 @@ CVE-2022-2095 CVE-2022-2094 RESERVED CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2090 RESERVED CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-33758 RESERVED CVE-2022-33757 @@ -6732,7 +6732,7 @@ CVE-2022-2052 CVE-2022-2051 RESERVED CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-32957 RESERVED CVE-2022-32956 @@ -8887,9 +8887,9 @@ CVE-2022-1959 CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...) NOT-FOR-US: FileCloud CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have authori ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...) NOT-FOR-US: oxen-io/session-android CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...) @@ -8897,9 +8897,9 @@ CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1950 RESERVED CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) @@ -9653,9 +9653,9 @@ CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration i CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...) NOT-FOR-US: WordPress plugin CVE-2022-1938 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1937 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-XXXX [Sanitizing and other XSS protections] - spip 4.1.2+dfsg-1 [bullseye] - spip 3.2.11-3+deb11u4 @@ -9831,7 +9831,7 @@ CVE-2022-1912 CVE-2022-1911 RESERVED CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) NOT-FOR-US: organizr CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) @@ -10027,7 +10027,7 @@ CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanit CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape and s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) NOT-FOR-US: Zoo Management System CVE-2022-31733 @@ -12174,7 +12174,7 @@ CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not ha CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1757 (The Pagebar WordPress plugin through 2.65 does not have CSRF check in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1755 @@ -12419,7 +12419,7 @@ CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968) NOTE: Crash in CLI tool, no security impact CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not have C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) NOT-FOR-US: Metasonic Doc WebClient CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) @@ -13624,7 +13624,7 @@ CVE-2022-1628 CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...) @@ -14193,7 +14193,7 @@ CVE-2022-1601 CVE-2022-1600 RESERVED CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...) NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) @@ -14389,7 +14389,7 @@ CVE-2022-1578 CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...) NOT-FOR-US: jgraph/drawio CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) @@ -14742,7 +14742,7 @@ CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly re CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-30114 RESERVED CVE-2022-30113 @@ -15745,7 +15745,7 @@ CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions be NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4) CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, contains ...) [experimental] - openssl 3.0.3-1 - openssl <not-affected> (Only affects OpenSSL 3.0) @@ -19176,7 +19176,7 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...) CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) NOT-FOR-US: pimcore CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...) @@ -21987,7 +21987,7 @@ CVE-2022-1059 CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...) - gitea <removed> CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-46739 RESERVED CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) @@ -182185,7 +182185,7 @@ CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive o CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...) NOT-FOR-US: IBM CVE-2020-4150 (IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, suc ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4149 RESERVED CVE-2020-4148 @@ -182209,7 +182209,7 @@ CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-si CVE-2020-4139 RESERVED CVE-2020-4138 (IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locall ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4137 RESERVED CVE-2020-4136 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4376c826b5e0a0bbc6e751e715978e865a7a0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4376c826b5e0a0bbc6e751e715978e865a7a0f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits