Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7fe81b1e by Salvatore Bonaccorso at 2022-04-19T06:51:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3690,7 +3690,7 @@ CVE-2022-1114 CVE-2022-1113 RESERVED CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...) - gitlab <unfixed> CVE-2020-36520 @@ -4296,13 +4296,13 @@ CVE-2022-1093 CVE-2022-1092 RESERVED CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1089 RESERVED CVE-2022-1088 (The Page Security & Membership WordPress plugin through 1.5.15 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: htmly CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as ...) @@ -4373,7 +4373,7 @@ CVE-2022-27855 CVE-2022-27854 RESERVED CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-27851 (Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) & ...) @@ -4399,7 +4399,7 @@ CVE-2022-1065 CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...) NOT-FOR-US: forkcms CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1062 RESERVED CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...) @@ -4867,7 +4867,7 @@ CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter tha [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3) CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1053 RESERVED CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...) @@ -5793,7 +5793,7 @@ CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...) NOT-FOR-US: Omron CX-Position CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that images ad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...) NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) @@ -5868,7 +5868,7 @@ CVE-2022-1022 CVE-2022-1021 RESERVED CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...) - glewlwyd 2.6.1-2 [bullseye] - glewlwyd 2.5.2-2+deb11u3 @@ -5947,7 +5947,7 @@ CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to p CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...) - mattermost-server <itp> (bug #823556) CVE-2022-1001 (The WP Downgrade WordPress plugin before 1.2.3 only perform client sid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...) NOT-FOR-US: prasathmani/tinyfilemanager CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...) @@ -5984,7 +5984,7 @@ CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux k [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786 CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...) NOT-FOR-US: Gradle Enterprise CVE-2022-27224 @@ -7812,7 +7812,7 @@ CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site sc CVE-2022-25960 RESERVED CVE-2022-0879 (The Caldera Forms WordPress plugin before 1.9.7 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...) NOT-FOR-US: Combined Charging System CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...) @@ -8998,7 +8998,7 @@ CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin befor CVE-2022-0786 RESERVED CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0783 @@ -9008,7 +9008,7 @@ CVE-2022-0782 CVE-2022-0781 RESERVED CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0779 RESERVED CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...) @@ -9138,7 +9138,7 @@ CVE-2022-26002 CVE-2022-25995 RESERVED CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...) NOT-FOR-US: strapi CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) @@ -9829,7 +9829,7 @@ CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions sta - gitlab <not-affected> (Vulnerable code introduced later) NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0737 (The Text Hover WordPress plugin before 4.2 does not sanitize and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...) NOT-FOR-US: mlflow CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -10376,9 +10376,9 @@ CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of NOTE: MMSA-2022-0082 NOTE: https://mattermost.com/security-updates/ CVE-2022-0707 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0706 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -11168,7 +11168,7 @@ CVE-2022-0663 CVE-2022-0662 RESERVED CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) NOT-FOR-US: microweber CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe81b1e5562c57e72f024cf75b2b4d13d99de5d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe81b1e5562c57e72f024cf75b2b4d13d99de5d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits