[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Mon, 02 May 2022 13:27:58 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d4462b21 by Salvatore Bonaccorso at 2022-05-02T22:27:30+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3823,9 +3823,9 @@ CVE-2022-1283 (NULL Pointer Dereference in 
r_bin_ne_get_entrypoints function in
        NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
        NOTE: 
https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
 CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does 
not prop ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not 
properly esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in 
drivers/ ...)
        - linux 5.15.3-1
        NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
@@ -3844,13 +3844,13 @@ CVE-2022-1275
 CVE-2022-1274
        RESERVED
 CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate 
the impo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1272
        RESERVED
 CVE-2022-1270
        RESERVED
 CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1268
        RESERVED
 CVE-2022-1267
@@ -3876,7 +3876,7 @@ CVE-2022-1257 (Insecure storage of sensitive information 
vulnerability in MA for
 CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows 
prior to  ...)
        NOT-FOR-US: McAfee
 CVE-2022-1255 (The Import and export users and customers WordPress plugin 
before 1.19 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 
10.x p ...)
        NOT-FOR-US: Skyhigh SWG
 CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository 
strukturag/libde265 pr ...)
@@ -3889,7 +3889,7 @@ CVE-2022-1252 (Exposure of Private Personal Information 
to an Unauthorized Actor
 CVE-2022-1251
        RESERVED
 CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not 
sanitise a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which 
has been ...)
        NOT-FOR-US: SAP
 CVE-2022-1247
@@ -3953,7 +3953,7 @@ CVE-2022-1240 (Heap buffer overflow in 
libr/bin/format/mach0/mach0.c in GitHub r
        NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
        NOTE: 
https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
 CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate 
the proxy ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub 
reposi ...)
        - radare2 <unfixed>
        NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
@@ -4197,7 +4197,7 @@ CVE-2022-28574
 CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command 
injectio ...)
        TODO: check
 CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a 
command injec ...)
        TODO: check
 CVE-2022-28570
@@ -6880,7 +6880,7 @@ CVE-2022-1048 (A use-after-free flaw was found in the 
Linux kernel&#8217;s sound
 CVE-2022-1047
        RESERVED
 CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not 
sanitis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository 
polonel/trudesk  ...)
        NOT-FOR-US: Trudesk
 CVE-2022-1044
@@ -8311,7 +8311,7 @@ CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) 
Vulnerabilities in Sho
 CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress 
plugin be ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not 
have aut ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS 
Vulnerability in  ...)
        NOT-FOR-US: ShowDoc
 CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository s ...)
@@ -11043,7 +11043,7 @@ CVE-2022-0785 (The Daily Prayer Time WordPress plugin 
before 2022.03.01 does not
 CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does 
not sani ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin 
before 2.0  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise 
and escap ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0781
@@ -11067,11 +11067,11 @@ CVE-2022-0775
 CVE-2022-0774
        RESERVED
 CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize 
and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository 
librenms/libr ...)
        NOT-FOR-US: LibreNMS
 CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not 
validate,  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 
2.9.9  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to 
properly sanit ...)
@@ -13223,7 +13223,7 @@ CVE-2022-0664 (Use of Hard-coded Cryptographic Key in 
Go github.com/gravitl/netm
 CVE-2022-0663
        RESERVED
 CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not 
properly s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in 
Packag ...)
@@ -13345,7 +13345,7 @@ CVE-2022-0651 (The WP Statistics WordPress plugin is 
vulnerable to SQL Injection
 CVE-2022-0650
        RESERVED
 CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape 
Group Name ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All 
versions & ...)
        NOT-FOR-US: Siemens
 CVE-2022-25257
@@ -16550,7 +16550,7 @@ CVE-2022-0430 (Exposure of Sensitive Information to an 
Unauthorized Actor in Git
 CVE-2022-0429 (The WP Cerber Security, Anti-spam &amp; Malware Scan WordPress 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise 
and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in 
all ve ...)
        TODO: check
 CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 
11.2.3 do ...)
@@ -16863,7 +16863,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub 
repository radareorg/radare2 p
        NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
        NOTE: 
https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6
 (5.6.0)
 CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 
8.2. ...)
        - vim 2:8.2.4659-1
        [bullseye] - vim <no-dsa> (Minor issue)
@@ -20888,7 +20888,7 @@ CVE-2022-0193 (The Complianz WordPress plugin before 
6.0.0 does not escape the s
 CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo 
PCManager prior ...)
        NOT-FOR-US: Lenovo
 CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 
1.2.7 do ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 
1.2.6 is ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not 
sanitise a ...)
@@ -70293,7 +70293,7 @@ CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could 
allow a non-privileged loca
 CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged 
local user ...)
        NOT-FOR-US: IBM
 CVE-2021-29859 (IBM ICP4A - User Management System Component (IBM Cloud Pak 
for Busine ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-29858
        RESERVED
 CVE-2021-29857
@@ -82330,7 +82330,7 @@ CVE-2021-25104
 CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin 
before 2.9.7  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25102 (The All In One WP Security &amp; Firewall WordPress plugin 
before 4.4. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress 
plugin be ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the 
s parame ...)
@@ -82362,7 +82362,7 @@ CVE-2021-25088
 CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not 
have any  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and 
escape  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and 
Advanced C ...)
@@ -82530,7 +82530,7 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin 
before 1.7.2 creates a PHP fil
 CVE-2021-25003 (The WPCargo Track &amp; Trace WordPress plugin before 6.9.0 
contains a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not 
have any au ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does 
not san ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does 
not san ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to