Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d4462b21 by Salvatore Bonaccorso at 2022-05-02T22:27:30+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3823,9 +3823,9 @@ CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not properly esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...) - linux 5.15.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3 @@ -3844,13 +3844,13 @@ CVE-2022-1275 CVE-2022-1274 RESERVED CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1272 RESERVED CVE-2022-1270 RESERVED CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1268 RESERVED CVE-2022-1267 @@ -3876,7 +3876,7 @@ CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...) NOT-FOR-US: McAfee CVE-2022-1255 (The Import and export users and customers WordPress plugin before 1.19 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...) NOT-FOR-US: Skyhigh SWG CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...) @@ -3889,7 +3889,7 @@ CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor CVE-2022-1251 RESERVED CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...) NOT-FOR-US: SAP CVE-2022-1247 @@ -3953,7 +3953,7 @@ CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub r NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...) - radare2 <unfixed> NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 @@ -4197,7 +4197,7 @@ CVE-2022-28574 CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...) TODO: check CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a command injec ...) TODO: check CVE-2022-28570 @@ -6880,7 +6880,7 @@ CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound CVE-2022-1047 RESERVED CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...) NOT-FOR-US: Trudesk CVE-2022-1044 @@ -8311,7 +8311,7 @@ CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Sho CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not have aut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...) NOT-FOR-US: ShowDoc CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...) @@ -11043,7 +11043,7 @@ CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0781 @@ -11067,11 +11067,11 @@ CVE-2022-0775 CVE-2022-0774 RESERVED CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...) @@ -13223,7 +13223,7 @@ CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netm CVE-2022-0663 RESERVED CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) @@ -13345,7 +13345,7 @@ CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection CVE-2022-0650 RESERVED CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions & ...) NOT-FOR-US: Siemens CVE-2022-25257 @@ -16550,7 +16550,7 @@ CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in Git CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...) TODO: check CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) @@ -16863,7 +16863,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...) - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) @@ -20888,7 +20888,7 @@ CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...) NOT-FOR-US: Lenovo CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) NOT-FOR-US: WordPress plugin CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...) @@ -70293,7 +70293,7 @@ CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged loca CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-29859 (IBM ICP4A - User Management System Component (IBM Cloud Pak for Busine ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-29858 RESERVED CVE-2021-29857 @@ -82330,7 +82330,7 @@ CVE-2021-25104 CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...) NOT-FOR-US: WordPress plugin CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin before 4.4. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...) @@ -82362,7 +82362,7 @@ CVE-2021-25088 CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any ...) NOT-FOR-US: WordPress plugin CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...) @@ -82530,7 +82530,7 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP fil CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...) NOT-FOR-US: WordPress plugin CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any au ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4462b2157260e80cc61a86efac287ed227172b9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits