Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 54b7c150 by Salvatore Bonaccorso at 2022-06-07T06:59:43+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1842,7 +1842,7 @@ CVE-2022-31770 CVE-2022-31769 RESERVED CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-31767 RESERVED CVE-2022-31766 @@ -4825,13 +4825,13 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An ...) NOT-FOR-US: jgraph/drawio CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1710 RESERVED CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1708 RESERVED CVE-2022-1707 @@ -5086,31 +5086,31 @@ CVE-2022-1697 CVE-2022-1696 RESERVED CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1694 RESERVED CVE-2022-1693 RESERVED CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1691 (The Realty Workstation WordPress plugin through 1.0.6 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...) NOT-FOR-US: facturascripts CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...) @@ -5273,7 +5273,7 @@ CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938) NOTE: Negligible security impact; crash in CLI tool CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1672 RESERVED CVE-2022-1671 @@ -5399,7 +5399,7 @@ CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in rada CVE-2022-1648 RESERVED CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-30526 RESERVED CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...) @@ -6065,9 +6065,9 @@ CVE-2022-1600 CVE-2022-1599 RESERVED CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1596 RESERVED CVE-2022-1595 @@ -6252,7 +6252,7 @@ CVE-2022-1579 CVE-2022-1578 RESERVED CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1576 RESERVED CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...) @@ -6266,9 +6266,9 @@ CVE-2022-1572 CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...) NOT-FOR-US: facturascripts CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...) NOT-FOR-US: WordPress plugin CVE-2021-46810 @@ -7096,7 +7096,7 @@ CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudik CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1540 RESERVED CVE-2022-1539 @@ -7407,7 +7407,7 @@ CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_f NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/ NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2) CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) NOT-FOR-US: RSVPMaker plugin for WordPress CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...) @@ -7597,7 +7597,7 @@ CVE-2022-1471 CVE-2022-1470 RESERVED CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29808 RESERVED CVE-2022-29807 @@ -8444,7 +8444,7 @@ CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not prop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...) NOT-FOR-US: WordPress plugin CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...) @@ -14944,7 +14944,7 @@ CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not sanitise the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x @@ -18080,7 +18080,7 @@ CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844 [stretch] - chromium <end-of-life> (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...) NOT-FOR-US: WordPress plugin CVE-2022-0786 @@ -18098,7 +18098,7 @@ CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitis CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...) NOT-FOR-US: WordPress plugin CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate the file ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...) {DSA-5103-1 DLA-2953-1 DLA-2952-1} - openssl 1.1.1n-1 @@ -30553,7 +30553,7 @@ CVE-2022-22398 CVE-2022-22397 RESERVED CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum Protect Plus ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22395 RESERVED CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits