Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54b7c150 by Salvatore Bonaccorso at 2022-06-07T06:59:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1842,7 +1842,7 @@ CVE-2022-31770
CVE-2022-31769
RESERVED
CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL
injection. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-31767
RESERVED
CVE-2022-31766
@@ -4825,13 +4825,13 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to
18.0.4. An ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1710
RESERVED
CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1708
RESERVED
CVE-2022-1707
@@ -5086,31 +5086,31 @@ CVE-2022-1697
CVE-2022-1696
RESERVED
CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1
does not p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1694
RESERVED
CVE-2022-1693
RESERVED
CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before
1.0.68 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1691 (The Realty Workstation WordPress plugin through 1.0.6 does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not
proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository
neorazorx/f ...)
NOT-FOR-US: facturascripts
CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in
GitHub rep ...)
@@ -5273,7 +5273,7 @@ CVE-2022-1674 (NULL Pointer Dereference in function
vim_regexec_string at regexp
NOTE:
https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060
(v8.2.4938)
NOTE: Negligible security impact; crash in CLI tool
CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before
1.0.2 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1672
RESERVED
CVE-2022-1671
@@ -5399,7 +5399,7 @@ CVE-2022-1649 (Null pointer dereference in
libr/bin/format/mach0/mach0.c in rada
CVE-2022-1648
RESERVED
CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30526
RESERVED
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of
Zyxel USG F ...)
@@ -6065,9 +6065,9 @@ CVE-2022-1600
CVE-2022-1599
RESERVED
CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a
companion to t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a
companion for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1596
RESERVED
CVE-2022-1595
@@ -6252,7 +6252,7 @@ CVE-2022-1579
CVE-2022-1578
RESERVED
CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not
have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1576
RESERVED
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub
repository ...)
@@ -6266,9 +6266,9 @@ CVE-2022-1572
CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub
reposi ...)
NOT-FOR-US: facturascripts
CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not
have a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built
Templates, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape
some of ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46810
@@ -7096,7 +7096,7 @@ CVE-2022-1543 (Improper handling of Length parameter in
GitHub repository erudik
CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not
sanitize or es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1540
RESERVED
CVE-2022-1539
@@ -7407,7 +7407,7 @@ CVE-2022-1507 (chafa: NULL Pointer Dereference in
function gif_internal_decode_f
NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
NOTE:
https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9
(1.10.2)
CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to
unauthenticated SQ ...)
NOT-FOR-US: RSVPMaker plugin for WordPress
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository
microweber/micro ...)
@@ -7597,7 +7597,7 @@ CVE-2022-1471
CVE-2022-1470
RESERVED
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29808
RESERVED
CVE-2022-29807
@@ -8444,7 +8444,7 @@ CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7
does not sanitise and
CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through
3.2.8.3.1 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does
not prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle
field an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not
validate t ...)
@@ -14944,7 +14944,7 @@ CVE-2022-1007 (The Advanced Booking Calendar WordPress
plugin before 1.7.1 does
CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1
does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not
sanitise the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External
Interface) ...)
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny
which forked from 6.x
@@ -18080,7 +18080,7 @@ CVE-2022-0789 (Heap buffer overflow in ANGLE in Google
Chrome prior to 99.0.4844
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin
before 5.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0786
@@ -18098,7 +18098,7 @@ CVE-2022-0781 (The Nirweb support WordPress plugin
before 2.8.2 does not sanitis
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to
disable th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate
the file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square
root, cont ...)
{DSA-5103-1 DLA-2953-1 DLA-2952-1}
- openssl 1.1.1n-1
@@ -30553,7 +30553,7 @@ CVE-2022-22398
CVE-2022-22397
RESERVED
CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum
Protect Plus ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22395
RESERVED
CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a
remote attack ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b7c150a0b906f1b88455cae4a881aeff4686a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
