[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Mon, 29 Aug 2022 13:18:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ba13bfcd by Salvatore Bonaccorso at 2022-08-29T22:17:50+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4370,7 +4370,7 @@ CVE-2022-2639
        [buster] - linux 4.19.249-1
        NOTE: 
https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4)
 CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not 
validate the  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2637
        RESERVED
 CVE-2022-2636 (Improper Input Validation in GitHub repository 
hestiacp/hestiacp prior ...)
@@ -4667,7 +4667,7 @@ CVE-2022-2601
 CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not 
set re ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress 
plugin be ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository 
vim/vim prior ...)
        - vim 2:9.0.0135-1
        NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
@@ -5577,7 +5577,7 @@ CVE-2022-2561
 CVE-2022-2560
        RESERVED
 CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not 
properly san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is 
susceptible to  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which 
could all ...)
@@ -5627,7 +5627,7 @@ CVE-2022-36924
 CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, 
Network Co ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has 
an AJA ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 
2.0.4 lacks ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2554
@@ -5961,7 +5961,7 @@ CVE-2022-2540
 CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2022-2538 (The WP Hide &amp; Security Enhancer WordPress plugin before 1.8 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-XXXX [spip: security issues from 4.1.5 release]
        - spip 4.1.5+dfsg-1
        [bullseye] - spip 3.2.11-3+deb11u5
@@ -6625,7 +6625,7 @@ CVE-2022-36441
 CVE-2022-36440
        RESERVED
 CVE-2022-2537 (The WooCommerce PDF Invoices &amp; Packing Slips WordPress 
plugin befo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2536
        RESERVED
 CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 
does not e ...)
@@ -8795,9 +8795,9 @@ CVE-2022-2376
 CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not 
have autho ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 
1.5.7.7 does  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2373 (The Simply Schedule Appointments WordPress plugin before 
1.5.7.7 is mi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and 
escape ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper 
authori ...)
@@ -10857,7 +10857,7 @@ CVE-2022-2269 (The Website File Changes Monitor 
WordPress plugin before 1.8.3 do
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 
accept ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has 
an AJA ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2266
        RESERVED
 CVE-2022-2265
@@ -10872,7 +10872,7 @@ CVE-2022-2263 (A vulnerability was found in Online 
Hotel Booking System 1.0 and
 CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 
1.0 and  ...)
        NOT-FOR-US: Online Hotel Booking System
 CVE-2022-2261 (The WPIDE WordPress plugin before 3.0 does not sanitize and 
validate t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in 
place  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error 
and res ...)
@@ -15094,7 +15094,7 @@ CVE-2022-2082
 CVE-2022-2081
        RESERVED
 CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure 
that the  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository 
nocodb/nocodb ...)
        NOT-FOR-US: nocodb
 CVE-2022-2078 (A vulnerability was found in the Linux kernel's 
nft_set_desc_concat_pa ...)
@@ -16646,7 +16646,7 @@ CVE-2022-25649 (Multiple Improper Access Control 
vulnerabilities in StoreApps Af
 CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in 
the pla ...)
        NOT-FOR-US: SCORM Engine
 CVE-2022-2034 (The Sensei LMS WordPress plugin before 4.5.0 does not have 
proper perm ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2033
        RESERVED
 CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager 
section, the  ...)
@@ -22724,7 +22724,7 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the 
Debian package management syst
        NOTE: 
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
 (1.19.8)
        NOTE: 
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
 (1.18.26)
 CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does 
not prope ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-30529
        RESERVED
 CVE-2022-30528
@@ -30009,7 +30009,7 @@ CVE-2022-1125 (Use after free in Portals in Google 
Chrome prior to 100.0.4896.60
 CVE-2022-1124 (An improper authorization issue has been discovered in GitLab 
CE/EE af ...)
        - gitlab <unfixed>
 CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) 
WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue 
(e.g.,  ...)
        NOT-FOR-US: Firebase PHP-JWT
 CVE-2020-36521



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba13bfcd92b7e23005e7163e2379f40832aecc57

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba13bfcd92b7e23005e7163e2379f40832aecc57
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to