diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-01 09:17:36 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-01 09:17:36 +0100 |
commit | ba65eb8ef831178814e596ebc00198e3fa105a03 (patch) | |
tree | b4cd8e6bb0e53be69847d99c66f2d1a4c6481163 /data | |
parent | 0d6b8bf3c0958bd07710c3ebf5d87e2aa659e0e9 (diff) |
Process various new NFUs
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 72 |
1 files changed, 36 insertions, 36 deletions
diff --git a/data/CVE/list b/data/CVE/list index 11f128b72d..37b700a132 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -5872,9 +5872,9 @@ CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253) CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0410 RESERVED CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...) @@ -6251,7 +6251,7 @@ CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe CVE-2022-0386 RESERVED CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0384 RESERVED CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -6509,7 +6509,7 @@ CVE-2022-23974 CVE-2022-23103 RESERVED CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...) - linux 5.15.15-1 [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -6525,7 +6525,7 @@ CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/micro CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0376 RESERVED CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) @@ -6659,7 +6659,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215) CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) @@ -6761,9 +6761,9 @@ CVE-2021-4210 CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...) NOT-FOR-US: Apache ActiveMQ Artemis CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23910 RESERVED CVE-2022-23909 @@ -6875,7 +6875,7 @@ CVE-2022-0347 CVE-2022-0346 RESERVED CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0344 RESERVED CVE-2022-0343 @@ -7391,7 +7391,7 @@ CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store] CVE-2022-0329 REJECTED CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0327 RESERVED CVE-2021-46403 @@ -9716,7 +9716,7 @@ CVE-2022-0191 CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) NOT-FOR-US: WordPress plugin CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) NOT-FOR-US: WordPress plugin CVE-2022-0187 @@ -11116,7 +11116,7 @@ CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions sta CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) NOT-FOR-US: WordPress plugin CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) @@ -70563,7 +70563,7 @@ CVE-2021-25120 CVE-2021-25119 RESERVED CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25117 RESERVED CVE-2021-25116 @@ -70575,7 +70575,7 @@ CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not CVE-2021-25113 RESERVED CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25111 RESERVED CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...) @@ -70637,7 +70637,7 @@ CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin befor CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2021-25081 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...) @@ -70715,7 +70715,7 @@ CVE-2021-25044 CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...) @@ -70731,7 +70731,7 @@ CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected b CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...) NOT-FOR-US: WordPress plugin CVE-2021-25034 (The WP User WordPress plugin before 7.0 does not sanitise and escape s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...) @@ -70777,9 +70777,9 @@ CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisa CVE-2021-25012 RESERVED CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25009 RESERVED CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...) @@ -70811,7 +70811,7 @@ CVE-2021-24996 CVE-2021-24995 RESERVED CVE-2021-24994 (The Migration, Backup, Staging WordPress plugin before 0.9.69 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...) NOT-FOR-US: WordPress plugin CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...) @@ -70845,7 +70845,7 @@ CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not CVE-2021-24978 RESERVED CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...) @@ -70857,7 +70857,7 @@ CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitis CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...) NOT-FOR-US: WordPress plugin CVE-2021-24971 (The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...) @@ -70933,7 +70933,7 @@ CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escap CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24933 (The Dynamic Widgets WordPress plugin through 1.5.16 does not escape th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...) @@ -70959,7 +70959,7 @@ CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF c CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...) NOT-FOR-US: WordPress plugin CVE-2021-24920 (The StatCounter WordPress plugin before 2.0.7 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) @@ -70973,7 +70973,7 @@ CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not ha CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...) NOT-FOR-US: WordPress plugin CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24912 RESERVED CVE-2021-24911 @@ -70993,17 +70993,17 @@ CVE-2021-24905 CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...) NOT-FOR-US: WordPress plugin CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24901 (The Security Audit WordPress plugin through 1.0.0 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24898 (The EditableTable WordPress plugin through 0.1.4 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24897 RESERVED CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...) @@ -71071,7 +71071,7 @@ CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not proper CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...) NOT-FOR-US: WordPress plugin CVE-2021-24864 (The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...) NOT-FOR-US: WordPress plugin CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...) @@ -71153,13 +71153,13 @@ CVE-2021-24825 CVE-2021-24824 RESERVED CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have any CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2021-24821 RESERVED CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.4 allows users with a r ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...) @@ -71193,7 +71193,7 @@ CVE-2021-24805 CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...) NOT-FOR-US: WordPress plugin CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...) NOT-FOR-US: WordPress plugin CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...) @@ -71339,7 +71339,7 @@ CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPre CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...) NOT-FOR-US: WordPress plugin CVE-2021-24730 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...) @@ -71391,7 +71391,7 @@ CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress pl CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...) NOT-FOR-US: WordPress plugin CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the process_bulk_acti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...) NOT-FOR-US: WordPress plugin CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...) @@ -71421,9 +71421,9 @@ CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does no CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2021-24689 (The Contact Forms - Drag & Drop Contact Form Builder WordPress plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24688 (The Orange Form WordPress plugin through 1.0.1 does not have any autho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...) |