Process various new NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-03-01 09:17:36 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-03-01 09:17:36 +0100
commit: ba65eb8ef831178814e596ebc00198e3fa105a03 (patch)
tree: b4cd8e6bb0e53be69847d99c66f2d1a4c6481163 /data
parent: 0d6b8bf3c0958bd07710c3ebf5d87e2aa659e0e9 (diff)
1 files changed, 36 insertions, 36 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 11f128b72d..37b700a132 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5872,9 +5872,9 @@ CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
 	NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
 CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0410
 	RESERVED
 CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
@@ -6251,7 +6251,7 @@ CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
 CVE-2022-0386
 	RESERVED
 CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0384
 	RESERVED
 CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -6509,7 +6509,7 @@ CVE-2022-23974
 CVE-2022-23103
 	RESERVED
 CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the  ...)
 	- linux 5.15.15-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6525,7 +6525,7 @@ CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/micro
 CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
 	NOT-FOR-US: microweber
 CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0376
 	RESERVED
 CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
@@ -6659,7 +6659,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
 	NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
 CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -6761,9 +6761,9 @@ CVE-2021-4210
 CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-23910
 	RESERVED
 CVE-2022-23909
@@ -6875,7 +6875,7 @@ CVE-2022-0347
 CVE-2022-0346
 	RESERVED
 CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0344
 	RESERVED
 CVE-2022-0343
@@ -7391,7 +7391,7 @@ CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
 CVE-2022-0329
 	REJECTED
 CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0327
 	RESERVED
 CVE-2021-46403
@@ -9716,7 +9716,7 @@ CVE-2022-0191
 CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0187
@@ -11116,7 +11116,7 @@ CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon  ...)
@@ -70563,7 +70563,7 @@ CVE-2021-25120
 CVE-2021-25119
 	RESERVED
 CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25117
 	RESERVED
 CVE-2021-25116
@@ -70575,7 +70575,7 @@ CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not
 CVE-2021-25113
 	RESERVED
 CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25111
 	RESERVED
 CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
@@ -70637,7 +70637,7 @@ CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin befor
 CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25081 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...)
@@ -70715,7 +70715,7 @@ CVE-2021-25044
 CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25042 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
@@ -70731,7 +70731,7 @@ CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected b
 CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25034 (The WP User WordPress plugin before 7.0 does not sanitise and escape s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
@@ -70777,9 +70777,9 @@ CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisa
 CVE-2021-25012
 	RESERVED
 CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25009
 	RESERVED
 CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
@@ -70811,7 +70811,7 @@ CVE-2021-24996
 CVE-2021-24995
 	RESERVED
 CVE-2021-24994 (The Migration, Backup, Staging WordPress plugin before 0.9.69 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
@@ -70845,7 +70845,7 @@ CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not
 CVE-2021-24978
 	RESERVED
 CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
@@ -70857,7 +70857,7 @@ CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitis
 CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24971 (The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
@@ -70933,7 +70933,7 @@ CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escap
 CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24933 (The Dynamic Widgets WordPress plugin through 1.5.16 does not escape th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
@@ -70959,7 +70959,7 @@ CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF c
 CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24920 (The StatCounter WordPress plugin before 2.0.7 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
@@ -70973,7 +70973,7 @@ CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not ha
 CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24912
 	RESERVED
 CVE-2021-24911
@@ -70993,17 +70993,17 @@ CVE-2021-24905
 CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24901 (The Security Audit WordPress plugin through 1.0.0 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24898 (The EditableTable WordPress plugin through 0.1.4 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24897
 	RESERVED
 CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and  ...)
@@ -71071,7 +71071,7 @@ CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not proper
 CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24864 (The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape  ...)
@@ -71153,13 +71153,13 @@ CVE-2021-24825
 CVE-2021-24824
 	RESERVED
 CVE-2021-24823 (The Support Board WordPress plugin before 3.3.6 does not have any CSRF ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24821
 	RESERVED
 CVE-2021-24820 (The Cost Calculator WordPress plugin through 1.4 allows users with a r ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
@@ -71193,7 +71193,7 @@ CVE-2021-24805
 CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
@@ -71339,7 +71339,7 @@ CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress &#8211; DearFlip WordPre
 CVE-2021-24731 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24730 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24728 (The Membership &amp; Content Restriction &#8211; Paid Member Subscript ...)
@@ -71391,7 +71391,7 @@ CVE-2021-24706 (The Qwizcards &#8211; online quizzes and flashcards WordPress pl
 CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the process_bulk_acti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
@@ -71421,9 +71421,9 @@ CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does no
 CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24689 (The Contact Forms - Drag &amp; Drop Contact Form Builder WordPress plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24688 (The Orange Form WordPress plugin through 1.0.1 does not have any autho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-03-01 09:17:36 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-03-01 09:17:36 +0100
commit	ba65eb8ef831178814e596ebc00198e3fa105a03 (patch)
tree	b4cd8e6bb0e53be69847d99c66f2d1a4c6481163 /data
parent	0d6b8bf3c0958bd07710c3ebf5d87e2aa659e0e9 (diff)