Process several NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-07 21:30:03 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-07 21:30:03 +0100
commit: 55895bdda65634139e5b8ea5b394b64dfabcd046 (patch)
tree: 1f17507aa117af20ddc9adae4c06bd26539fb655
parent: aaaa6b73427ec2bf397c944e18d937b51f3b2ee5 (diff)
2 files changed, 30 insertions, 30 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 30c7217b88..eb13a890d4 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -914,7 +914,7 @@ CVE-2021-46284
 CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-44760
@@ -19302,7 +19302,7 @@ CVE-2021-39023
 CVE-2021-39022
 	RESERVED
 CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39020
 	RESERVED
 CVE-2021-39019
@@ -19424,7 +19424,7 @@ CVE-2021-38962
 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
 	NOT-FOR-US: IBM
 CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
 	NOT-FOR-US: IBM
 CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
@@ -21445,7 +21445,7 @@ CVE-2021-38132
 CVE-2021-38131
 	RESERVED
 CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-38128
@@ -53390,7 +53390,7 @@ CVE-2021-25116
 CVE-2021-25115
 	RESERVED
 CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25113
 	RESERVED
 CVE-2021-25112
@@ -53402,17 +53402,17 @@ CVE-2021-25110
 CVE-2021-25109
 	RESERVED
 CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25107
 	RESERVED
 CVE-2021-25106 (The Privacy Policy Generator, Terms &amp; Conditions Generator WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25104
 	RESERVED
 CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25102
 	RESERVED
 CVE-2021-25101
@@ -53426,9 +53426,9 @@ CVE-2021-25098
 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25094
 	RESERVED
 CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
@@ -53450,7 +53450,7 @@ CVE-2021-25086
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25082
@@ -53464,7 +53464,7 @@ CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not
 CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25075
@@ -53560,7 +53560,7 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightb
 CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does  ...)
@@ -53610,7 +53610,7 @@ CVE-2021-25006
 CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25003
 	RESERVED
 CVE-2021-25002
@@ -53632,7 +53632,7 @@ CVE-2021-24995
 CVE-2021-24994
 	RESERVED
 CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24991 (The WooCommerce PDF Invoices &amp; Packing Slips WordPress plugin befo ...)
@@ -53724,7 +53724,7 @@ CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor
 CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24945 (The Like Button Rating &#9829; LikeBtn WordPress plugin before 2.6.38  ...)
@@ -53762,7 +53762,7 @@ CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plu
 CVE-2021-24929
 	RESERVED
 CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and  ...)
@@ -53858,11 +53858,11 @@ CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not san
 CVE-2021-24881
 	RESERVED
 CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
@@ -53932,7 +53932,7 @@ CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows pa
 CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
@@ -53940,7 +53940,7 @@ CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and
 CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
 	NOT-FOR-US: WordPress theme
 CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24837
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 85c46d169f..f028eeafd4 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1755,7 +1755,7 @@ CVE-2022-23982
 CVE-2022-23981
 	RESERVED
 CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr &#8211; Ye ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23978
@@ -1777,9 +1777,9 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()]
 	- linux 5.15.15-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
 	NOT-FOR-US: microweber
 CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
@@ -2296,7 +2296,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
 CVE-2022-23806
 	RESERVED
 CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-23804
 	RESERVED
 CVE-2022-23803
@@ -3897,7 +3897,7 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR Word
 CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
 	NOT-FOR-US: jadx
 CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0216
 	RESERVED
 CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier  ...)
@@ -5262,9 +5262,9 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-0150
 	RESERVED
 CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0147
 	RESERVED
 CVE-2022-0146
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-07 21:30:03 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-07 21:30:03 +0100
commit	55895bdda65634139e5b8ea5b394b64dfabcd046 (patch)
tree	1f17507aa117af20ddc9adae4c06bd26539fb655
parent	aaaa6b73427ec2bf397c944e18d937b51f3b2ee5 (diff)