diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-21 21:18:59 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-21 21:18:59 +0100 |
commit | c74154ef7f42242bfb6594b66d778c175884b7e2 (patch) | |
tree | 4bd09cfbbece6771d21fd2ac6e567cb0e7fa77a6 /data/CVE/2022.list | |
parent | 491b8343d5b295e560bd2603f67c250f5027dd7e (diff) |
Process several NFUs
Diffstat (limited to 'data/CVE/2022.list')
-rw-r--r-- | data/CVE/2022.list | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list index eddc0d0880..dc6334e3e9 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -45,7 +45,7 @@ CVE-2022-25601 CVE-2022-25600 RESERVED CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-25598 RESERVED CVE-2022-0712 @@ -4346,9 +4346,9 @@ CVE-2022-23988 CVE-2022-23987 RESERVED CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) @@ -5717,7 +5717,7 @@ CVE-2022-23457 CVE-2022-0314 RESERVED CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0312 RESERVED CVE-2022-0299 @@ -5888,7 +5888,7 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0287 RESERVED CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...) @@ -5913,7 +5913,7 @@ CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Pac CVE-2022-0280 RESERVED CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) @@ -6245,13 +6245,13 @@ CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0254 RESERVED CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0250 @@ -6497,7 +6497,7 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...) NOT-FOR-US: WordPress plugin CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...) @@ -6509,7 +6509,7 @@ CVE-2022-0230 CVE-2022-0229 RESERVED CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) {DSA-5050-1} - linux 5.15.15-1 @@ -6586,7 +6586,7 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 @@ -6691,7 +6691,7 @@ CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Per CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) NOT-FOR-US: Crestron devices CVE-2022-23177 @@ -6886,7 +6886,7 @@ CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not CVE-2022-0187 RESERVED CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...) {DSA-5050-1} - linux 5.15.15-1 @@ -7521,7 +7521,7 @@ CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to CVE-2022-0165 RESERVED CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0163 RESERVED CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) @@ -8093,7 +8093,7 @@ CVE-2022-0135 [out-of-bounds write in read_transfer_data()] NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec TODO: Check introducing information for issue CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...) - peertube <itp> (bug #950821) CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...) |