Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
080504f2 by Salvatore Bonaccorso at 2023-03-20T21:39:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6784,13 +6784,13 @@ CVE-2023-0941 (Use after free in Prompts in Google
Chrome prior to 110.0.5481.17
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0940 (The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX
endpoin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: NTN Information Technologies Online Services Software
CVE-2023-0938 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Music Gallery Site
CVE-2023-0937 (The VK All in One Expansion Unit WordPress plugin before
9.87.1.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0936 (A vulnerability was found in TP-Link Archer C50 V2_160801. It
has been ...)
NOT-FOR-US: TP-Link
CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has
been decla ...)
@@ -7374,7 +7374,7 @@ CVE-2013-10019 (A vulnerability was found in
OCLC-Research OAICat 1.5.61. It has
CVE-2012-10008 (A vulnerability, which was classified as critical, has been
found in u ...)
NOT-FOR-US: uakfdotb oneapp
CVE-2023-0911 (The WordPress Shortcodes Plugin — Shortcodes Ultimate
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza
Ordering ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-0909 (A vulnerability, which was classified as problematic, was found
in cxa ...)
@@ -7650,7 +7650,7 @@ CVE-2023-0892
CVE-2023-0891
RESERVED
CVE-2023-0890 (The WordPress Shortcodes Plugin — Shortcodes Ultimate
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0889
RESERVED
CVE-2023-0888 (An improper neutralization of directives in dynamically
evaluated code ...)
@@ -7720,9 +7720,9 @@ CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in
GitHub repository nuxt/fr
CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to
2.0.11. ...)
- froxlor <itp> (bug #581792)
CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not
authorize sever ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0874
RESERVED
CVE-2023-0873
@@ -7792,7 +7792,7 @@ CVE-2023-0866 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
NOTE:
https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping
WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0864
RESERVED
CVE-2023-0863
@@ -10525,9 +10525,9 @@ CVE-2023-0633
CVE-2023-0632
RESERVED
CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does
not preve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0630 (The Slimstat Analytics WordPress plugin before 4.9.3.3 does not
preven ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to
bypass Enh ...)
TODO: check
CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an
arbitrar ...)
@@ -13903,9 +13903,9 @@ CVE-2023-0372 (The EmbedStories WordPress plugin before
0.7.5 does not validate
CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not
validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0368
RESERVED
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as
problema ...)
@@ -13979,9 +13979,9 @@ CVE-2023-0367
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0363
RESERVED
CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not
validate ...)
@@ -14153,7 +14153,7 @@ CVE-2023-0341 (A stack buffer overflow exists in the
ec_glob function of editorc
NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87
NOTE:
https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e
CVE-2023-0340 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access
Management W ...)
NOT-FOR-US: ForgeRock
CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository
lirantal/d ...)
@@ -14725,7 +14725,7 @@ CVE-2023-0275 (The Easy Accept Payments for PayPal
WordPress plugin before 4.9.1
CVE-2023-0274
RESERVED
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0272
RESERVED
CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not
validate an ...)
@@ -16409,7 +16409,7 @@ CVE-2023-0177 (The Social Like Box and Page by WpDevArt
WordPress plugin before
CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin
before 1.11 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0175 (The Responsive Clients Logo Gallery Plugin for WordPress plugin
throug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and
escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin
before 2 ...)
@@ -16425,7 +16425,7 @@ CVE-2023-0169 (The Zoho Forms WordPress plugin before
3.0.1 does not validate an
CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0167 (The GetResponse for WordPress plugin through 5.5.31 does not
validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress
plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0165 (The Cost Calculator WordPress plugin through 1.8 does not
validate and ...)
@@ -16520,7 +16520,7 @@ CVE-2023-0147 (The Flexible Captcha WordPress plugin
through 4.1 does not valida
CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0145 (The Saan World Clock WordPress plugin through 1.8 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20167 (A vulnerability, which was classified as problematic, was
found in Min ...)
NOT-FOR-US: Minichan
CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and
classified ...)
@@ -26424,7 +26424,7 @@ CVE-2022-4150 (The Contest Gallery WordPress plugin
before 19.1.5.1, Contest Gal
CVE-2022-4149
RESERVED
CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin
before 4.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with
invalid O ...)
NOT-FOR-US: Quarkus
CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated
attackers ...)
@@ -29636,7 +29636,7 @@ CVE-2022-3896 (The WP Affiliate Platform plugin for
WordPress is vulnerable to R
CVE-2022-3895 (Some UI elements of the Common User Interface Component are not
proper ...)
NOT-FOR-US: BlueSpice
CVE-2022-3894 (The WP OAuth Server (OAuth Authentication) WordPress plugin
before 4.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu
extens ...)
NOT-FOR-US: BlueSpice
CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin
before 4.2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080504f2dd0efb477d57be56b7619900fa8f8aa0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/080504f2dd0efb477d57be56b7619900fa8f8aa0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
