Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fee95ad9 by Salvatore Bonaccorso at 2023-03-27T22:13:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1973,7 +1973,7 @@ CVE-2023-1402 (The course participation report required
additional checks to pre
CVE-2023-1401
RESERVED
CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to
untrusted d ...)
TODO: check
CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy
TeaCMS ...)
@@ -3682,7 +3682,7 @@ CVE-2023-1186 (A vulnerability has been found in
FabulaTech Webcam for Remote De
CVE-2023-1185 (A vulnerability, which was classified as problematic, was found
in ECs ...)
NOT-FOR-US: ECshop
CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5,
final-user-wp-fronten ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [Transaction cache overrides the current user]
- tryton-server 6.0.29-1
[bullseye] - tryton-server <not-affected> (Vulnerable code not present)
@@ -5142,21 +5142,21 @@ CVE-2023-1095 (In nf_tables_updtable, if
nf_tables_table_enable returns an error
CVE-2023-1094
RESERVED
CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2,
OAuth Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Alpata Licensed Warehousing Automation System
CVE-2023-1090
RESERVED
CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF
check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1085
RESERVED
CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
@@ -5300,7 +5300,7 @@ CVE-2023-1071
CVE-2023-1070 (External Control of File Name or Path in GitHub repository
nilsteampas ...)
- teampass <itp> (bug #730180)
CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is
vulnerable ...)
NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress
CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -6978,7 +6978,7 @@ CVE-2023-26513 (Excessive Iteration vulnerability in
Apache Software Foundation
CVE-2023-26512
RESERVED
CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to
unauthorized sit ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to
unauthorized plu ...)
@@ -7558,7 +7558,7 @@ CVE-2023-0957 (An issue was discovered in Gitpod versions
prior to release-2022.
CVE-2023-0956
RESERVED
CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape
a param ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0954
RESERVED
CVE-2023-0953 (Insufficient input sanitization in the documentation feature of
Devolu ...)
@@ -9111,7 +9111,7 @@ CVE-2023-0825
CVE-2023-0824
RESERVED
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25760
RESERVED
CVE-2023-25759
@@ -9317,7 +9317,7 @@ CVE-2023-25728
CVE-2023-24585
RESERVED
CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several
potentia ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log
Files in m ...)
NOT-FOR-US: OpenNMS
CVE-2023-0814 (The Profile Builder – User Profile & User
Registration Forms ...)
@@ -11092,7 +11092,7 @@ CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before
8.1.16 and 8.2.X before
CVE-2023-0661 (Improper access control in Devolutions Server allows an
authenticated ...)
NOT-FOR-US: Devolutions
CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has
been clas ...)
NOT-FOR-US: BDCOM
CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions
older t ...)
@@ -11898,7 +11898,7 @@ CVE-2023-0590 (A use-after-free flaw was found in
qdisc_graft in net/sched/sch_a
[bullseye] - linux 5.10.158-1
NOTE:
https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0588
RESERVED
CVE-2022-4900
@@ -12856,27 +12856,27 @@ CVE-2023-0507 (Grafana is an open-source platform for
monitoring and observabili
CVE-2023-0506
RESERVED
CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have
CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF
check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin
before 1.2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF
check wh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have
CSRF ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF
check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF
check wh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does
not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
RESERVED
{DSA-5342-1 DLA-3310-1}
@@ -12927,7 +12927,7 @@ CVE-2023-0493 (Improper Neutralization of Equivalent
Special Elements in GitHub
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before
1.5.9 d ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not
validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0490
RESERVED
CVE-2023-0489
@@ -12941,7 +12941,7 @@ CVE-2023-0486
CVE-2023-0485
RESERVED
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &
Gutenberg B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the
DataSour ...)
@@ -13048,7 +13048,7 @@ CVE-2023-0468 (A use-after-free flaw was found in
io_uring/poll.c in io_poll_che
NOTE:
https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7)
NOTE:
https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7)
CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0466
RESERVED
CVE-2023-0465
@@ -13317,7 +13317,7 @@ CVE-2023-0443
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8
has an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0440 (Observable Discrepancy in GitHub repository
healthchecks/healthchecks ...)
NOT-FOR-US: healthchecks
CVE-2023-0439
@@ -14615,7 +14615,7 @@ CVE-2023-0397 (A malicious / defect bluetooth
controller can cause a Denial of S
CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer
overread ...)
NOT-FOR-US: Zephyr
CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0393
RESERVED
CVE-2023-0392
@@ -15089,9 +15089,9 @@ CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected
in GitHub repository liran
CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository
lirantal/d ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin through
2.1.3 has ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and
broken acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does
not valid ...)
@@ -15655,7 +15655,7 @@ CVE-2023-0274
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26
does no ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee95ad93932e89e966fb55a53a24503fff0eb5e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fee95ad93932e89e966fb55a53a24503fff0eb5e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
