Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a02729ba by Salvatore Bonaccorso at 2023-05-08T22:29:37+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1909,7 +1909,7 @@ CVE-2023-2116
CVE-2023-2115
RESERVED
CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly
escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2113
RESERVED
CVE-2023-2112 (Desktop component service allows lateral movement between
sessions in ...)
@@ -2992,7 +2992,7 @@ CVE-2023-1981 [avahi-daemon can be crashed via DBus]
CVE-2023-1980 (Two factor authentication bypass on login in Devolutions
Remote Des ...)
NOT-FOR-US: Devolutions
CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress
built-in f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1978
RESERVED
CVE-2023-1977
@@ -5462,7 +5462,7 @@ CVE-2023-1906 (A heap-based buffer overflow issue was
discovered in ImageMagick'
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
(ImageMagick 6.9.12-84)
CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to
1.10.5. ...)
NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to
2.6. It h ...)
@@ -6297,7 +6297,7 @@ CVE-2023-29170 (Auth. (admin+) Stored Cross-site
Scripting (XSS) vulnerability i
CVE-2023-1807
RESERVED
CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
@@ -7220,7 +7220,7 @@ CVE-2023-1662
CVE-2023-1661
RESERVED
CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have
authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1659
REJECTED
CVE-2023-1658
@@ -7247,11 +7247,11 @@ CVE-2023-1652 (A use-after-free flaw was found in
nfsd4_ssc_setup_dul in fs/nfsd
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5)
CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have
authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user
input f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1648
REJECTED
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572,
2022.1.15583 refle ...)
@@ -9137,7 +9137,7 @@ CVE-2023-28344
CVE-2023-28343 (OS command injection affects Altenergy Power Control Software
C1.2.5 v ...)
NOT-FOR-US: Altenergy Power Control Software
CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1407 (A vulnerability classified as critical was found in
SourceCodester Stu ...)
NOT-FOR-US: SourceCodester
CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded
files ...)
@@ -10002,7 +10002,7 @@ CVE-2023-28120
CVE-2023-1348
RESERVED
CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6
unserialize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28119 (The crewjam/saml go library contains a partial implementation
of the S ...)
- golang-github-crewjam-saml <unfixed> (bug #1033753)
NOTE:
https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021
(v0.4.13)
@@ -14406,7 +14406,7 @@ CVE-2023-1013 (Improper Neutralization of
Script-Related HTML Tags in a Web Page
CVE-2023-1012
RESERVED
CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape
most of i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1010 (A vulnerability classified as critical was found in vox2png
1.0. Affec ...)
NOT-FOR-US: vox2png
CVE-2023-1009 (A vulnerability classified as problematic has been found in
DrayTek Vi ...)
@@ -14988,7 +14988,7 @@ CVE-2023-0950
CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository
modoboa/mo ...)
NOT-FOR-US: Modoboa
CVE-2023-0948 (The Japanized For WooCommerce WordPress plugin before 2.5.8
does not e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker
to achie ...)
NOT-FOR-US: ThingsBoard
CVE-2021-4326 (A vulnerability in Imperative framework which allows
already-privilege ...)
@@ -15992,7 +15992,7 @@ CVE-2023-0896 (A default password was reported in
Lenovo Smart Clock Essential w
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin
through 1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0892
@@ -17162,7 +17162,7 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub
repository gpac/gpac prior
CVE-2023-0769
RESERVED
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin
through 5.0. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25641
RESERVED
CVE-2023-25640
@@ -18809,7 +18809,7 @@ CVE-2023-25023 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25022 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Fare ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Kiboko Labs ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25019
@@ -19294,7 +19294,7 @@ CVE-2023-0605 (The Auto Rename Media On Upload
WordPress plugin before 1.1.0 doe
CVE-2023-0604
RESERVED
CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0602
RESERVED
CVE-2023-0601
@@ -20098,11 +20098,11 @@ CVE-2023-0546 (The Contact Form Plugin WordPress
plugin before 4.3.25 does not p
CVE-2023-0545
RESERVED
CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin
before 2.1.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0542 (The Custom Post Type List Shortcode WordPress plugin through
1.4.4 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does
not val ...)
@@ -20112,9 +20112,9 @@ CVE-2023-0539 (The GS Insever Portfolio WordPress
plugin before 1.4.5 does not v
CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0537 (The Product Slider For WooCommerce Lite WordPress plugin
through 1.1.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0536 (The Wp-D3 WordPress plugin through 2.4.1 does not validate and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -20134,7 +20134,7 @@ CVE-2023-0528 (A vulnerability was found in
SourceCodester Online Tours & Travel
CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards
Hiring ...)
NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in
Django 3.2 ...)
{DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
@@ -20173,7 +20173,7 @@ CVE-2023-0524 (As part of our Security Development
Lifecycle, a potential privil
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin
through 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0521
RESERVED
CVE-2023-0520
@@ -20262,7 +20262,7 @@ CVE-2023-0516 (A vulnerability was found in
SourceCodester Online Tours & Travel
CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours &
Travels Man ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0514 (The Membership Database WordPress plugin through 1.0 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to
4.0.1 a ...)
NOT-FOR-US: isoftforce Dreamer CMS
CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.)
@@ -21877,7 +21877,7 @@ CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress
plugin before 1.6 does n
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not
properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0421 (The Cloud Manager WordPress plugin through 1.0 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1
does not ...)
@@ -23262,7 +23262,7 @@ CVE-2023-0282 (The YourChannel WordPress plugin before
1.2.2 does not sanitize a
CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight
Booking Mana ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280 (The Ultimate Carousel For Elementor WordPress plugin through
2.1.7 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not
properly sani ...)
@@ -23286,9 +23286,9 @@ CVE-2023-0270 (The YaMaps for WordPress Plugin
WordPress plugin before 0.6.26 do
CVE-2023-0269
REJECTED
CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin
before 4.3. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress
plugin throu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4888
RESERVED
CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
@@ -36114,7 +36114,7 @@ CVE-2022-4120 (The Stop Spammers Security | Block Spam
Users, Comments, Forms Wo
CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before
6.8.1 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4118 (The Bitcoin / AltCoin Payment Gateway for WooCommerce &
Multivendor st ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a
parame ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a02729bab5560366791a6482078feaee9a935ed9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a02729bab5560366791a6482078feaee9a935ed9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
