Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6fa11f7 by Salvatore Bonaccorso at 2023-05-15T22:18:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2139,9 +2139,9 @@ CVE-2023-2182 (An issue has been discovered in GitLab EE
affecting all versions
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- gitlab <unfixed>
CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2178
RESERVED
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network
protoco ...)
@@ -3346,7 +3346,7 @@ CVE-2023-2011
CVE-2023-2010
RESERVED
CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty
Url Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver.
The spec ...)
- linux 5.18.14-1
[bullseye] - linux 5.10.127-1
@@ -6054,7 +6054,7 @@ CVE-2023-1916 (A flaw was found in tiffcrop, a program
distributed by the libtif
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537
NOTE: Crash in CLI tool, no security impact
CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1914
RESERVED
CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to
Stored ...)
@@ -6228,7 +6228,7 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in
GitHub repository sidek
CVE-2023-1891
RESERVED
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape
various ge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1889
RESERVED
CVE-2023-1888
@@ -6663,7 +6663,7 @@ CVE-2023-23581
CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is
vulnerab ...)
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin
before 32 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in
drivers/vh ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
@@ -6674,7 +6674,7 @@ CVE-2023-1837
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- gitlab <unfixed>
CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22
does not p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives,
manufactu ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS
Electro ...)
@@ -8325,7 +8325,7 @@ CVE-2023-1598
CVE-2023-1597
RESERVED
CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and
classified as c ...)
NOT-FOR-US: novel-plus
CVE-2023-1594 (A vulnerability, which was classified as critical, was found in
novel- ...)
@@ -8609,7 +8609,7 @@ CVE-2023-1551
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability
in NGIN ...)
NOT-FOR-US: NGINX Agent
CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes
user input ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
NOT-FOR-US: Schneider
CVE-2023-1547
@@ -11567,7 +11567,7 @@ CVE-2023-1209
CVE-2023-1208
RESERVED
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import
functio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1206
RESERVED
CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a
format s ...)
@@ -15014,7 +15014,7 @@ CVE-2023-1021 (The amr ical events lists WordPress
plugin through 6.6 does not s
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module
Library ...)
- libtpms 0.9.2-3.1 (bug #1032420)
NOTE:
https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
@@ -16628,7 +16628,7 @@ CVE-2023-0894 (The Pickup | Delivery | Dine-in date
time WordPress plugin throug
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate
WordPress p ...)
@@ -17411,7 +17411,7 @@ CVE-2023-0813
RESERVED
NOT-FOR-US: Network Observability plugin for OpenShift console
CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress
plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on
the mem ...)
NOT-FOR-US: Omron CJ1M
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
@@ -17871,11 +17871,11 @@ CVE-2023-0765 (The Gallery by BestWebSoft WordPress
plugin before 4.7.0 does not
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does
not perf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
- gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -19476,7 +19476,7 @@ CVE-2023-0645 (An out of bounds read exists in libjxl.
An attacker using a speci
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress
plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub
repository s ...)
NOT-FOR-US: squidex
CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository
squidex/squidex ...)
@@ -19976,7 +19976,7 @@ CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM
SQR has a vulnerability
CVE-2023-24834 (WisdomGarden Tronclass has improper access control when
uploading file ...)
NOT-FOR-US: WisdomGarden Tronclass
CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a
stored c ...)
NOT-FOR-US: Rapid7
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and
GE Dig ...)
@@ -20810,7 +20810,7 @@ CVE-2023-0522 (The Enable/Disable Auto Login when
Register WordPress plugin thro
CVE-2023-0521
RESERVED
CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository
modoboa/modob ...)
NOT-FOR-US: Modoboa
CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -21132,7 +21132,7 @@ CVE-2023-0492 (The GS Products Slider for WooCommerce
WordPress plugin before 1.
CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0489
RESERVED
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
@@ -24285,7 +24285,7 @@ CVE-2023-0235
CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user
input f ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate
and esc ...)
@@ -28562,7 +28562,7 @@ CVE-2022-4776 (The CC Child Pages WordPress plugin
before 1.43 does not validate
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the
file ty ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
NOT-FOR-US: cloudsync
CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical.
Affect ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
