Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
799a0328 by Salvatore Bonaccorso at 2023-05-25T22:43:29+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
- TODO: check
+ NOT-FOR-US: mipjz
CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
- TODO: check
+ NOT-FOR-US: mipjz
CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: IceCMS
CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized
access t ...)
- TODO: check
+ NOT-FOR-US: IceCMS
CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop
through ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-33279 (In the Store Commander scfixmyprestashop module through
2023-05-09 for ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop
through ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an
openly v ...)
- TODO: check
+ NOT-FOR-US: WFTPD
CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd
generation an ...)
- TODO: check
+ NOT-FOR-US: Amazon Alexa
CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's
`validate ...)
TODO: check
CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: ZLMediaKit
CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect
Access Contro ...)
- TODO: check
+ NOT-FOR-US: IC Realtime ICIP-P2012T
CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice
Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-2888 (A vulnerability, which was classified as problematic, was found
in PHP ...)
- TODO: check
+ NOT-FOR-US: PHPOK
CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot
allows ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT
Chatbot ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT
Chatbot allow ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator
(PRNG), U ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability
in CBOT ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT
Chatbot ...)
- TODO: check
+ NOT-FOR-US: CBOT Chatbot
CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository
pimcore ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: AGT Tech Ceppatron
CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be
vulnerable to ...)
TODO: check
CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to
authentication by ...)
@@ -53,11 +53,11 @@ CVE-2023-2732 (The MStore API plugin for WordPress is
vulnerable to authenticati
CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for
WordPr ...)
NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for
WordPress
CVE-2023-2480 (Missing access permissions checks in M-Files Client before
23.5.12598. ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and
earlier allo ...)
TODO: check
CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS)
contains an ...)
- TODO: check
+ NOT-FOR-US: Wacom Tablet Driver installer
CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data]
- wordpress 6.2.2+dfsg1-1 (bug #1036689)
NOTE:
https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
@@ -140,11 +140,11 @@ CVE-2023-31748 (Insecure permissions in MobileTrans
v4.0.11 allows attackers to
CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect
Access Contro ...)
NOT-FOR-US: IC Realtime ICIP-P2012T
CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of
MiVoice Co ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of
Mitel MiVo ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel
MiVoice ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-2875 (A vulnerability, which was classified as problematic, was found
in eSc ...)
NOT-FOR-US: eScan Antivirus
CVE-2023-2874 (A vulnerability, which was classified as problematic, has been
found i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799a0328c037c7dd4be3367e3fd9b93ea24d5b6b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799a0328c037c7dd4be3367e3fd9b93ea24d5b6b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
