Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3566997 by Salvatore Bonaccorso at 2023-05-26T10:37:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud.
Authent ...)
TODO: check
CVE-2023-2903 (A vulnerability classified as problematic has been found in
NFine Rapi ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform
20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
NOT-FOR-US: mipjz
CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz
v5.0.5 allo ...)
@@ -165,7 +165,7 @@ CVE-2023-2873 (A vulnerability classified as critical was
found in Twister Antiv
CVE-2023-2872 (A vulnerability classified as problematic has been found in
FlexiHub 5 ...)
NOT-FOR-US: FlexiHub
CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop
6.1.0.0 ...)
- TODO: check
+ NOT-FOR-US: FabulaTech USB for Remote Desktop
CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9.
It has ...)
NOT-FOR-US: EnTech Monitor Asset Manager
CVE-2023-2868 (A remote command injection vulnerability exists in the
Barracuda Email ...)
@@ -4484,7 +4484,7 @@ CVE-2023-30486
CVE-2023-30485
RESERVED
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress
Enable Acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30483
RESERVED
CVE-2023-30482
@@ -6165,7 +6165,7 @@ CVE-2023-29723
CVE-2023-29722
RESERVED
CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads
to comman ...)
- TODO: check
+ NOT-FOR-US: SofaWiki
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS)
via index ...)
NOT-FOR-US: SofaWiki
CVE-2023-29719
@@ -13444,7 +13444,7 @@ CVE-2023-1160 (Use of Platform-Dependent Third Party
Components in GitHub reposi
CVE-2023-1159
RESERVED
CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions
before 9.4. ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-1157 (A vulnerability, which was classified as problematic, was found
in fin ...)
NOT-FOR-US: Finixbit elf-parser
CVE-2023-1156 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -18994,9 +18994,9 @@ CVE-2022-48317 (Expired sessions were not securely
terminated in the RestAPI for
CVE-2023-25600
RESERVED
CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice
Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice
Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel
MiCollab th ...)
NOT-FOR-US: Mitel
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows
for an ...)
@@ -19493,7 +19493,7 @@ CVE-2023-25441
CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add
contact fun ...)
- civicrm <unfixed> (bug #1036695)
CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig
FusionIn ...)
- TODO: check
+ NOT-FOR-US: Square Pig FusionInvoice
CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows
remote at ...)
NOT-FOR-US: MilleGP5
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before
1.1.1.H ...)
@@ -28599,7 +28599,7 @@ CVE-2023-22506
CVE-2023-22505
RESERVED
CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote
attacker ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
NOT-FOR-US: Atlassian
CVE-2023-22502
@@ -29383,7 +29383,7 @@ CVE-2022-4817 (A vulnerability was found in centic9
jgit-cookbook. It has been d
CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo
Safece ...)
NOT-FOR-US: Lenovo
CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions
before 9.4. ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
NOT-FOR-US: usememos
CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository
usemem ...)
@@ -33654,7 +33654,7 @@ CVE-2022-47180 (Cross-Site Request Forgery (CSRF)
vulnerability in Kopa Theme Ko
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs
OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple
Share Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay
WP Easy ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47176
@@ -33662,7 +33662,7 @@ CVE-2022-47176
CVE-2022-47175
RESERVED
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress
Performan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nasi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47172
@@ -33680,19 +33680,19 @@ CVE-2022-47167 (Cross-Site Request Forgery (CSRF)
vulnerability in Aram Kocharya
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders
Void Con ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule
plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople
Team Eve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie
Herdyawan DH ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The
WordPress.Org c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47160
RESERVED
CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster
Logaster L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Don ...)
@@ -33712,7 +33712,7 @@ CVE-2022-47151
CVE-2022-47150
RESERVED
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty
Links plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Overnight PDF In ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1
Technologies ...)
@@ -33722,7 +33722,7 @@ CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Co
CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in
Blockonomics Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft
Mediama ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle
Multiple ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft
Mediama ...)
@@ -33732,15 +33732,15 @@ CVE-2022-47141 (Cross-Site Request Forgery (CSRF)
vulnerability in Seerox WP Dyn
CVE-2022-47140
RESERVED
CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir
Calusic WP Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German
Krutov LOGIN ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPMa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in
WPManageNinja LLC N ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in
chronoengine.Com Ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill
Erickson Galle ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47133
@@ -34502,9 +34502,9 @@ CVE-2022-46868
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil
Universal St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty
Thornley Impo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty
Thornley Bulk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Umair Sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Full ...)
@@ -34522,7 +34522,7 @@ CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Am
CVE-2022-46857
RESERVED
CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION
Woocommerce P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes
Launchp ...)
@@ -34657,7 +34657,7 @@ CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in JC
CVE-2022-46821
RESERVED
CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli
Table O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46818
@@ -34669,15 +34669,15 @@ CVE-2022-46816 (Cross-Site Request Forgery (CSRF)
vulnerability in Booking Ultra
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri
Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for
WooCommerce plugin
CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre
Lebedel Kode ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR.
Advance ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Thank Yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46811
RESERVED
CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Thank Yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46809
RESERVED
CVE-2022-46808
@@ -34697,7 +34697,7 @@ CVE-2022-46802
CVE-2022-46801
RESERVED
CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed
Technolog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
ShopLento ...)
@@ -37717,7 +37717,7 @@ CVE-2022-45817 (Cross-Site Scripting (XSS)
vulnerability in Erin Garscadden GC T
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD
bbPress Att ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in
StylemixThemes GDPR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von
Allmen W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45813
@@ -39247,7 +39247,7 @@ CVE-2022-45373
CVE-2022-45372
RESERVED
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet
ShopEngine pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45370
RESERVED
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in
Plugin for ...)
@@ -39255,9 +39255,9 @@ CVE-2022-45369 (Auth. (subscriber+) Broken Access
Control vulnerability in Plugi
CVE-2022-45368
RESERVED
CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche
Softwares Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jason Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45365
RESERVED
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L.
Mongaya ...)
@@ -46985,7 +46985,7 @@ CVE-2022-43492 (Auth. (subscriber+) Insecure Direct
Object References (IDOR) vul
CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream
plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking
Calendar pl ...)
@@ -47073,7 +47073,7 @@ CVE-2022-41992 (A memory corruption vulnerability
exists in the VHD File Format
CVE-2022-41990
RESERVED
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in
LearningTimes Badge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mantenimien ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in
Zoho CRM ...)
@@ -47129,11 +47129,11 @@ CVE-2022-40686 (Cross-Site Request Forgery (CSRF)
vulnerability in Creative Mail
CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft
Post For ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in
StylemixThemes Moto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38702
RESERVED
CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in
StylemixThemes Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3648
@@ -52348,7 +52348,7 @@ CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site
Scripting (XSS) vulnerabil
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop
plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem
Advanced Ship ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media
Library Folde ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Community by ...)
@@ -53471,7 +53471,7 @@ CVE-2022-41256
CVE-2022-41223 (The Director database component of MiVoice Connect through
19.3 (22.22 ...)
NOT-FOR-US: Mitel
CVE-2022-41221 (The client in OpenText Archive Center Administration through
21.2 allo ...)
- TODO: check
+ NOT-FOR-US: OpenText Archive Center Administration
CVE-2022-40224 (A denial of service vulnerability exists in the web server
functionali ...)
NOT-FOR-US: Moxa
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version
6.7 has ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35669971369ed98c2b848bc7376a20da7140e45
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35669971369ed98c2b848bc7376a20da7140e45
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
