Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f5c7c2a by Salvatore Bonaccorso at 2023-05-30T10:52:28+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2023-2962 (A vulnerability, which was classified as
critical, has been found
CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when
determini ...)
TODO: check
CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not
sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125102 (A vulnerability classified as problematic was found in
Bestwebsoft Rel ...)
TODO: check
CVE-2023-2953 [potential null pointer dereference flaw]
@@ -2346,7 +2346,7 @@ CVE-2023-2298
CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration
Forms plug ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a
paramete ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain
text i ...)
NOT-FOR-US: Dataprobe
CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful
exploitation ...)
@@ -2388,9 +2388,9 @@ CVE-2023-2290
CVE-2023-2289
RESERVED
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some
user-co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does
not li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2286
RESERVED
CVE-2023-2285
@@ -2710,7 +2710,7 @@ CVE-2023-31104
CVE-2023-2257 (Authentication Bypass in Hub Business integration in
Devolutions Works ...)
NOT-FOR-US: Devolutions
CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin
before 32 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2255 (Improper access control in editor components of The Document
Foundatio ...)
{DSA-5415-1}
- libreoffice 4:7.4.5-3
@@ -3203,7 +3203,7 @@ CVE-2023-2225
CVE-2023-2224
RESERVED
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2222
RESERVED
CVE-2023-2221
@@ -3764,7 +3764,7 @@ CVE-2023-2119 (The Responsive Filterable Portfolio plugin
for WordPress is vulne
CVE-2023-2118 (Insufficient access controlin support ticket feature in
Devolutions Se ...)
NOT-FOR-US: Devolutions
CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2116
RESERVED
CVE-2023-2115
@@ -3772,11 +3772,11 @@ CVE-2023-2115
CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly
escape the ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2112 (Desktop component service allows lateral movement between
sessions in ...)
NOT-FOR-US: M-Files
CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress
plugin bef ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2110
RESERVED
CVE-2023-30775 (A vulnerability was found in the libtiff library. This
security flaw c ...)
@@ -4422,7 +4422,7 @@ CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector
versions prior to 3.2.
CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data
Collector ...)
NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not
escape some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2022
RESERVED
CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
@@ -7082,7 +7082,7 @@ CVE-2023-1940 (A vulnerability classified as critical was
found in SourceCodeste
CVE-2023-1939 (No access control for the OTP key on OTP entries in
Devolutions Rem ...)
NOT-FOR-US: Devolutions
CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1937 (A vulnerability, which was classified as problematic, was found
in zhe ...)
NOT-FOR-US: zhenfeng13 My-Blog
CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin
1.3.4 and ...)
@@ -10040,7 +10040,7 @@ CVE-2023-1526 (Certain DesignJet and PageWide XL TAA
compliant models may have r
CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1524 (The Download Manager WordPress plugin before 3.2.71 does not
adequatel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate
privile ...)
NOT-FOR-US: SAUTER
CVE-2023-28652 (An authenticated malicious user could successfully upload a
malicious ...)
@@ -19248,7 +19248,7 @@ CVE-2023-0767
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767
NOTE:
https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
CVE-2023-0766 (The Newsletter Popup WordPress plugin through 1.2 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does
not perf ...)
@@ -19393,7 +19393,7 @@ CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in
GitHub repository wallabag/w
CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag
prior to ...)
NOT-FOR-US: Wallabag
CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear
Shop 1 ...)
NOT-FOR-US: SourceCodester
CVE-2023-25588
@@ -22959,7 +22959,7 @@ CVE-2023-0445
CVE-2023-0444 (A privilege escalation vulnerability exists in Delta
Electronics Infra ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-0443 (The AnyWhere Elementor WordPress plugin before 1.2.8 discloses
a Freem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8
has an ...)
@@ -24934,7 +24934,7 @@ CVE-2023-0330 (A vulnerability in the lsi53c895a device
affects the latest versi
NOTE: Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2023-0329 (The Elementor Website Builder WordPress plugin before 3.12.2
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48261 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi
Automation Dire ...)
@@ -30492,7 +30492,7 @@ CVE-2022-4678 (The TemplatesNext ToolKit WordPress
plugin before 3.2.8 does not
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4676 (The OSM WordPress plugin through 6.01 does not validate and
escape som ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate
and escap ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5c7c2a0c83951157fb141287550f4d0af18272
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5c7c2a0c83951157fb141287550f4d0af18272
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
