Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13c724e9 by Moritz Muehlenhoff at 2023-07-18T12:42:20+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,57 +1,57 @@
CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key)
extension nor ...)
TODO: check
CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable
to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server
certificate whi ...)
- TODO: check
+ NOT-FOR-US: Mattermost iOS app
CVE-2023-3614 (Mattermost fails to properly validate a gif image file,
allowing an at ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the
membership statu ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an
attacker t ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3591 (Mattermost fails to invalidate previously generated password
reset tok ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing
an atta ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3587 (Mattermost fails to properly show information in the UI,
allowing a sy ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable
Publicly-Sh ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3585 (Mattermost Boards fail to properly validate a board link,
allowing an ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST
/api/v4/te ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3582 (Mattermost fails to verify channel membership when linking a
board to ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket
connec ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3577 (Mattermost fails to properly restrict requests
tolocalhost/intranet du ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not
escape or s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a
prototype ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not
have prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through
1.1.7 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c
via a m ...)
TODO: check
CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10.
fs/smb/serv ...)
@@ -71,23 +71,23 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel
before 6.3.4. ksmbd
CVE-2023-38409 (An issue was discovered in set_con2fb_map in
drivers/video/fbdev/core/ ...)
TODO: check
CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187,
crafting and ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations
Manager (VI ...)
- TODO: check
+ NOT-FOR-US: Veritas InfoScale
CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow
and heap ...)
TODO: check
CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in
FiveStarPlugins Res ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin
Klein WP Soc ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37968 (Cross-Site Request Forgery (CSRF) vulnerability in Faboba
Falang multi ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37850
REJECTED
CVE-2023-37791 (D-Link DIR-619L v2.04(TW) was discovered to contain a stack
overflow v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-37781 (An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers
to exec ...)
- TODO: check
+ NOT-FOR-US: EMQX
CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack
overflow via th ...)
TODO: check
CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a
FPE vulne ...)
@@ -117,65 +117,65 @@ CVE-2023-35880 (Cross-Site Request Forgery (CSRF)
vulnerability in WooCommerce W
CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300
ROM) devi ...)
TODO: check
CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred
plugin <=2.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really
Simple Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35038 (Cross-Site Request Forgery (CSRF) vulnerability in
wpexperts.Io WP PDF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34669 (TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service
vulnerability ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-34143 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-34142 (Cleartext Transmission of Sensitive Information vulnerability
in Hitac ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-34141 (A command injection vulnerability in the access point (AP)
management ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34140 (A buffer overflow vulnerability in the Zyxel ATP series
firmware versi ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34139 (A command injection vulnerability in the Free Time WiFi
hotspot featur ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34138 (A command injection vulnerability in the hotspot management
feature of ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34036 (Reactive web applications that use Spring HATEOAS to produce
hypermedi ...)
- TODO: check
+ NOT-FOR-US: Spring HATEOAS
CVE-2023-34005 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web
Design F ...)
- TODO: check
+ NOT-FOR-US: Etoile Web Design
CVE-2023-33012 (A command injection vulnerability in the configuration parser
of the Z ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-33011 (A format string vulnerability in the Zyxel ATP series firmware
version ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-31998 (A heap overflow vulnerability found in EdgeRouters and
Aircubes allows ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti
CVE-2023-31853 (Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in
/cgi-bin ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-31852 (Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS)
in cgi-b ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-31851 (Cudy LT400 1.13.4 is has a cross-site scripting (XSS)
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-2963 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2960 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2959 (Authentication Bypass by Primary Weakness vulnerability in
Oliva Exper ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability
in Orig ...)
- TODO: check
+ NOT-FOR-US: Origin Software ATS Pro
CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded
allows Ob ...)
TODO: check
CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape
genera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not
properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2579 (The InventoryPress WordPress plugin through 1.7 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2330 (The Caldera Forms Google Sheets Connector WordPress plugin
through 1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2329 (The WooCommerce Google Sheet Connector WordPress plugin through
1.3.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36695 (Incorrect Default Permissions vulnerability in Hitachi Device
Manager ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2015-10122 (A vulnerability was found in wp-donate Plugin up to 1.4 on
WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3700 (Improper Access Control in GitHub repository
alextselegidis/easyappoin ...)
NOT-FOR-US: easyappointments
CVE-2023-3696 (Prototype Pollution in GitHub repository automattic/mongoose
prior to ...)
@@ -8497,7 +8497,7 @@ CVE-2023-31218
CVE-2023-31217
RESERVED
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate
Member plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31215
RESERVED
CVE-2023-31214
@@ -9742,7 +9742,7 @@ CVE-2023-2145 (A vulnerability was found in Campcodes
Online Thesis Archiving Sy
CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving
System ...)
NOT-FOR-US: Campcodes Online Thesis Archiving System
CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through
1.0.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2142
RESERVED
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release
2017 th ...)
@@ -13717,7 +13717,7 @@ CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ke
CVE-2023-29384
RESERVED
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository
sidekiq/si ...)
- ruby-sidekiq <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777
@@ -15798,7 +15798,7 @@ CVE-2023-28769 (The buffer overflow vulnerability in
the library \u201clibclinkc
CVE-2023-28768
RESERVED
CVE-2023-28767 (The configuration parser fails to sanitize user-controlled
input in th ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85
(CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2023-25180
@@ -19813,7 +19813,7 @@ CVE-2023-27608
CVE-2023-27607
RESERVED
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad
Hossain WP R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -20408,7 +20408,7 @@ CVE-2023-27426
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jame ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy
aka Shr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27422
@@ -29379,7 +29379,7 @@ CVE-2023-0441 (The Gallery Blocks with Lightbox
WordPress plugin before 3.0.8 ha
CVE-2023-0440 (Observable Discrepancy in GitHub repository
healthchecks/healthchecks ...)
NOT-FOR-US: healthchecks
CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its
form n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0437
@@ -31134,7 +31134,7 @@ CVE-2023-23721 (Cross-Site Request Forgery (CSRF)
vulnerability in David Gwyer A
CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NetR ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23719 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Esstat17 Pa ...)
NOT-FOR-US: Esstat17
CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Georg ...)
@@ -31327,7 +31327,7 @@ CVE-2023-23648
CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in Sk. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life
Album Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23645
RESERVED
CVE-2023-23644
@@ -34647,7 +34647,7 @@ CVE-2023-22674
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet
Website Mon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe
vSlider Mul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable
to a Zi ...)
NOT-FOR-US: Weintek EasyBuilder Pro
CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC
XBC-DN32 ...)
@@ -40486,7 +40486,7 @@ CVE-2022-47174 (Cross-Site Request Forgery (CSRF)
vulnerability in WordPress Per
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nasi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47172 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
ShopLento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Unli ...)
@@ -44237,7 +44237,7 @@ CVE-2022-45937 (A vulnerability has been identified in
APOGEE PXC Series (BACnet
CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector
(All ver ...)
NOT-FOR-US: Siemens
CVE-2022-4146 (Expression Language Injection vulnerability in Hitachi
Replication Man ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-45935 (Usage of temporary files with insecure permissions by the
Apache James ...)
NOT-FOR-US: Apache James
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10.
l2cap_conf ...)
@@ -45582,7 +45582,7 @@ CVE-2022-4025 (Inappropriate implementation in Paint in
Google Chrome prior to 9
CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not
have a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4023 (The 3DPrint WordPress plugin before 3.5.6.9 does not protect
against C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure
settings in ...)
NOT-FOR-US: SVG Support plugin for WordPress
CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable
to Cross ...)
@@ -61694,7 +61694,7 @@ CVE-2022-38074 (SQL Injection vulnerability in
VeronaLabs WP Statistics plugin<=
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role)
Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424 (Cross-Site Request Forgery (CSRF) vulnerability in Nikola
Loncar Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site
Request Forg ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36404 (Auth. (subscriber+) Broken Access Control vulnerability in
David Cole ...)
@@ -68881,7 +68881,7 @@ CVE-2022-38068 (Authenticated (admin+) Stored
Cross-Site Scripting (XSS) vulnera
CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft
Event Calend ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38062 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export
Post Inf ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey
Trofimov's A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c724e9e89c25a34b4adc0bbdb4665c00f8e5c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c724e9e89c25a34b4adc0bbdb4665c00f8e5c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
