Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
392c71c8 by Salvatore Bonaccorso at 2023-11-07T21:33:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,21 +37,21 @@ CVE-2023-5506 (The ImageMapper plugin for WordPress is
vulnerable to unauthorize
CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and
2023.5contain a fl ...)
TODO: check
CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK
before 20 ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4295 (A local non-privileged user can make improper GPU memory
processing op ...)
TODO: check
CVE-2023-4272 (A local non-privileged user can make GPU processing operations
that ex ...)
TODO: check
CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability
in funct ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability
in setSch ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer
underflow tha ...)
TODO: check
CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect
offset read ...)
@@ -61,41 +61,41 @@ CVE-2023-46744 (Squidex is an open source headless CMS and
content management hu
CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign
is suscep ...)
TODO: check
CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In
affected vers ...)
- TODO: check
+ NOT-FOR-US: Group-Office CRM
CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain
sensiti ...)
- TODO: check
+ NOT-FOR-US: BoltWire
CVE-2023-46253 (Squidex is an open source headless CMS and content management
hub. Aff ...)
TODO: check
CVE-2023-46252 (Squidex is an open source headless CMS and content management
hub. Aff ...)
TODO: check
CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-46242 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-42659 (In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an
unrestricted fi ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru
v.3.4.2 ...)
- TODO: check
+ NOT-FOR-US: Wonder CMS
CVE-2023-3889 (A local non-privileged user can make improper GPU memory
processing op ...)
TODO: check
CVE-2023-37835
REJECTED
CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33481 (RemoteClinic 2.0 is vulnerable to a time-based blind SQL
injection att ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33480 (RemoteClinic 2.0 contains a critical vulnerability chain that
can be e ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33479 (RemoteClinic version 2.0 contains a SQL injection
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID
parameter ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab
Jazz Popups ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4431 (A vulnerability classified as problematic has been found in
msyk FMDat ...)
TODO: check
CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict
URL val ...)
@@ -33820,7 +33820,7 @@ CVE-2023-28501 (Rocket Software UniData versions prior
to 8.2.4 build 3003 and U
CVE-2023-28500 (A Java insecure deserialization vulnerability in Adobe
LiveCycle ES4 v ...)
NOT-FOR-US: Adobe
CVE-2023-28499 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in sim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28498
RESERVED
CVE-2023-28497
@@ -41274,7 +41274,7 @@ CVE-2023-0900 (The Pricing Table Builder WordPress
plugin through 1.1.6 does not
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0898 (General Electric MiCOM S1 Agile is vulnerable to an attacker
achieving ...)
- TODO: check
+ NOT-FOR-US: General Electric MiCOM S1 Agile
CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack
vulnerability due ...)
NOT-FOR-US: Sielco PolyEco1000
CVE-2023-26030
@@ -41372,7 +41372,7 @@ CVE-2023-25985
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rigo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -48049,7 +48049,7 @@ CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in
SecondLineThemes Au ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23796 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form
Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
@@ -48488,7 +48488,7 @@ CVE-2023-23680 (Cross-Site Request Forgery (CSRF)
vulnerability in Bob Goetz WP-
CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability
in JS H ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23678 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix
GTmetri ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -51780,7 +51780,7 @@ CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS)
inOi Yandex.Maps for Wor
CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22719 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason
Lau User M ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -56832,7 +56832,7 @@ CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Pr
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Powney Multi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47442 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Charitab ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
@@ -57748,7 +57748,7 @@ CVE-2022-47183 (Cross-Site Request Forgery (CSRF)
vulnerability in StylistWP Ext
CVE-2022-47182
RESERVED
CVE-2022-47181 (Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio
Email T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme
Kopa Fra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs
OWM Weat ...)
@@ -58792,7 +58792,7 @@ CVE-2022-46823 (A vulnerability has been identified in
Mendix SAML (Mendix 8 com
CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
JC Devel ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46821 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli
Table O ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
@@ -58816,7 +58816,7 @@ CVE-2022-46811
CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Thank Yo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46809 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46807
@@ -58826,13 +58826,13 @@ CVE-2022-46806 (Cross-Site Request Forgery (CSRF)
vulnerability in VillaTheme Ca
CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri
Karisola / WP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46804 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46803 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46802 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46801 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed
Technolog ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
@@ -61958,7 +61958,7 @@ CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site
Scripting (XSS) vulnerabil
CVE-2022-45811
RESERVED
CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45809
RESERVED
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS
Plugin < ...)
@@ -63490,7 +63490,7 @@ CVE-2022-45372 (Cross-Site Request Forgery (CSRF)
vulnerability in Codeixer Prod
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet
ShopEngine pl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in
Plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45368
@@ -63510,13 +63510,13 @@ CVE-2022-45362
CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability inYITH WooCommerce
Gift Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45356
RESERVED
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress
WP Pipe ...)
@@ -63530,11 +63530,11 @@ CVE-2022-45352
CVE-2022-45351
RESERVED
CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45349
RESERVED
CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as
databas ...)
NOT-FOR-US: Apache ShardingSphere-Proxy
CVE-2022-45344
@@ -64281,7 +64281,7 @@ CVE-2022-45080 (Cross-Site Request Forgery (CSRF)
vulnerability in KrishaWeb Add
CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous
Loginiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45078 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in
Betheme them ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat
Flexible Ele ...)
@@ -65159,7 +65159,7 @@ CVE-2022-44740 (Multiple Cross-Site Request Forgery
(CSRF) vulnerabilities in Cr
CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in
ThingsForRestaurant ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44738 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities
inAll-In-One Secur ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cham ...)
@@ -71375,7 +71375,7 @@ CVE-2022-42884
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by
Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani
Auto Uplo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP
plugin <= 1.5 ...)
@@ -71465,7 +71465,7 @@ CVE-2022-38971 (Stored Cross-Site Scripting (XSS)
vulnerability in ThemeKraft Po
CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in
StylemixThemes Moto ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38702 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in
StylemixThemes Word ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
@@ -76717,7 +76717,7 @@ CVE-2022-41620 (Cross-Site Request Forgery (CSRF)
vulnerability inSeoSamba for W
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media
Library As ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41616 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Shar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/392c71c81ad9ec6cf41126d2a91ba962bbceffad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/392c71c81ad9ec6cf41126d2a91ba962bbceffad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
