Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3df4595c by Salvatore Bonaccorso at 2023-11-22T21:42:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2023-6252 (Path traversal vulnerability in Chalemelon
Power framework, affec
CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore
23.11.1 ...)
NOT-FOR-US: M-Files
CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple
Websites M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin
for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6157 (Improper neutralization of livestatus command delimiters in
ajax_searc ...)
@@ -97,9 +97,9 @@ CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress
is vulnerable to St
CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: DRD Fleet Leasing DRDrive
CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to
Sensitiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation
Platform ...)
NOT-FOR-US: Nautobot
CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows
admin users ...)
@@ -107,83 +107,83 @@ CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus
before 6070 allows admin
CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
- zlib-ng <itp> (bug #1002056)
CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP
EXtra pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal
Pages \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc
Binh Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite
Uploads Bi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster
plugin <=1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive
Themes Thriv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team Comme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard
CodeBard's ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula
GmbH Multi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: jeecgboot jeecg-boot
CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site
Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SwiftyEdit Content Management System
CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory
Traversal.)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, a ...)
TODO: check
CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, b ...)
TODO: check
CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in
Sourcecodester St ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Sticky Notes App
CVE-2023-46673 (It was identified that malformed scripts used in the script
processor ...)
TODO: check
CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) <
3.5.0 f ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for
PrestaShop, a gue ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle'
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior,
contains a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local
user is ...)
TODO: check
CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which
could a ...)
TODO: check
CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Download Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Veon Computer Service Tracking Software
CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized
passwor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized
access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to
authentication bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL
injection vulne ...)
NOT-FOR-US: Apache Submarine
CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to
download a ...)
@@ -30537,7 +30537,7 @@ CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Co
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Simon Ch ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ImageRec ...)
@@ -35687,11 +35687,11 @@ CVE-2023-28751 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ignazio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: CreativeMindsSolutions CM On Demand Search And Replace
plugin
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr
CBX Curren ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28735
RESERVED
CVE-2023-28734
@@ -39530,7 +39530,7 @@ CVE-2008-10004 (A vulnerability was found in Email
Registration 5.x-2.1 on Drupa
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows
arbitrary file ...)
NOT-FOR-US: Shingo Intrepidity
CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
Customif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151
Daily Praye ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -40105,15 +40105,15 @@ CVE-2023-27463 (A vulnerability has been identified
in RUGGEDCOM CROSSBOW (All v
CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo
Plugins When ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27460
RESERVED
CVE-2023-27459
RESERVED
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate
Brains A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27456
RESERVED
CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Maui Mar ...)
@@ -40121,11 +40121,11 @@ CVE-2023-27455 (Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Ma
CVE-2023-27454
RESERVED
CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS
Tools plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wow- ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren
Cooney Inst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Teplitsa of ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27449
@@ -40135,15 +40135,15 @@ CVE-2023-27448 (Cross-Site Request Forgery (CSRF)
vulnerability in MakeStories T
CVE-2023-27447
RESERVED
CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx
DeepL API tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc.
Blog Flo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre
Lannoy / Per ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of
social ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE
New Adman ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27440
@@ -42387,7 +42387,7 @@ CVE-2019-25105 (A vulnerability, which was classified
as problematic, was found
CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr
Guidrevit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit
phpinfo() W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26540
@@ -42401,13 +42401,13 @@ CVE-2023-26537 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Jonk ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL
Sheets To WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in OneW ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26533
RESERVED
CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress
Themes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in
\u95ea\u7535\u535a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Paul Keh ...)
@@ -44051,9 +44051,9 @@ CVE-2023-25989 (Cross-Site Request Forgery (CSRF)
vulnerability in Meks Video Im
CVE-2023-25988
RESERVED
CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar
Uro\u016 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt
PayGreen \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas |
Docs | FAQ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rigo ...)
@@ -45235,7 +45235,7 @@ CVE-2023-25684 (IBM Security Guardium Key Lifecycle
Manager 3.0, 3.0.1, 4.0, 4.1
CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00
through FW ...)
NOT-FOR-US: IBM
CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.8 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-25681
RESERVED
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is
vulnerable to ...)
@@ -72256,9 +72256,9 @@ CVE-2023-20243 (A vulnerability in the RADIUS message
processing feature of Cisc
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software,
formerly Any ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software,
formerly Any ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20239
RESERVED
CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of
Cisco Br ...)
@@ -72578,7 +72578,7 @@ CVE-2023-20086 (A vulnerability in ICMPv6 processing of
Cisco Adaptive Security
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure
Endpoint for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the
Snort 2 ...)
NOT-FOR-US: Cisco
CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst
9300 Serie ...)
@@ -92626,7 +92626,7 @@ CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd -
G/5G Industrial Cellular Rou
CVE-2022-36778 (insert HTML / js code inside input how to get to the
vulnerable input ...)
NOT-FOR-US: Synel - eHarmony
CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0
and IBM Q ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is
vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0,
10.0.3.0, and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3df4595c96b663701788f508c260cbb25b27b283
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3df4595c96b663701788f508c260cbb25b27b283
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
