Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9385fe66 by Salvatore Bonaccorso at 2023-12-21T09:40:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,21 +35,21 @@ CVE-2023-50983 (Tenda i29 v1.0 V1.0.0.5 was discovered to
contain a command inje
CVE-2023-50639 (Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer
v.1.0 a ...)
NOT-FOR-US: CuteHttpFileServer
CVE-2023-49032 (An issue in LTB Self Service Password before v.1.5.4 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: LTB Self Service Password
CVE-2023-48434 (Online Voting System Project v1.0 is vulnerable to multiple
Unauthenti ...)
- TODO: check
+ NOT-FOR-US: Online Voting System Project
CVE-2023-48433 (Online Voting System Project v1.0 is vulnerable to multiple
Unauthenti ...)
- TODO: check
+ NOT-FOR-US: Online Voting System Project
CVE-2023-47093 (An issue was discovered in Stormshield Network Security (SNS)
4.0.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-46131 (Grails is a framework used to build web applications with the
Groovy p ...)
TODO: check
CVE-2023-45703 (HCL Launch may mishandle input validation of an uploaded
archive file ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-45700 (HCL Launch is vulnerable to HTML injection. This vulnerability
may all ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS)
3.7.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
NOT-FOR-US: Transformers
CVE-2023-7008 [Unsigned name response in signed zone is not refused when
DNSSEC=yes]
@@ -176,9 +176,9 @@ CVE-2023-33209 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2023-32743 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32128 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37544 (Improper Authentication vulnerability in Apache Pulsar
WebSocket Proxy ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-6977 (This vulnerability enables malicious users to read sensitive
files on ...)
@@ -33419,7 +33419,7 @@ CVE-2023-31233 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability
in Unlim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir
Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229
@@ -33547,7 +33547,7 @@ CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate
Member plu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability
in Amade ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -33919,7 +33919,7 @@ CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in La
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly
Chronosly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31090
@@ -34540,7 +34540,7 @@ CVE-2023-30874 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-30873
RESERVED
CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
PT Woo P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30870
@@ -35111,7 +35111,7 @@ CVE-2023-30752 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in iCon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in ihom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30748
@@ -36027,7 +36027,7 @@ CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Si
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30495 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ImageRec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Themefic ...)
@@ -38630,7 +38630,7 @@ CVE-2023-29434 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-29433
RESERVED
CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29431
RESERVED
CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CTHtheme ...)
@@ -38946,7 +38946,7 @@ CVE-2023-29386
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability
in HM Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository
sidekiq/si ...)
@@ -39834,7 +39834,7 @@ CVE-2023-29104 (A vulnerability has been identified in
SIMATIC Cloud Connect 7 C
CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7
CC712 ( ...)
NOT-FOR-US: Siemens
CVE-2023-29102 (Unrestricted Upload of File with Dangerous Type vulnerability
in Olive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Muffingr ...)
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Dream-Th ...)
@@ -39846,7 +39846,7 @@ CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ar
CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in a3r ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-29096 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F.
Carr RSV ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in PI W ...)
@@ -41000,7 +41000,7 @@ CVE-2023-28790 (Auth. (editor+) Stored Cross-Site
Scripting (XSS) vulnerability
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cimatti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28787
RESERVED
CVE-2023-28786
@@ -41012,7 +41012,7 @@ CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Co
CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-28782 (Deserialization of Untrusted Data vulnerability in
Rocketgenius Inc. G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Cimatti Con ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast
Local P ...)
@@ -42007,7 +42007,7 @@ CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site
Scripting (XSS) vulnerab
CVE-2023-28492
RESERVED
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
@@ -43220,7 +43220,7 @@ CVE-2023-28172 (Cross-Site Request Forgery (CSRF)
vulnerability in flippercode W
CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress theme
CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Core ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28168
@@ -43798,7 +43798,7 @@ CVE-2023-1308 (A vulnerability classified as critical
has been found in SourceCo
CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8
on WordPr ...)
NOT-FOR-US: dd32 Debug Bar Plugin
CVE-2023-28025 (Due to this vulnerability, the Master operator could
potentially incor ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-28024
RESERVED
CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI
Softwar ...)
@@ -47914,7 +47914,7 @@ CVE-2023-26527 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-26526
RESERVED
CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech
Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523
@@ -49576,7 +49576,7 @@ CVE-2023-25972 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD
Educare plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zendr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25969
RESERVED
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs,
Madalin ...)
@@ -55710,7 +55710,7 @@ CVE-2023-23972 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23970 (Unrestricted Upload of File with Dangerous Type vulnerability
in WooRo ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js
start func ...)
NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login
functionali ...)
@@ -63262,11 +63262,11 @@ CVE-2022-47601
CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47599 (Deserialization of Untrusted Data vulnerability in File
Manager by Bit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47597 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -74580,7 +74580,7 @@ CVE-2022-44686
CVE-2022-44685
RESERVED
CVE-2022-44684 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability)
@@ -79570,7 +79570,7 @@ CVE-2022-43458 (Auth. (contributor+) Cross-Site
Scripting (XSS) vulnerability in
CVE-2022-43453
RESERVED
CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability
in XWP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43445
RESERVED
CVE-2022-43441 (A code execution vulnerability exists in the Statement
Bindings functi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9385fe665af560a8f329670e6347dfa3705d9f60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9385fe665af560a8f329670e6347dfa3705d9f60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
