[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Apr 24 12:06:52 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a0ff9aa by Moritz Muehlenhoff at 2023-04-24T13:06:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -88,17 +88,17 @@ CVE-2023-31063
CVE-2023-31062
RESERVED
CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection. ...)
- TODO: check
+ NOT-FOR-US: Repetier Server
CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be leverag ...)
- TODO: check
+ NOT-FOR-US: Repetier Server
CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...)
- TODO: check
+ NOT-FOR-US: Repetier Server
CVE-2023-31058
RESERVED
CVE-2023-31057
RESERVED
CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in certain si ...)
- TODO: check
+ NOT-FOR-US: CloverDX
CVE-2023-31055
RESERVED
CVE-2023-31054
@@ -124,7 +124,7 @@ CVE-2023-31045
CVE-2023-31044
RESERVED
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
- TODO: check
+ NOT-FOR-US: EnterpriseDB
CVE-2023-2247
RESERVED
CVE-2023-31042
@@ -134,7 +134,7 @@ CVE-2023-31041
CVE-2023-31040
RESERVED
CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-31039
RESERVED
CVE-2023-31038
@@ -444,7 +444,7 @@ CVE-2023-2222
CVE-2023-2221
RESERVED
CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: KodExplorer
CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...)
NOT-FOR-US: Dream Technology mica
CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
@@ -1383,13 +1383,13 @@ CVE-2023-30623
CVE-2023-30622
RESERVED
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
- TODO: check
+ NOT-FOR-US: Gipsy
CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...)
- TODO: check
+ NOT-FOR-US: mindsdb
CVE-2023-30619
RESERVED
CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...)
- TODO: check
+ NOT-FOR-US: Kitchen-Terraform
CVE-2023-30617
RESERVED
CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
@@ -5722,9 +5722,9 @@ CVE-2023-1709
CVE-2023-29021
RESERVED
CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...)
- TODO: check
+ NOT-FOR-US: @fastify/passport
CVE-2023-29019 (@fastify/passport is a port of passport authentication library for the ...)
- TODO: check
+ NOT-FOR-US: @fastify/passport
CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...)
NOT-FOR-US: open-feature-operator
CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
@@ -8863,7 +8863,7 @@ CVE-2023-28133
CVE-2023-28132
RESERVED
CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...)
- TODO: check
+ NOT-FOR-US: expo.io
CVE-2023-28130
RESERVED
CVE-2023-28129
@@ -10409,7 +10409,7 @@ CVE-2023-27616
CVE-2023-27615
RESERVED
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27613
RESERVED
CVE-2023-27612
@@ -10867,7 +10867,7 @@ CVE-2023-1130 (A vulnerability, which was classified as critical, was found in S
CVE-2023-27496 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2023-27495 (@fastify/csrf-protection is a plugin which helps protect Fastify serve ...)
- TODO: check
+ NOT-FOR-US: @fastify/csrf-protection
CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...)
NOT-FOR-US: Streamlit
CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
@@ -11016,7 +11016,7 @@ CVE-2023-27427
CVE-2023-27426
RESERVED
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27424
RESERVED
CVE-2023-27423
@@ -13028,9 +13028,9 @@ CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author bef
CVE-2023-26558
RESERVED
CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a private ...)
- TODO: check
+ NOT-FOR-US: io.finnet tss-lib
CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side ...)
- TODO: check
+ NOT-FOR-US: io.finnet tss-lib
CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...)
- ntp <removed>
[bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver)
@@ -16633,7 +16633,7 @@ CVE-2023-25453
CVE-2023-25452
RESERVED
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25450
RESERVED
CVE-2023-25449
@@ -19619,7 +19619,7 @@ CVE-2023-24406
CVE-2023-24405
RESERVED
CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...)
@@ -19655,7 +19655,7 @@ CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Book
CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24385
RESERVED
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
@@ -20927,7 +20927,7 @@ CVE-2023-23881
CVE-2023-23880
RESERVED
CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23877
@@ -21079,7 +21079,7 @@ CVE-2023-23834
CVE-2023-23833
RESERVED
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23831
RESERVED
CVE-2023-23830
@@ -21089,7 +21089,7 @@ CVE-2023-23829
CVE-2023-23828
RESERVED
CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23826
RESERVED
CVE-2023-23825
@@ -21109,9 +21109,9 @@ CVE-2023-23819
CVE-2023-23818
RESERVED
CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23814
@@ -21131,7 +21131,7 @@ CVE-2023-23808
CVE-2023-23807
RESERVED
CVE-2023-23806 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23805
RESERVED
CVE-2023-23804
@@ -21391,7 +21391,7 @@ CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are t
CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
NOT-FOR-US: frioux ptome
CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQ ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...)
NOT-FOR-US: Joomla!
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
@@ -21463,7 +21463,7 @@ CVE-2023-23719
CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...)
NOT-FOR-US: Esstat17
CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23716
RESERVED
CVE-2023-23715
@@ -24854,7 +24854,7 @@ CVE-2023-22720
CVE-2023-22719
RESERVED
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22717
RESERVED
CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam A ...)
@@ -24894,7 +24894,7 @@ CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite
CVE-2023-22699
RESERVED
CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22697
RESERVED
CVE-2023-22696
@@ -24918,7 +24918,7 @@ CVE-2023-22688
CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...)
NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22685
RESERVED
CVE-2023-22684
@@ -27168,7 +27168,7 @@ CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause
CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...)
NOT-FOR-US: Multi-Party Threshold Signature Scheme
CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...)
- TODO: check
+ NOT-FOR-US: io.finnet tss-lib
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -29836,7 +29836,7 @@ CVE-2022-47437
CVE-2022-47436
RESERVED
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47434
RESERVED
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...)
@@ -36337,7 +36337,7 @@ CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffing
CVE-2022-45362
RESERVED
CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45360
RESERVED
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift C ...)
@@ -37102,7 +37102,7 @@ CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulner
CVE-2022-45081
RESERVED
CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45079
RESERVED
CVE-2022-45078
@@ -37114,7 +37114,7 @@ CVE-2022-45076
CVE-2022-45075
RESERVED
CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentica ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
@@ -37974,7 +37974,7 @@ CVE-2022-44745 (Sensitive information leak through log files. The following prod
CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
NOT-FOR-US: Acronis
CVE-2022-44743 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Blu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
@@ -39324,7 +39324,7 @@ CVE-2022-44633
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44630
RESERVED
CVE-2022-44629
@@ -39569,7 +39569,7 @@ CVE-2022-44596
CVE-2022-44595
RESERVED
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44593
RESERVED
CVE-2022-44592
@@ -39593,7 +39593,7 @@ CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ pl
CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Appt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44581
RESERVED
CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0ff9aa3ba814aa5d6854a5aa538ea8b3b2a9f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0ff9aa3ba814aa5d6854a5aa538ea8b3b2a9f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/167c7fad/attachment.htm>
More information about the debian-security-tracker-commits
mailing list