[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 16 21:18:52 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1927f825 by Salvatore Bonaccorso at 2023-08-16T22:17:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12503,9 +12503,9 @@ CVE-2023-2274
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...)
NOT-FOR-US: Rapid7
CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31205
@@ -12764,7 +12764,7 @@ CVE-2023-2255 (Improper access control in editor components of The Document Foun
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not properly some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...)
{DSA-5414-1 DLA-3473-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
@@ -13248,7 +13248,7 @@ CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior
CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...)
NOT-FOR-US: Rapid7
CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
@@ -13811,9 +13811,9 @@ CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...)
@@ -14977,7 +14977,7 @@ CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built
CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not validate U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...)
NOT-FOR-US: answer
CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...)
@@ -20814,7 +20814,7 @@ CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCo
CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some genera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
@@ -24541,7 +24541,7 @@ CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload C
CVE-2023-1111
RESERVED
CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -32023,7 +32023,7 @@ CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protecti
CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...)
NOT-FOR-US: ABB
CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -32598,7 +32598,7 @@ CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to S
CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...)
@@ -35844,7 +35844,7 @@ CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 doe
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...)
@@ -39043,7 +39043,7 @@ CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does no
CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- pyload <itp> (bug #1001980)
CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...)
@@ -40376,7 +40376,7 @@ CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validat
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/d80bbc12/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list