[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 18 20:43:46 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
671371f8 by Salvatore Bonaccorso at 2023-12-18T21:43:23+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
CVE-2023-6920
REJECTED
CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due to impro ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
TODO: check
CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/cle ...)
TODO: check
CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code inje ...)
- TODO: check
+ NOT-FOR-US: Cambium ePMP Force
CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6289 (The Swift Performance Lite WordPress plugin before 2.3.6.15 does not p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6272 (The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6222 (IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6203 (The Events Calendar WordPress plugin before 6.2.8.1 discloses the cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6077 (The Slider WordPress plugin before 3.5.12 does not ensure that posts t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6065 (The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn' ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5949 (The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5886 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5882 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...)
- openssh <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
@@ -41,47 +41,47 @@ CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constrai
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
NOTE: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (V_9_6_P1)
CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4724 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4311 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49855 (Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Men ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR \xd6deme ve E ...)
TODO: check
CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49840 (Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Curr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48766 (Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48762 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetEleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48755 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47806 (Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47789 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47787 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47741 (IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser cl ...)
NOT-FOR-US: IBM
CVE-2023-46617 (Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46177 (IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to t ...)
NOT-FOR-US: IBM
CVE-2023-39509 (A command injection vulnerability exists in Bosch IP cameras that allo ...)
- TODO: check
+ NOT-FOR-US: Bosch IP cameras
CVE-2023-35867 (An improper handling of a malformed API answer packets to API clients ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-33214 (Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox \u201 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize its param ...)
TODO: check
CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items can use fu ...)
@@ -91,7 +91,7 @@ CVE-2023-32726 (The vulnerability is caused by improper check for check if RDLEN
CVE-2023-32725 (The website configured in the URL widget will receive a session cookie ...)
TODO: check
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-46447 [Rogue Session Attack in AsyncSSH]
- python-asyncssh <unfixed>
NOTE: https://terrapin-attack.com/
@@ -43031,7 +43031,7 @@ CVE-2023-28055 (Dell NetWorker, Version 19.7 has an improper authorization vulne
CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28053 (Dell NetWorker Virtual Edition versions 19.8 and below contain the use ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...)
@@ -84206,7 +84206,7 @@ CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially tri
NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
NOTE: https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
CVE-2022-41677 (An information disclosure vulnerability was discovered in Bosch IP cam ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) Profiler soft ...)
NOT-FOR-US: Intel
CVE-2022-41637
@@ -86780,7 +86780,7 @@ CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post
CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40312 (Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP premium plug ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/671371f8021e2d0c52767bbb9865c8ff6398c6eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/671371f8021e2d0c52767bbb9865c8ff6398c6eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231218/38fc4b84/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list