[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 21 08:40:47 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9385fe66 by Salvatore Bonaccorso at 2023-12-21T09:40:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,21 +35,21 @@ CVE-2023-50983 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command inje
CVE-2023-50639 (Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 a ...)
NOT-FOR-US: CuteHttpFileServer
CVE-2023-49032 (An issue in LTB Self Service Password before v.1.5.4 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: LTB Self Service Password
CVE-2023-48434 (Online Voting System Project v1.0 is vulnerable to multiple Unauthenti ...)
- TODO: check
+ NOT-FOR-US: Online Voting System Project
CVE-2023-48433 (Online Voting System Project v1.0 is vulnerable to multiple Unauthenti ...)
- TODO: check
+ NOT-FOR-US: Online Voting System Project
CVE-2023-47093 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-46131 (Grails is a framework used to build web applications with the Groovy p ...)
TODO: check
CVE-2023-45703 (HCL Launch may mishandle input validation of an uploaded archive file ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-45700 (HCL Launch is vulnerable to HTML injection. This vulnerability may all ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
NOT-FOR-US: Transformers
CVE-2023-7008 [Unsigned name response in signed zone is not refused when DNSSEC=yes]
@@ -176,9 +176,9 @@ CVE-2023-33209 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-32743 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37544 (Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on ...)
@@ -33419,7 +33419,7 @@ CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229
@@ -33547,7 +33547,7 @@ CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability in Amade ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -33919,7 +33919,7 @@ CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in La
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31090
@@ -34540,7 +34540,7 @@ CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-30873
RESERVED
CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30870
@@ -35111,7 +35111,7 @@ CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30748
@@ -36027,7 +36027,7 @@ CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Si
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...)
@@ -38630,7 +38630,7 @@ CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-29433
RESERVED
CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29431
RESERVED
CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...)
@@ -38946,7 +38946,7 @@ CVE-2023-29386
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability in HM Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...)
@@ -39834,7 +39834,7 @@ CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
NOT-FOR-US: Siemens
CVE-2023-29102 (Unrestricted Upload of File with Dangerous Type vulnerability in Olive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
@@ -39846,7 +39846,7 @@ CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ar
CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-29096 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
@@ -41000,7 +41000,7 @@ CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28787
RESERVED
CVE-2023-28786
@@ -41012,7 +41012,7 @@ CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-28782 (Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...)
@@ -42007,7 +42007,7 @@ CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerab
CVE-2023-28492
RESERVED
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
@@ -43220,7 +43220,7 @@ CVE-2023-28172 (Cross-Site Request Forgery (CSRF) vulnerability in flippercode W
CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress theme
CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28168
@@ -43798,7 +43798,7 @@ CVE-2023-1308 (A vulnerability classified as critical has been found in SourceCo
CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPr ...)
NOT-FOR-US: dd32 Debug Bar Plugin
CVE-2023-28025 (Due to this vulnerability, the Master operator could potentially incor ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-28024
RESERVED
CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...)
@@ -47914,7 +47914,7 @@ CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-26526
RESERVED
CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523
@@ -49576,7 +49576,7 @@ CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability in Zendr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25969
RESERVED
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...)
@@ -55710,7 +55710,7 @@ CVE-2023-23972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23970 (Unrestricted Upload of File with Dangerous Type vulnerability in WooRo ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...)
NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...)
@@ -63262,11 +63262,11 @@ CVE-2022-47601
CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47599 (Deserialization of Untrusted Data vulnerability in File Manager by Bit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47597 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -74580,7 +74580,7 @@ CVE-2022-44686
CVE-2022-44685
RESERVED
CVE-2022-44684 (Windows Local Session Manager (LSM) Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability)
@@ -79570,7 +79570,7 @@ CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
CVE-2022-43453
RESERVED
CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability in XWP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43445
RESERVED
CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9385fe665af560a8f329670e6347dfa3705d9f60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9385fe665af560a8f329670e6347dfa3705d9f60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231221/f2306154/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list