[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 27 20:21:08 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41eaaaeb by Salvatore Bonaccorso at 2023-02-27T21:20:24+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilste
CVE-2023-1069
RESERVED
CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress
CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
TODO: check
CVE-2023-1066
@@ -5408,15 +5408,15 @@ CVE-2023-25237
CVE-2023-25236
RESERVED
CVE-2023-25235 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-25234 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-25233 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-25232
RESERVED
CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-25230
RESERVED
CVE-2023-25229
@@ -7153,7 +7153,7 @@ CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to C
CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0551
RESERVED
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...)
@@ -7179,7 +7179,7 @@ CVE-2023-22299
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: YAFNET
CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0547
RESERVED
CVE-2023-0546
@@ -7189,7 +7189,7 @@ CVE-2023-0545
CVE-2023-0544
RESERVED
CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0542
RESERVED
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...)
@@ -7197,7 +7197,7 @@ CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not vali
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0538
RESERVED
CVE-2023-0537
@@ -7205,7 +7205,7 @@ CVE-2023-0537
CVE-2023-0536
RESERVED
CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0 does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -7517,7 +7517,7 @@ CVE-2023-0489
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...)
- pyload <itp> (bug #1001980)
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0486
RESERVED
CVE-2023-0485
@@ -9372,7 +9372,7 @@ CVE-2023-0383
CVE-2023-0382
RESERVED
CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...)
@@ -9656,7 +9656,7 @@ CVE-2023-0336
CVE-2023-0335
RESERVED
CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
@@ -9805,7 +9805,7 @@ CVE-2023-23639
CVE-2023-23638
RESERVED
CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0330
RESERVED
- qemu <unfixed> (bug #1029155)
@@ -10201,9 +10201,9 @@ CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking
CVE-2023-0280
RESERVED
CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0277
RESERVED
CVE-2023-0276
@@ -10594,7 +10594,7 @@ CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user in
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0230 (The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4887
RESERVED
CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-system and ...)
@@ -11453,7 +11453,7 @@ CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Softwa
CVE-2023-23081
RESERVED
CVE-2023-23080 (Certain Tenda products are vulnerable to command injection. This affec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-23079
RESERVED
CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
@@ -11874,7 +11874,7 @@ CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not va
CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0167
RESERVED
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...)
@@ -12176,7 +12176,7 @@ CVE-2023-22862
CVE-2023-22861
RESERVED
CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-22859
RESERVED
CVE-2023-22459
@@ -13273,7 +13273,7 @@ CVE-2023-22588
CVE-2023-22587
RESERVED
CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-0041
@@ -13797,7 +13797,7 @@ CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress pl
CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4827
@@ -14371,7 +14371,7 @@ CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in GitH
CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
NOT-FOR-US: usememos
CVE-2022-4795 (The Galleries by Angie Makes WordPress plugin through 1.67 does not va ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate and ...)
@@ -14385,7 +14385,7 @@ CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4788 (The Embed PDF WordPress plugin through 1.0.6 does not validate and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate and esca ...)
@@ -14657,7 +14657,7 @@ CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and
CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
@@ -15019,7 +15019,7 @@ CVE-2022-47914
CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes user ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
@@ -17372,7 +17372,7 @@ CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF
CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4550 (The User Activity WordPress plugin through 1.0.1 checks headers such a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress pl ...)
@@ -40636,7 +40636,7 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x throu
NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
CVE-2022-40237 (IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service atta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40236
RESERVED
CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to cause a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41eaaaeb761a3fe8295a7ae6c615d245e40d955c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41eaaaeb761a3fe8295a7ae6c615d245e40d955c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/7345ef32/attachment.htm>
More information about the debian-security-tracker-commits
mailing list