[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 18 11:42:42 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13c724e9 by Moritz Muehlenhoff at 2023-07-18T12:42:20+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,57 +1,57 @@
CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor ...)
TODO: check
CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server certificate whi ...)
- TODO: check
+ NOT-FOR-US: Mattermost iOS app
CVE-2023-3614 (Mattermost fails to properly validate a gif image file, allowing an at ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the membership statu ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an attacker t ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3591 (Mattermost fails to invalidate previously generated password reset tok ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing an atta ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3587 (Mattermost fails to properly show information in the UI, allowing a sy ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable Publicly-Sh ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3585 (Mattermost Boards fail to properly validate a board link, allowing an ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST /api/v4/te ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3582 (Mattermost fails to verify channel membership when linking a board to ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket connec ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3577 (Mattermost fails to properly restrict requests tolocalhost/intranet du ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 1.1.7 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c via a m ...)
TODO: check
CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. fs/smb/serv ...)
@@ -71,23 +71,23 @@ CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. ksmbd
CVE-2023-38409 (An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/ ...)
TODO: check
CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, crafting and ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...)
- TODO: check
+ NOT-FOR-US: Veritas InfoScale
CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow and heap ...)
TODO: check
CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Res ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Soc ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37968 (Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multi ...)
- TODO: check
+ NOT-FOR-US: WordPress themes
CVE-2023-37850
REJECTED
CVE-2023-37791 (D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-37781 (An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to exec ...)
- TODO: check
+ NOT-FOR-US: EMQX
CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow via th ...)
TODO: check
CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...)
@@ -117,65 +117,65 @@ CVE-2023-35880 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce W
CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devi ...)
TODO: check
CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=2.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35038 (Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34669 (TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-34143 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-34142 (Cleartext Transmission of Sensitive Information vulnerability in Hitac ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-34141 (A command injection vulnerability in the access point (AP) management ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34140 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34139 (A command injection vulnerability in the Free Time WiFi hotspot featur ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34138 (A command injection vulnerability in the hotspot management feature of ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-34036 (Reactive web applications that use Spring HATEOAS to produce hypermedi ...)
- TODO: check
+ NOT-FOR-US: Spring HATEOAS
CVE-2023-34005 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design F ...)
- TODO: check
+ NOT-FOR-US: Etoile Web Design
CVE-2023-33012 (A command injection vulnerability in the configuration parser of the Z ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-33011 (A format string vulnerability in the Zyxel ATP series firmware version ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-31998 (A heap overflow vulnerability found in EdgeRouters and Aircubes allows ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti
CVE-2023-31853 (Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-31852 (Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-b ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-31851 (Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Cudy LT400
CVE-2023-2963 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2959 (Authentication Bypass by Primary Weakness vulnerability in Oliva Exper ...)
- TODO: check
+ NOT-FOR-US: Oliva Expertise
CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability in Orig ...)
- TODO: check
+ NOT-FOR-US: Origin Software ATS Pro
CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded allows Ob ...)
TODO: check
CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape genera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not properly sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2579 (The InventoryPress WordPress plugin through 1.7 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2330 (The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2329 (The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36695 (Incorrect Default Permissions vulnerability in Hitachi Device Manager ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2015-10122 (A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3700 (Improper Access Control in GitHub repository alextselegidis/easyappoin ...)
NOT-FOR-US: easyappointments
CVE-2023-3696 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...)
@@ -8497,7 +8497,7 @@ CVE-2023-31218
CVE-2023-31217
RESERVED
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31215
RESERVED
CVE-2023-31214
@@ -9742,7 +9742,7 @@ CVE-2023-2145 (A vulnerability was found in Campcodes Online Thesis Archiving Sy
CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving System ...)
NOT-FOR-US: Campcodes Online Thesis Archiving System
CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2142
RESERVED
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...)
@@ -13717,7 +13717,7 @@ CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ke
CVE-2023-29384
RESERVED
CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...)
- ruby-sidekiq <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777
@@ -15798,7 +15798,7 @@ CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc
CVE-2023-28768
RESERVED
CVE-2023-28767 (The configuration parser fails to sanitize user-controlled input in th ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2023-25180
@@ -19813,7 +19813,7 @@ CVE-2023-27608
CVE-2023-27607
RESERVED
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
@@ -20408,7 +20408,7 @@ CVE-2023-27426
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27422
@@ -29379,7 +29379,7 @@ CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 ha
CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...)
NOT-FOR-US: healthchecks
CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its form n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0437
@@ -31134,7 +31134,7 @@ CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer A
CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetR ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23719 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...)
NOT-FOR-US: Esstat17
CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...)
@@ -31327,7 +31327,7 @@ CVE-2023-23648
CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23645
RESERVED
CVE-2023-23644
@@ -34647,7 +34647,7 @@ CVE-2023-22674
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Mul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...)
NOT-FOR-US: Weintek EasyBuilder Pro
CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...)
@@ -40486,7 +40486,7 @@ CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Per
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47172 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unli ...)
@@ -44237,7 +44237,7 @@ CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series (BACnet
CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...)
NOT-FOR-US: Siemens
CVE-2022-4146 (Expression Language Injection vulnerability in Hitachi Replication Man ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...)
NOT-FOR-US: Apache James
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...)
@@ -45582,7 +45582,7 @@ CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to 9
CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not have a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4023 (The 3DPrint WordPress plugin before 3.5.6.9 does not protect against C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure settings in ...)
NOT-FOR-US: SVG Support plugin for WordPress
CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to Cross ...)
@@ -61694,7 +61694,7 @@ CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin<=
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424 (Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forg ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36404 (Auth. (subscriber+) Broken Access Control vulnerability in David Cole ...)
@@ -68881,7 +68881,7 @@ CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera
CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event Calend ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38062 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export Post Inf ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c724e9e89c25a34b4adc0bbdb4665c00f8e5c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c724e9e89c25a34b4adc0bbdb4665c00f8e5c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/057eb670/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list