[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 9 10:03:44 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8976071 by Moritz Muehlenhoff at 2023-06-09T11:03:02+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -838,13 +838,13 @@ CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office
CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data ...)
NOT-FOR-US: JetBrains Ktor
CVE-2023-34092 (Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5 ...)
- TODO: check
+ NOT-FOR-US: Vite
CVE-2023-34091 (Kyverno is a policy engine designed for Kubernetes. In versions of Kyv ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy` serv ...)
- TODO: check
+ NOT-FOR-US: Brook
CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...)
NOT-FOR-US: OpenProject
CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...)
@@ -895,9 +895,9 @@ CVE-2023-32707 (In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14
CVE-2023-32706 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unau ...)
NOT-FOR-US: Splunk
CVE-2023-32690 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
- TODO: check
+ NOT-FOR-US: libspdm
CVE-2023-32310 (DataEase is an open source data visualization and analysis tool. The A ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
- libeconf <unfixed>
NOTE: https://github.com/openSUSE/libeconf/issues/178
@@ -1321,7 +1321,7 @@ CVE-2023-34152 (A vulnerability was found in ImageMagick. This security flaw cau
NOTE: a security risk per se and user needs to take precautions accordingly
NOTE: when enabled.
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339#issuecomment-1559698800
- TODO: check, CVE might get rejected or disputed
+ NOTE: CVE might get rejected or disputed
CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate and /p ...)
NOT-FOR-US: ebankIT
CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...)
@@ -3661,7 +3661,7 @@ CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/
CVE-2023-2306
RESERVED
CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: Favorites plugin for WordPress
CVE-2023-2303 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...)
@@ -3719,7 +3719,7 @@ CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEng
CVE-2023-2290
RESERVED
CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...)
@@ -3775,7 +3775,7 @@ CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions
CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2279
RESERVED
CVE-2023-2278
@@ -3785,7 +3785,7 @@ CVE-2023-2277
CVE-2023-2276 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...)
NOT-FOR-US: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress
CVE-2023-2275 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-2274
RESERVED
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...)
@@ -3801,7 +3801,7 @@ CVE-2023-31205
CVE-2023-31204
RESERVED
CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow an atta ...)
- TODO: check
+ NOT-FOR-US: PTC Vuforia Studio
CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...)
NOT-FOR-US: Intel
CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
@@ -3955,13 +3955,13 @@ CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT be
CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...)
NOT-FOR-US: Intel
CVE-2023-29502 (Before importing a project into Vuforia, a user could modify the \u20 ...)
- TODO: check
+ NOT-FOR-US: Vuforia
CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...)
NOT-FOR-US: Intel
CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and federate ...)
- TODO: check
+ NOT-FOR-US: Vuforia
CVE-2023-29152 (By changing the filename parameter in the request, an attacker could ...)
- TODO: check
+ NOT-FOR-US: Vuforia
CVE-2023-28822
RESERVED
CVE-2023-28745
@@ -3973,9 +3973,9 @@ CVE-2023-28719
CVE-2023-28378
RESERVED
CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...)
- TODO: check
+ NOT-FOR-US: Vuforia
CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
- TODO: check
+ NOT-FOR-US: Vuforia
CVE-2023-2270
RESERVED
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
@@ -4016,11 +4016,11 @@ CVE-2023-31118
CVE-2023-31117
RESERVED
CVE-2023-31116 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-31115 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-31114 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-31113
RESERVED
CVE-2023-31112
@@ -4069,7 +4069,7 @@ CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.
CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a user have ...)
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2023-2249 (The wpForo Forum plugin for WordPress is vulnerable to Local File Incl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2248
REJECTED
CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...)
@@ -4424,7 +4424,7 @@ CVE-2023-30950
CVE-2023-30949
RESERVED
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30947
RESERVED
CVE-2023-30946
@@ -4502,7 +4502,7 @@ CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor
CVE-2023-2238
RESERVED
CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...)
- linux 6.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -4642,7 +4642,7 @@ CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracas
CVE-2023-2190
RESERVED
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2188
RESERVED
CVE-2023-30896
@@ -4722,7 +4722,7 @@ CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, a
CVE-2023-2185
REJECTED
CVE-2023-2184 (The WP Responsive Tabs horizontal vertical and accordion Tabs plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2183 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -4937,7 +4937,7 @@ CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...)
NOT-FOR-US: modoboa
CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...)
NOT-FOR-US: Code Dx
CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...)
@@ -5204,15 +5204,15 @@ CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cin
NOTE: https://www.openwall.com/lists/oss-security/2023/05/10/5
NOTE: https://bugs.launchpad.net/nova/+bug/2004555
CVE-2023-2087 (The Essential Blocks plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2086 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2085 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2082
RESERVED
CVE-2023-2081
@@ -5671,9 +5671,9 @@ CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions sta
CVE-2023-2068
RESERVED
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...)
NOT-FOR-US: Armoli Technology Cargo Tracking System
CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -5745,7 +5745,7 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 all
CVE-2023-2032
RESERVED
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2030
RESERVED
CVE-2023-2029
@@ -6201,7 +6201,7 @@ CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remot
CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1977
RESERVED
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...)
@@ -8570,7 +8570,7 @@ CVE-2023-1919 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-
CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...)
NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48436
RESERVED
CVE-2023-29464
@@ -8675,7 +8675,7 @@ CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to St
CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not ensure t ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1910 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1909 (A vulnerability, which was classified as critical, was found in PHPGur ...)
NOT-FOR-US: PHPGurukul BP Monitoring Management System
CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...)
@@ -8825,7 +8825,7 @@ CVE-2023-1897
CVE-2023-1896
RESERVED
CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...)
- puppet <not-affected> (Limit to Puppet Server 7)
- puppetserver 7.9.5-2 (bug #1035541)
@@ -8877,9 +8877,9 @@ CVE-2023-1891
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1888 (The Directorist plugin for WordPress is vulnerable to an arbitrary use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...)
@@ -8932,7 +8932,7 @@ CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site
CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...)
NOT-FOR-US: YourChannel plugin for WordPress
CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable ...)
- TODO: check
+ NOT-FOR-US: FANUC
CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Eskom Computer Water Metering Software
CVE-2023-1862
@@ -9043,7 +9043,7 @@ CVE-2023-29347
CVE-2023-29346
RESERVED
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
@@ -9233,7 +9233,7 @@ CVE-2023-1845 (A vulnerability, which was classified as critical, was found in S
CVE-2023-1844
RESERVED
CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1842
REJECTED
CVE-2023-1841
@@ -9556,7 +9556,7 @@ CVE-2023-29171 (Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Ma
CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1807 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...)
@@ -10057,7 +10057,7 @@ CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
- gitlab <unfixed>
CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29021
RESERVED
CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...)
@@ -10847,7 +10847,7 @@ CVE-2023-28809
CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...)
NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products
CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28807
@@ -11245,21 +11245,21 @@ CVE-2023-28707 (Improper Input Validation vulnerability in Apache Software Found
CVE-2023-28706 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: Apache Airflow Hive Provider
CVE-2023-28705 (Openfind Mail2000 has insufficient filtering special characters of ema ...)
- TODO: check
+ NOT-FOR-US: Openfind
CVE-2023-28704 (Furbo dog camera has insufficient filtering for special parameter of d ...)
- TODO: check
+ NOT-FOR-US: Furbo
CVE-2023-28703 (ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer ov ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-28702 (ASUS RT-AC86U does not filter special characters for parameters in spe ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-28701 (ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. A ...)
- TODO: check
+ NOT-FOR-US: ELITE TECHNOLOGY CORP. Web Fax
CVE-2023-28700 (OMICARD EDM backend system\u2019s file uploading function does not res ...)
- TODO: check
+ NOT-FOR-US: OMICARD
CVE-2023-28699 (Wade Graphic Design FANTSY has a vulnerability of insufficient filteri ...)
- TODO: check
+ NOT-FOR-US: Wade Graphic Design FANTSY
CVE-2023-28698 (Wade Graphic Design FANTSY has a vulnerability of insufficient authori ...)
- TODO: check
+ NOT-FOR-US: Wade Graphic Design FANTSY
CVE-2023-28697 (Moxa MiiNePort E1 has a vulnerability of insufficient access control. ...)
NOT-FOR-US: Moxa
CVE-2023-28696
@@ -12024,7 +12024,7 @@ CVE-2023-1432 (A vulnerability was found in SourceCodester Online Food Ordering
CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sens ...)
NOT-FOR-US: WP Simple Shopping Cart plugin for WordPress
CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2023-1428
@@ -12087,7 +12087,7 @@ CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to
CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...)
NOT-FOR-US: Couchbase Server
CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2023-28468
RESERVED
CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
@@ -12593,9 +12593,9 @@ CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apach
CVE-2023-1405
RESERVED
CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1402 (The course participation report required additional checks to prevent ...)
- moodle <removed>
CVE-2023-1401
@@ -12631,7 +12631,7 @@ CVE-2023-1390 (A remote denial of service vulnerability was found in the Linux k
CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 2023 ...)
NOT-FOR-US: TP-Link
CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 5.7.9 allow ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-1387 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-1386
@@ -13137,7 +13137,7 @@ CVE-2023-1377 (The Solidres WordPress plugin through 0.9.4 does not sanitise and
CVE-2023-1376
RESERVED
CVE-2023-1375 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
NOT-FOR-US: Solidres plugin for WordPress
CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...)
@@ -13190,11 +13190,11 @@ CVE-2023-1362 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
CVE-2023-1361 (SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.)
NOT-FOR-US: Bumsys
CVE-2022-48392 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48391 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48390 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...)
NOT-FOR-US: Unisoc
CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...)
@@ -13260,7 +13260,7 @@ CVE-2023-28149
CVE-2023-28148
RESERVED
CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2023-28146
RESERVED
CVE-2023-28145
@@ -13487,7 +13487,7 @@ CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an impro
CVE-2023-28067
RESERVED
CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28065
RESERVED
CVE-2023-28064
@@ -13533,7 +13533,7 @@ CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encrypt
CVE-2023-28044
RESERVED
CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28042
RESERVED
CVE-2023-28041
@@ -13742,7 +13742,7 @@ CVE-2023-27991 (The post-authentication command injection vulnerability in the C
CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
NOT-FOR-US: Zyxel
CVE-2023-27989 (A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...)
NOT-FOR-US: Zyxel
CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...)
@@ -14608,9 +14608,9 @@ CVE-2023-27747 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authen
CVE-2023-27746 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a ...)
NOT-FOR-US: BlackVue DR750-2CH LTE
CVE-2023-27745 (An issue in South River Technologies TitanFTP Before v2.0.1.2102 allow ...)
- TODO: check
+ NOT-FOR-US: South River Technologies#
CVE-2023-27744 (An issue was discovered in South River Technologies TitanFTP NextGen s ...)
- TODO: check
+ NOT-FOR-US: South River Technologies#
CVE-2023-27743
RESERVED
CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...)
@@ -14818,9 +14818,9 @@ CVE-2023-27642
CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
NOT-FOR-US: L-Soft
CVE-2023-27640 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
- TODO: check
+ NOT-FOR-US: tshirtecommerce
CVE-2023-27639 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
- TODO: check
+ NOT-FOR-US: tshirtecommerce
CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
NOT-FOR-US: tshirtecommerce
CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
@@ -15073,7 +15073,7 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376)
NOTE: Crash in CLI tool, no security impact
CVE-2023-1169 (The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...)
NOT-FOR-US: flame.js
CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the ...)
@@ -16341,7 +16341,7 @@ CVE-2023-27128
CVE-2023-27127
RESERVED
CVE-2023-27126 (The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on fi ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-27125
RESERVED
CVE-2023-27124
@@ -17769,7 +17769,7 @@ CVE-2023-1017 (An out-of-bounds write vulnerability exists in TPM2.0's Module Li
NOTE: https://kb.cert.org/vuls/id/782720
NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf
CVE-2023-1016 (The Intuitive Custom Post Order plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1015
REJECTED
CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
@@ -17950,9 +17950,9 @@ CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogie
CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: RosarioSIS
CVE-2023-0993 (The Shield Security plugin for WordPress is vulnerable to Missing Auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0992 (The Shield Security plugin for WordPress is vulnerable to stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...)
- node-mermaid <unfixed> (bug #1032313)
[bullseye] - node-mermaid <no-dsa> (Minor issue)
@@ -17973,7 +17973,7 @@ CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCode
CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0985 (An Authorization Bypass vulnerability was found in MB Connect LinesmbC ...)
- TODO: check
+ NOT-FOR-US: mbCONNECT24
CVE-2023-0984
RESERVED
CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...)
@@ -18305,7 +18305,7 @@ CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox
CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...)
NOT-FOR-US: Trellix
CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to version 5. ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...)
NOT-FOR-US: Trellix
CVE-2023-0974
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8976071debd4bdaad00e02469d9bcdd5cea7421
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8976071debd4bdaad00e02469d9bcdd5cea7421
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230609/61fdae33/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list