[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 20 12:59:30 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
df0d4b4d by Salvatore Bonaccorso at 2023-06-20T13:58:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization ...)
- TODO: check
+ NOT-FOR-US: CMS Commander plugin for WordPress
CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WP Sticky Social plugin for WordPress
CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...)
TODO: check
CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...)
@@ -70,37 +70,37 @@ CVE-2023-31410 (A remote unprivileged attacker can intercept the communication v
CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not escape a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user input on c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not check f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting Systems Imag ...)
TODO: check
CVE-2022-48501 (Configuration defects in the secure OS module.Successful exploitation ...)
@@ -5618,7 +5618,7 @@ CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not saniti
CVE-2023-2222
RESERVED
CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: KodExplorer
CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...)
@@ -25075,7 +25075,7 @@ CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate
CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...)
- pyload <itp> (bug #1001980)
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...)
@@ -27047,7 +27047,7 @@ CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not vali
CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual Compose ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...)
NOT-FOR-US: MyCMS
CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP query h ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/531ed6bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list