[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 8 21:30:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a02729ba by Salvatore Bonaccorso at 2023-05-08T22:29:37+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1909,7 +1909,7 @@ CVE-2023-2116
CVE-2023-2115
RESERVED
CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2113
RESERVED
CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...)
@@ -2992,7 +2992,7 @@ CVE-2023-1981 [avahi-daemon can be crashed via DBus]
CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remote Des ...)
NOT-FOR-US: Devolutions
CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1978
RESERVED
CVE-2023-1977
@@ -5462,7 +5462,7 @@ CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick'
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84)
CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...)
NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6. It h ...)
@@ -6297,7 +6297,7 @@ CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
CVE-2023-1807
RESERVED
CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...)
@@ -7220,7 +7220,7 @@ CVE-2023-1662
CVE-2023-1661
RESERVED
CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1659
REJECTED
CVE-2023-1658
@@ -7247,11 +7247,11 @@ CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5)
CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user input f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1648
REJECTED
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...)
@@ -9137,7 +9137,7 @@ CVE-2023-28344
CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...)
NOT-FOR-US: Altenergy Power Control Software
CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...)
NOT-FOR-US: SourceCodester
CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files ...)
@@ -10002,7 +10002,7 @@ CVE-2023-28120
CVE-2023-1348
RESERVED
CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6 unserialize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...)
- golang-github-crewjam-saml <unfixed> (bug #1033753)
NOTE: https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 (v0.4.13)
@@ -14406,7 +14406,7 @@ CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page
CVE-2023-1012
RESERVED
CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape most of i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1010 (A vulnerability classified as critical was found in vox2png 1.0. Affec ...)
NOT-FOR-US: vox2png
CVE-2023-1009 (A vulnerability classified as problematic has been found in DrayTek Vi ...)
@@ -14988,7 +14988,7 @@ CVE-2023-0950
CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
NOT-FOR-US: Modoboa
CVE-2023-0948 (The Japanized For WooCommerce WordPress plugin before 2.5.8 does not e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker to achie ...)
NOT-FOR-US: ThingsBoard
CVE-2021-4326 (A vulnerability in Imperative framework which allows already-privilege ...)
@@ -15992,7 +15992,7 @@ CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential w
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0892
@@ -17162,7 +17162,7 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior
CVE-2023-0769
RESERVED
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin through 5.0. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25641
RESERVED
CVE-2023-25640
@@ -18809,7 +18809,7 @@ CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25022 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fare ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25019
@@ -19294,7 +19294,7 @@ CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 doe
CVE-2023-0604
RESERVED
CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0602
RESERVED
CVE-2023-0601
@@ -20098,11 +20098,11 @@ CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not p
CVE-2023-0545
RESERVED
CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0542 (The Custom Post Type List Shortcode WordPress plugin through 1.4.4 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...)
@@ -20112,9 +20112,9 @@ CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not v
CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0537 (The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0536 (The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -20134,7 +20134,7 @@ CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours & Travel
CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hiring ...)
NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...)
{DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
@@ -20173,7 +20173,7 @@ CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privil
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin through 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0521
RESERVED
CVE-2023-0520
@@ -20262,7 +20262,7 @@ CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travel
CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0514 (The Membership Database WordPress plugin through 1.0 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...)
NOT-FOR-US: isoftforce Dreamer CMS
CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.)
@@ -21877,7 +21877,7 @@ CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does n
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0421 (The Cloud Manager WordPress plugin through 1.0 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...)
@@ -23262,7 +23262,7 @@ CVE-2023-0282 (The YourChannel WordPress plugin before 1.2.2 does not sanitize a
CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280 (The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...)
@@ -23286,9 +23286,9 @@ CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 do
CVE-2023-0269
REJECTED
CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress plugin throu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4888
RESERVED
CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
@@ -36114,7 +36114,7 @@ CVE-2022-4120 (The Stop Spammers Security | Block Spam Users, Comments, Forms Wo
CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4118 (The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor st ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a parame ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a02729bab5560366791a6482078feaee9a935ed9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a02729bab5560366791a6482078feaee9a935ed9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230508/d5b0021b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list