[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 15 21:19:21 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6fa11f7 by Salvatore Bonaccorso at 2023-05-15T22:18:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2139,9 +2139,9 @@ CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2178
RESERVED
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...)
@@ -3346,7 +3346,7 @@ CVE-2023-2011
CVE-2023-2010
RESERVED
CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...)
- linux 5.18.14-1
[bullseye] - linux 5.10.127-1
@@ -6054,7 +6054,7 @@ CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtif
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537
NOTE: Crash in CLI tool, no security impact
CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1914
RESERVED
CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to Stored ...)
@@ -6228,7 +6228,7 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidek
CVE-2023-1891
RESERVED
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1889
RESERVED
CVE-2023-1888
@@ -6663,7 +6663,7 @@ CVE-2023-23581
CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...)
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
@@ -6674,7 +6674,7 @@ CVE-2023-1837
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
- gitlab <unfixed>
CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...)
@@ -8325,7 +8325,7 @@ CVE-2023-1598
CVE-2023-1597
RESERVED
CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...)
NOT-FOR-US: novel-plus
CVE-2023-1594 (A vulnerability, which was classified as critical, was found in novel- ...)
@@ -8609,7 +8609,7 @@ CVE-2023-1551
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...)
NOT-FOR-US: NGINX Agent
CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user input ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
NOT-FOR-US: Schneider
CVE-2023-1547
@@ -11567,7 +11567,7 @@ CVE-2023-1209
CVE-2023-1208
RESERVED
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1206
RESERVED
CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format s ...)
@@ -15014,7 +15014,7 @@ CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not s
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...)
- libtpms 0.9.2-3.1 (bug #1032420)
NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
@@ -16628,7 +16628,7 @@ CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin throug
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...)
@@ -17411,7 +17411,7 @@ CVE-2023-0813
RESERVED
NOT-FOR-US: Network Observability plugin for OpenShift console
CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on the mem ...)
NOT-FOR-US: Omron CJ1M
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
@@ -17871,11 +17871,11 @@ CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
- gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -19476,7 +19476,7 @@ CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a speci
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress plugin th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...)
NOT-FOR-US: squidex
CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...)
@@ -19976,7 +19976,7 @@ CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM SQR has a vulnerability
CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...)
NOT-FOR-US: WisdomGarden Tronclass
CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
NOT-FOR-US: Rapid7
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...)
@@ -20810,7 +20810,7 @@ CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin thro
CVE-2023-0521
RESERVED
CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...)
NOT-FOR-US: Modoboa
CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -21132,7 +21132,7 @@ CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.
CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0489
RESERVED
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...)
@@ -24285,7 +24285,7 @@ CVE-2023-0235
CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user input f ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...)
@@ -28562,7 +28562,7 @@ CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the file ty ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
NOT-FOR-US: cloudsync
CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230515/8a963497/attachment.htm>
More information about the debian-security-tracker-commits
mailing list