[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 26 09:45:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3566997 by Salvatore Bonaccorso at 2023-05-26T10:37:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...)
TODO: check
CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
- TODO: check
+ NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
NOT-FOR-US: mipjz
CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
@@ -165,7 +165,7 @@ CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antiv
CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...)
NOT-FOR-US: FlexiHub
CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...)
- TODO: check
+ NOT-FOR-US: FabulaTech USB for Remote Desktop
CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...)
NOT-FOR-US: EnTech Monitor Asset Manager
CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...)
@@ -4484,7 +4484,7 @@ CVE-2023-30486
CVE-2023-30485
RESERVED
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30483
RESERVED
CVE-2023-30482
@@ -6165,7 +6165,7 @@ CVE-2023-29723
CVE-2023-29722
RESERVED
CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...)
- TODO: check
+ NOT-FOR-US: SofaWiki
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
NOT-FOR-US: SofaWiki
CVE-2023-29719
@@ -13444,7 +13444,7 @@ CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub reposi
CVE-2023-1159
RESERVED
CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
NOT-FOR-US: Finixbit elf-parser
CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -18994,9 +18994,9 @@ CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for
CVE-2023-25600
RESERVED
CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
NOT-FOR-US: Mitel
CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...)
@@ -19493,7 +19493,7 @@ CVE-2023-25441
CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
- civicrm <unfixed> (bug #1036695)
CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...)
- TODO: check
+ NOT-FOR-US: Square Pig FusionInvoice
CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
NOT-FOR-US: MilleGP5
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...)
@@ -28599,7 +28599,7 @@ CVE-2023-22506
CVE-2023-22505
RESERVED
CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
NOT-FOR-US: Atlassian
CVE-2023-22502
@@ -29383,7 +29383,7 @@ CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been d
CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...)
NOT-FOR-US: Lenovo
CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
NOT-FOR-US: usememos
CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
@@ -33654,7 +33654,7 @@ CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Ko
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47176
@@ -33662,7 +33662,7 @@ CVE-2022-47176
CVE-2022-47175
RESERVED
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47172
@@ -33680,19 +33680,19 @@ CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharya
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47160
RESERVED
CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...)
@@ -33712,7 +33712,7 @@ CVE-2022-47151
CVE-2022-47150
RESERVED
CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...)
@@ -33722,7 +33722,7 @@ CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
@@ -33732,15 +33732,15 @@ CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dyn
CVE-2022-47140
RESERVED
CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47133
@@ -34502,9 +34502,9 @@ CVE-2022-46868
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
@@ -34522,7 +34522,7 @@ CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Am
CVE-2022-46857
RESERVED
CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
@@ -34657,7 +34657,7 @@ CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC
CVE-2022-46821
RESERVED
CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46818
@@ -34669,15 +34669,15 @@ CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46811
RESERVED
CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46809
RESERVED
CVE-2022-46808
@@ -34697,7 +34697,7 @@ CVE-2022-46802
CVE-2022-46801
RESERVED
CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...)
@@ -37717,7 +37717,7 @@ CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC T
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45813
@@ -39247,7 +39247,7 @@ CVE-2022-45373
CVE-2022-45372
RESERVED
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45370
RESERVED
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...)
@@ -39255,9 +39255,9 @@ CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugi
CVE-2022-45368
RESERVED
CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45365
RESERVED
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
@@ -46985,7 +46985,7 @@ CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vul
CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...)
@@ -47073,7 +47073,7 @@ CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format
CVE-2022-41990
RESERVED
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...)
@@ -47129,11 +47129,11 @@ CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail
CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38702
RESERVED
CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3648
@@ -52348,7 +52348,7 @@ CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
@@ -53471,7 +53471,7 @@ CVE-2022-41256
CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...)
NOT-FOR-US: Mitel
CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...)
- TODO: check
+ NOT-FOR-US: OpenText Archive Center Administration
CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...)
NOT-FOR-US: Moxa
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35669971369ed98c2b848bc7376a20da7140e45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35669971369ed98c2b848bc7376a20da7140e45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230526/64cc36da/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list