[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 30 09:52:51 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f5c7c2a by Salvatore Bonaccorso at 2023-05-30T10:52:28+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2023-2962 (A vulnerability, which was classified as critical, has been found
CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...)
TODO: check
CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...)
TODO: check
CVE-2023-2953 [potential null pointer dereference flaw]
@@ -2346,7 +2346,7 @@ CVE-2023-2298
CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a paramete ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
NOT-FOR-US: Dataprobe
CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...)
@@ -2388,9 +2388,9 @@ CVE-2023-2290
CVE-2023-2289
RESERVED
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2286
RESERVED
CVE-2023-2285
@@ -2710,7 +2710,7 @@ CVE-2023-31104
CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...)
NOT-FOR-US: Devolutions
CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
{DSA-5415-1}
- libreoffice 4:7.4.5-3
@@ -3203,7 +3203,7 @@ CVE-2023-2225
CVE-2023-2224
RESERVED
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2222
RESERVED
CVE-2023-2221
@@ -3764,7 +3764,7 @@ CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulne
CVE-2023-2118 (Insufficient access controlin support ticket feature in Devolutions Se ...)
NOT-FOR-US: Devolutions
CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2116
RESERVED
CVE-2023-2115
@@ -3772,11 +3772,11 @@ CVE-2023-2115
CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...)
NOT-FOR-US: M-Files
CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2110
RESERVED
CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...)
@@ -4422,7 +4422,7 @@ CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.
CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...)
NOT-FOR-US: OpenBlue Enterprise Manager Data Collector
CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2022
RESERVED
CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
@@ -7082,7 +7082,7 @@ CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodeste
CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Rem ...)
NOT-FOR-US: Devolutions
CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...)
NOT-FOR-US: zhenfeng13 My-Blog
CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and ...)
@@ -10040,7 +10040,7 @@ CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have r
CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1524 (The Download Manager WordPress plugin before 3.2.71 does not adequatel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...)
NOT-FOR-US: SAUTER
CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...)
@@ -19248,7 +19248,7 @@ CVE-2023-0767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767
NOTE: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
CVE-2023-0766 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...)
@@ -19393,7 +19393,7 @@ CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/w
CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
NOT-FOR-US: Wallabag
CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
NOT-FOR-US: SourceCodester
CVE-2023-25588
@@ -22959,7 +22959,7 @@ CVE-2023-0445
CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics Infra ...)
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-0443 (The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...)
@@ -24934,7 +24934,7 @@ CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest versi
NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
NOTE: No sanctioned upstream patch as of 2023-03-09
CVE-2023-0329 (The Elementor Website Builder WordPress plugin before 3.12.2 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi Automation Dire ...)
@@ -30492,7 +30492,7 @@ CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4676 (The OSM WordPress plugin through 6.01 does not validate and escape som ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5c7c2a0c83951157fb141287550f4d0af18272
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5c7c2a0c83951157fb141287550f4d0af18272
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/a95cfc4d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list