[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 7 20:33:55 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
392c71c8 by Salvatore Bonaccorso at 2023-11-07T21:33:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,21 +37,21 @@ CVE-2023-5506 (The ImageMapper plugin for WordPress is vulnerable to unauthorize
CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5contain a fl ...)
TODO: check
CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4295 (A local non-privileged user can make improper GPU memory processing op ...)
TODO: check
CVE-2023-4272 (A local non-privileged user can make GPU processing operations that ex ...)
TODO: check
CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSoluti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in funct ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...)
TODO: check
CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...)
@@ -61,41 +61,41 @@ CVE-2023-46744 (Squidex is an open source headless CMS and content management hu
CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...)
TODO: check
CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...)
- TODO: check
+ NOT-FOR-US: Group-Office CRM
CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...)
- TODO: check
+ NOT-FOR-US: BoltWire
CVE-2023-46253 (Squidex is an open source headless CMS and content management hub. Aff ...)
TODO: check
CVE-2023-46252 (Squidex is an open source headless CMS and content management hub. Aff ...)
TODO: check
CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-46242 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-42659 (In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted fi ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 ...)
- TODO: check
+ NOT-FOR-US: Wonder CMS
CVE-2023-3889 (A local non-privileged user can make improper GPU memory processing op ...)
TODO: check
CVE-2023-37835
REJECTED
CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33481 (RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection att ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33480 (RemoteClinic 2.0 contains a critical vulnerability chain that can be e ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33479 (RemoteClinic version 2.0 contains a SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter ...)
- TODO: check
+ NOT-FOR-US: RemoteClinic
CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4431 (A vulnerability classified as problematic has been found in msyk FMDat ...)
TODO: check
CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict URL val ...)
@@ -33820,7 +33820,7 @@ CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and U
CVE-2023-28500 (A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 v ...)
NOT-FOR-US: Adobe
CVE-2023-28499 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in sim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28498
RESERVED
CVE-2023-28497
@@ -41274,7 +41274,7 @@ CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0898 (General Electric MiCOM S1 Agile is vulnerable to an attacker achieving ...)
- TODO: check
+ NOT-FOR-US: General Electric MiCOM S1 Agile
CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due ...)
NOT-FOR-US: Sielco PolyEco1000
CVE-2023-26030
@@ -41372,7 +41372,7 @@ CVE-2023-25985
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -48049,7 +48049,7 @@ CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23796 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -48488,7 +48488,7 @@ CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-
CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23678 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -51780,7 +51780,7 @@ CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for Wor
CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22719 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -56832,7 +56832,7 @@ CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47442 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
@@ -57748,7 +57748,7 @@ CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Ext
CVE-2022-47182
RESERVED
CVE-2022-47181 (Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
@@ -58792,7 +58792,7 @@ CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 com
CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46821 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -58816,7 +58816,7 @@ CVE-2022-46811
CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46809 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46807
@@ -58826,13 +58826,13 @@ CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Ca
CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46804 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46803 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46802 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46801 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
@@ -61958,7 +61958,7 @@ CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil
CVE-2022-45811
RESERVED
CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45809
RESERVED
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...)
@@ -63490,7 +63490,7 @@ CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Prod
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45368
@@ -63510,13 +63510,13 @@ CVE-2022-45362
CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability inYITH WooCommerce Gift Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45356
RESERVED
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
@@ -63530,11 +63530,11 @@ CVE-2022-45352
CVE-2022-45351
RESERVED
CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45349
RESERVED
CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...)
NOT-FOR-US: Apache ShardingSphere-Proxy
CVE-2022-45344
@@ -64281,7 +64281,7 @@ CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add
CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45078 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...)
@@ -65159,7 +65159,7 @@ CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Cr
CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44738 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
@@ -71375,7 +71375,7 @@ CVE-2022-42884
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...)
@@ -71465,7 +71465,7 @@ CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Po
CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38702 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
@@ -76717,7 +76717,7 @@ CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability inSeoSamba for W
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41616 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/392c71c81ad9ec6cf41126d2a91ba962bbceffad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/392c71c81ad9ec6cf41126d2a91ba962bbceffad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/f2cb12ed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list