[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 22 20:43:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3df4595c by Salvatore Bonaccorso at 2023-11-22T21:42:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2023-6252 (Path traversal vulnerability in Chalemelon Power framework, affec
CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore 23.11.1 ...)
NOT-FOR-US: M-Files
CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6157 (Improper neutralization of livestatus command delimiters in ajax_searc ...)
@@ -97,9 +97,9 @@ CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress is vulnerable to St
CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: DRD Fleet Leasing DRDrive
CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to Sensitiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation Platform ...)
NOT-FOR-US: Nautobot
CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users ...)
@@ -107,83 +107,83 @@ CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows admin
CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...)
- zlib-ng <itp> (bug #1002056)
CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Bi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remot ...)
- TODO: check
+ NOT-FOR-US: jeecgboot jeecg-boot
CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SwiftyEdit Content Management System
CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
- TODO: check
+ NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a ...)
TODO: check
CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, b ...)
TODO: check
CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester St ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Sticky Notes App
CVE-2023-46673 (It was identified that malformed scripts used in the script processor ...)
TODO: check
CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 f ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for PrestaShop, a gue ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior, contains a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local user is ...)
TODO: check
CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which could a ...)
TODO: check
CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Veon Computer Service Tracking Software
CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized passwor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to authentication bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL injection vulne ...)
NOT-FOR-US: Apache Submarine
CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to download a ...)
@@ -30537,7 +30537,7 @@ CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
@@ -35687,11 +35687,11 @@ CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
- TODO: check
+ NOT-FOR-US: CreativeMindsSolutions CM On Demand Search And Replace plugin
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Curren ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28735
RESERVED
CVE-2023-28734
@@ -39530,7 +39530,7 @@ CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1 on Drupa
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...)
NOT-FOR-US: Shingo Intrepidity
CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Praye ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -40105,15 +40105,15 @@ CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27460
RESERVED
CVE-2023-27459
RESERVED
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27456
RESERVED
CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...)
@@ -40121,11 +40121,11 @@ CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ma
CVE-2023-27454
RESERVED
CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Inst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27449
@@ -40135,15 +40135,15 @@ CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories T
CVE-2023-27447
RESERVED
CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / Per ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27440
@@ -42387,7 +42387,7 @@ CVE-2019-25105 (A vulnerability, which was classified as problematic, was found
CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26540
@@ -42401,13 +42401,13 @@ CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26533
RESERVED
CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Keh ...)
@@ -44051,9 +44051,9 @@ CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Im
CVE-2023-25988
RESERVED
CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u016 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
@@ -45235,7 +45235,7 @@ CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1
CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...)
NOT-FOR-US: IBM
CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-25681
RESERVED
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...)
@@ -72256,9 +72256,9 @@ CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisc
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20239
RESERVED
CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
@@ -72578,7 +72578,7 @@ CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive Security
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure Endpoint for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the Snort 2 ...)
NOT-FOR-US: Cisco
CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...)
@@ -92626,7 +92626,7 @@ CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Rou
CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...)
NOT-FOR-US: Synel - eHarmony
CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3df4595c96b663701788f508c260cbb25b27b283
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3df4595c96b663701788f508c260cbb25b27b283
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/44d35287/attachment.htm>
More information about the debian-security-tracker-commits
mailing list