[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 6 09:58:54 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e49d0371 by Moritz Muehlenhoff at 2023-10-06T10:58:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...)
TODO: check
CVE-2023-5312 (A vulnerability classified as critical has been found in DedeCMS 5.7.1 ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45242 (Sensitive information disclosure due to missing authorization. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45241 (Sensitive information leak through log files. The following products a ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45240 (Sensitive information disclosure due to missing authorization. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44214 (Sensitive information disclosure due to missing authorization. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44213 (Sensitive information disclosure due to excessive collection of system ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44212 (Sensitive information disclosure and manipulation due to missing autho ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44211 (Sensitive information disclosure and manipulation due to missing autho ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file upload vu ...)
- TODO: check
+ NOT-FOR-US: pigcms
CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39323 (Line directives ("//line") can be used to bypass the restrictions on " ...)
TODO: check
CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map Photos Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10125 (A vulnerability classified as problematic has been found in WP Ultimat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: ourceCodester Online Pizza Ordering System
CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...)
@@ -35017,23 +35017,23 @@ CVE-2023-26155
CVE-2023-26154
RESERVED
CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)
- TODO: check
+ NOT-FOR-US: geokit-rails
CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: Node static-server
CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...)
- TODO: check
+ NOT-FOR-US: asyncua
CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...)
- TODO: check
+ NOT-FOR-US: asyncua
CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: Node quill-mention
CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of ...)
- TODO: check
+ NOT-FOR-US: pydash
CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...)
- node-graphql <unfixed>
[bookworm] - node-graphql <no-dsa> (Minor issue)
@@ -35042,9 +35042,9 @@ CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 ar
NOTE: https://github.com/graphql/graphql-js/issues/3955
NOTE: https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226
CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Arbitrar ...)
- TODO: check
+ NOT-FOR-US: Node blamer
CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
- TODO: check
+ NOT-FOR-US: Crow
CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...)
- ruby-sidekiq <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
@@ -35542,7 +35542,7 @@ CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationM
CVE-2023-25990
RESERVED
CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25988
RESERVED
CVE-2023-25987
@@ -35560,7 +35560,7 @@ CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...)
@@ -36077,7 +36077,7 @@ CVE-2023-25790
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...)
@@ -36184,7 +36184,7 @@ CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...)
NOT-FOR-US: Plesk
CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-0826
@@ -37492,7 +37492,7 @@ CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
@@ -37544,7 +37544,7 @@ CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
@@ -38617,7 +38617,7 @@ CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25026
RESERVED
CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sale ...)
@@ -39127,31 +39127,31 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not pr
CVE-2023-0601
RESERVED
CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...)
NOT-FOR-US: Qualcomm
CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24852
RESERVED
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24846
RESERVED
CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...)
@@ -40276,7 +40276,7 @@ CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus t
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
NOT-FOR-US: Milesight UR32L
CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allow ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...)
NOT-FOR-US: Pandora FMS File Manager component
CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...)
@@ -40290,7 +40290,7 @@ CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client func
CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in its 2.61 ...)
- TODO: check
+ NOT-FOR-US: ByDemes Group Airspace CCTV Web Service
CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...)
@@ -42379,7 +42379,7 @@ CVE-2023-23768
CVE-2023-23767
RESERVED
CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
@@ -43309,7 +43309,7 @@ CVE-2023-23497 (A logic issue was addressed with improved state management. This
CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-23495 (A permissions issue was addressed with improved redaction of sensitive ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...)
@@ -46172,7 +46172,7 @@ CVE-2023-22646
CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
NOT-FOR-US: kubewarden
CVE-2023-22644 (An Innsertion of Sensitive Information into Log File vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SUSE Manager Server Module
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
NOT-FOR-US: SAP
CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...)
@@ -46363,7 +46363,7 @@ CVE-2021-4301 (A vulnerability was found in slackero phpwcms up to 1.9.26 and cl
CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and classified a ...)
NOT-FOR-US: ghostlander Halcyon
CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia WaveLit ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in PowerDN ...)
- pdns-recursor 4.8.1-1 (bug #1029367)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced later)
@@ -46767,7 +46767,7 @@ CVE-2023-22517
CVE-2023-22516
RESERVED
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22514
RESERVED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
@@ -48460,13 +48460,13 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
NOT-FOR-US: Qualcomm
CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22383
RESERVED
CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47912
@@ -48480,11 +48480,11 @@ CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP Fil
CVE-2022-47894
RESERVED
CVE-2022-47893 (There is a remote code execution vulnerability that affects all versio ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated remote attac ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the MAC and se ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...)
@@ -49443,9 +49443,9 @@ CVE-2022-47564
CVE-2022-47563
RESERVED
CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port (111), allowi ...)
- TODO: check
+ NOT-FOR-US: ekorCCP
CVE-2022-47561 (The web application stores credentials in clear text in the "admin.xml ...)
- TODO: check
+ NOT-FOR-US: ekorCCP
CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices allows ...)
NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...)
@@ -50033,7 +50033,7 @@ CVE-2023-22026
CVE-2023-22025
RESERVED
CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...)
@@ -52855,7 +52855,7 @@ CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Build ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46840
RESERVED
CVE-2022-46839
@@ -53206,7 +53206,7 @@ CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user
CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...)
NOT-FOR-US: CODESYS
CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671
@@ -62458,7 +62458,7 @@ CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missi
CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...)
NOT-FOR-US: MediaTek
CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write due to a ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...)
NOT-FOR-US: MediaTek
CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...)
@@ -62961,13 +62961,13 @@ CVE-2023-20599
CVE-2023-20598
RESERVED
CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20596
RESERVED
CVE-2023-20595
RESERVED
CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...)
{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1}
- linux 6.4.4-2
@@ -63680,7 +63680,7 @@ CVE-2023-20261
CVE-2023-20260
RESERVED
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20258
RESERVED
CVE-2023-20257
@@ -63728,7 +63728,7 @@ CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allo
CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...)
NOT-FOR-US: Cisco
CVE-2023-20235 (A vulnerability in the on-device application development workflow feat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco FXOS Software
CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...)
@@ -64004,7 +64004,7 @@ CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an
CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure ...)
NOT-FOR-US: Cisco
CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...)
NOT-FOR-US: Cisco
CVE-2023-20099
@@ -72308,7 +72308,7 @@ CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not enforce ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
@@ -85423,9 +85423,9 @@ CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulne
CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' pa ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' p ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
@@ -147326,7 +147326,7 @@ CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CS
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3784 (Garuda Linux performs an insecure user creation and authentication tha ...)
- TODO: check
+ NOT-FOR-US: Garuda Linux
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/cf9fc53a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list