[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 20 17:37:14 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99af4cf5 by Moritz Mühlenhoff at 2023-10-20T18:36:31+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,211 +1,211 @@
CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5656 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5655 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5647 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5646 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4947 (The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-4943 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4942 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4941 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4940 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4937 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4935 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4926 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4924 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4923 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4920 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4919 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4796 (The Booster for WooCommerce for WordPress is vulnerable to Information ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-4668 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4648 (The WP Customer Reviews plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4598 (The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4488 (The Dropbox Folder Share for WordPress is vulnerable to Local File Inc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4482 (The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4402 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4386 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4274 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...)
TODO: check
CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...)
TODO: check
CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...)
- TODO: check
+ NOT-FOR-US: Tauri
CVE-2023-45823 (Artifact Hub is a web-based application that enables finding, installi ...)
- TODO: check
+ NOT-FOR-US: Artifact Hub
CVE-2023-45822 (Artifact Hub is a web-based application that enables finding, installi ...)
- TODO: check
+ NOT-FOR-US: Artifact Hub
CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, installi ...)
- TODO: check
+ NOT-FOR-US: Artifact Hub
CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...)
- TODO: check
+ - tinymce <removed>
CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
- TODO: check
+ - tinymce <removed>
CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...)
- TODO: check
+ NOT-FOR-US: ArchiveBox
CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: QAD Search Server
CVE-2023-45394 (Stored Cross-Site Scripting (XSS) vulnerability in the Company field i ...)
- TODO: check
+ NOT-FOR-US: Small CRM
CVE-2023-45280 (Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its p ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2023-45279 (Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its p ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2023-44690 (Inadequate encryption strength in mycli 1.27.0 allows attackers to vie ...)
TODO: check
CVE-2023-44385 (The Home Assistant Companion for iOS and macOS app up to version 2023. ...)
- TODO: check
+ NOT-FOR-US: Home Assistant Companion
CVE-2023-43875 (Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2023-43359 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43345 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2023-43344 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2023-43342 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2023-43341 (Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allo ...)
- TODO: check
+ NOT-FOR-US: Evolution CMS
CVE-2023-43340 (Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a ...)
- TODO: check
+ NOT-FOR-US: Evolution CMS
CVE-2023-41899 (Home assistant is an open source home automation. In affected versions ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41898 (Home assistant is an open source home automation. The Home Assistant C ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41897 (Home assistant is an open source home automation. Home Assistant serve ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41896 (Home assistant is an open source home automation. Whilst auditing the ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41895 (Home assistant is an open source home automation. The Home Assistant l ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41894 (Home assistant is an open source home automation. The assessment verif ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-41893 (Home assistant is an open source home automation. The audit team\u2019 ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-40361 (SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the preview ...)
- TODO: check
+ NOT-FOR-US: SECUDOS Qiata
CVE-2023-3998 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3996 (The ARMember Lite - Membership Plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3869 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39731 (The leakage of the client secret in Kaibutsunosato v13.6.1 allows atta ...)
- TODO: check
+ NOT-FOR-US: Kaibutsunosato
CVE-2023-39680 (Sollace Unicopia version 1.1.1 and before was discovered to deserializ ...)
- TODO: check
+ NOT-FOR-US: Sollace Unicopia
CVE-2023-34052 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Vmware
CVE-2023-34051 (VMware Aria Operations for Logs contains an authentication bypass vuln ...)
- TODO: check
+ NOT-FOR-US: Vmware
CVE-2023-2325 (Stored XSS Vulnerability in M-Files Classic Web versions before 23.10a ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2022-4954 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4418 (The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4353 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2020-36759 (The Woody code snippets plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36758 (The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36755 (The Customizr theme for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2020-36754 (The Paid Memberships Pro plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36753 (The Hueman theme for WordPress is vulnerable to Cross-Site Request For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36751 (The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36714 (The Brizy plugin for WordPress is vulnerable to authorization bypass d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45802
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99af4cf54129c358c480893f7c38c83f1d56a0e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99af4cf54129c358c480893f7c38c83f1d56a0e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231020/2390ebb6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list