Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1927f825 by Salvatore Bonaccorso at 2023-08-16T22:17:34+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -12503,9 +12503,9 @@ CVE-2023-2274 CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...) NOT-FOR-US: Rapid7 CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) NOT-FOR-US: Apache InLong CVE-2023-31205 @@ -12764,7 +12764,7 @@ CVE-2023-2255 (Improper access control in editor components of The Document Foun - libreoffice 4:7.4.5-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/ CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not properly some ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...) {DSA-5414-1 DLA-3473-1} - docker-registry 2.8.2+ds1-1 (bug #1035956) @@ -13248,7 +13248,7 @@ CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...) NOT-FOR-US: Rapid7 CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...) @@ -13811,9 +13811,9 @@ CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel NOTE: https://lore.kernel.org/linux-xfs/20230412214034.gl3223...@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1) CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...) NOT-FOR-US: HashiCorp Vault CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) @@ -14977,7 +14977,7 @@ CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not validate U ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...) NOT-FOR-US: answer CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...) @@ -20814,7 +20814,7 @@ CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCo CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some genera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Medicine Tracker System CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) @@ -24541,7 +24541,7 @@ CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload C CVE-2023-1111 RESERVED CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-5328-1} - chromium 109.0.5414.119-1 @@ -32023,7 +32023,7 @@ CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protecti CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...) NOT-FOR-US: ABB CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: ASOS CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -32598,7 +32598,7 @@ CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to S CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does not ha ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...) NOT-FOR-US: Quick Restaurant Menu plugin for WordPress CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...) @@ -35844,7 +35844,7 @@ CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 doe CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...) @@ -39043,7 +39043,7 @@ CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does no CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) - pyload <itp> (bug #1001980) CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...) @@ -40376,7 +40376,7 @@ CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validat CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits