Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1927f825 by Salvatore Bonaccorso at 2023-08-16T22:17:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12503,9 +12503,9 @@ CVE-2023-2274
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below,
suffer fr ...)
NOT-FOR-US: Rapid7
CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache
Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31205
@@ -12764,7 +12764,7 @@ CVE-2023-2255 (Improper access control in editor
components of The Document Foun
- libreoffice 4:7.4.5-3
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not
properly some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in
distribution/distri ...)
{DSA-5414-1 DLA-3473-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
@@ -13248,7 +13248,7 @@ CVE-2023-2227 (Improper Authorization in GitHub
repository modoboa/modoboa prior
CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in
Rapid7's V ...)
NOT-FOR-US: Rapid7
CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not
sanitise an ...)
@@ -13811,9 +13811,9 @@ CVE-2023-2124 (An out-of-bounds memory access flaw was
found in the Linux kernel
NOTE:
https://lore.kernel.org/linux-xfs/20230412214034.gl3223...@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE:
https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff
viewer ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is
vulnerable to Re ...)
@@ -14977,7 +14977,7 @@ CVE-2023-1979 (The Web Stories for WordPress plugin
supports the WordPress built
CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not
validate U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository
answerdev/ans ...)
NOT-FOR-US: answer
CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub
repository ...)
@@ -20814,7 +20814,7 @@ CVE-2023-1467 (A vulnerability classified as critical
has been found in SourceCo
CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study
Center Desk ...)
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some
genera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1464 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
@@ -24541,7 +24541,7 @@ CVE-2023-1112 (A vulnerability was found in Drag and
Drop Multiple File Upload C
CVE-2023-1111
RESERVED
CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does
not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on
Android ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -32023,7 +32023,7 @@ CVE-2023-0581 (The PrivateContent plugin for WordPress
is vulnerable to protecti
CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB
My Cont ...)
NOT-FOR-US: ABB
CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -32598,7 +32598,7 @@ CVE-2023-0553 (The Quick Restaurant Menu plugin for
WordPress is vulnerable to S
CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not
proper ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does
not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
@@ -35844,7 +35844,7 @@ CVE-2023-0276 (The Weaver Xtreme Theme Support
WordPress plugin before 6.2.7 doe
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before
4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate
and esca ...)
@@ -39043,7 +39043,7 @@ CVE-2023-0060 (The Responsive Gallery Grid WordPress
plugin before 2.3.9 does no
CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
- pyload <itp> (bug #1001980)
CVE-2023-0056 (An uncontrolled resource consumption vulnerability was
discovered in H ...)
@@ -40376,7 +40376,7 @@ CVE-2022-4784 (The Hueman Addons WordPress plugin
through 2.3.3 does not validat
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does
not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded
credential ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1927f82584365dcbc3fa08a7bc20fb5f13ff5b91
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
