Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2a0ff9aa by Moritz Muehlenhoff at 2023-04-24T13:06:04+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -88,17 +88,17 @@ CVE-2023-31063 CVE-2023-31062 RESERVED CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection. ...) - TODO: check + NOT-FOR-US: Repetier Server CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be leverag ...) - TODO: check + NOT-FOR-US: Repetier Server CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...) - TODO: check + NOT-FOR-US: Repetier Server CVE-2023-31058 RESERVED CVE-2023-31057 RESERVED CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in certain si ...) - TODO: check + NOT-FOR-US: CloverDX CVE-2023-31055 RESERVED CVE-2023-31054 @@ -124,7 +124,7 @@ CVE-2023-31045 CVE-2023-31044 RESERVED CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...) - TODO: check + NOT-FOR-US: EnterpriseDB CVE-2023-2247 RESERVED CVE-2023-31042 @@ -134,7 +134,7 @@ CVE-2023-31041 CVE-2023-31040 RESERVED CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2023-31039 RESERVED CVE-2023-31038 @@ -444,7 +444,7 @@ CVE-2023-2222 CVE-2023-2221 RESERVED CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: KodExplorer CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...) NOT-FOR-US: Dream Technology mica CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) @@ -1383,13 +1383,13 @@ CVE-2023-30623 CVE-2023-30622 RESERVED CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...) - TODO: check + NOT-FOR-US: Gipsy CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...) - TODO: check + NOT-FOR-US: mindsdb CVE-2023-30619 RESERVED CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...) - TODO: check + NOT-FOR-US: Kitchen-Terraform CVE-2023-30617 RESERVED CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) @@ -5722,9 +5722,9 @@ CVE-2023-1709 CVE-2023-29021 RESERVED CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...) - TODO: check + NOT-FOR-US: @fastify/passport CVE-2023-29019 (@fastify/passport is a port of passport authentication library for the ...) - TODO: check + NOT-FOR-US: @fastify/passport CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...) NOT-FOR-US: open-feature-operator CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) @@ -8863,7 +8863,7 @@ CVE-2023-28133 CVE-2023-28132 RESERVED CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...) - TODO: check + NOT-FOR-US: expo.io CVE-2023-28130 RESERVED CVE-2023-28129 @@ -10409,7 +10409,7 @@ CVE-2023-27616 CVE-2023-27615 RESERVED CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27613 RESERVED CVE-2023-27612 @@ -10867,7 +10867,7 @@ CVE-2023-1130 (A vulnerability, which was classified as critical, was found in S CVE-2023-27496 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy <itp> (bug #987544) CVE-2023-27495 (@fastify/csrf-protection is a plugin which helps protect Fastify serve ...) - TODO: check + NOT-FOR-US: @fastify/csrf-protection CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...) NOT-FOR-US: Streamlit CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...) @@ -11016,7 +11016,7 @@ CVE-2023-27427 CVE-2023-27426 RESERVED CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-27424 RESERVED CVE-2023-27423 @@ -13028,9 +13028,9 @@ CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author bef CVE-2023-26558 RESERVED CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a private ...) - TODO: check + NOT-FOR-US: io.finnet tss-lib CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side ...) - TODO: check + NOT-FOR-US: io.finnet tss-lib CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...) - ntp <removed> [bullseye] - ntp <no-dsa> (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver) @@ -16633,7 +16633,7 @@ CVE-2023-25453 CVE-2023-25452 RESERVED CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25450 RESERVED CVE-2023-25449 @@ -19619,7 +19619,7 @@ CVE-2023-24406 CVE-2023-24405 RESERVED CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) NOT-FOR-US: WordPress plugin CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...) @@ -19655,7 +19655,7 @@ CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Book CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) NOT-FOR-US: WordPress plugin CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24385 RESERVED CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...) @@ -20927,7 +20927,7 @@ CVE-2023-23881 CVE-2023-23880 RESERVED CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...) NOT-FOR-US: WordPress plugin CVE-2023-23877 @@ -21079,7 +21079,7 @@ CVE-2023-23834 CVE-2023-23833 RESERVED CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23831 RESERVED CVE-2023-23830 @@ -21089,7 +21089,7 @@ CVE-2023-23829 CVE-2023-23828 RESERVED CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23826 RESERVED CVE-2023-23825 @@ -21109,9 +21109,9 @@ CVE-2023-23819 CVE-2023-23818 RESERVED CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23814 @@ -21131,7 +21131,7 @@ CVE-2023-23808 CVE-2023-23807 RESERVED CVE-2023-23806 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23805 RESERVED CVE-2023-23804 @@ -21391,7 +21391,7 @@ CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are t CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...) NOT-FOR-US: frioux ptome CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQ ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...) NOT-FOR-US: Joomla! CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...) @@ -21463,7 +21463,7 @@ CVE-2023-23719 CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...) NOT-FOR-US: Esstat17 CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23716 RESERVED CVE-2023-23715 @@ -24854,7 +24854,7 @@ CVE-2023-22720 CVE-2023-22719 RESERVED CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22717 RESERVED CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam A ...) @@ -24894,7 +24894,7 @@ CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite CVE-2023-22699 RESERVED CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22697 RESERVED CVE-2023-22696 @@ -24918,7 +24918,7 @@ CVE-2023-22688 CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...) NOT-FOR-US: Jose Mortellaro Freesoul Deactivate CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22685 RESERVED CVE-2023-22684 @@ -27168,7 +27168,7 @@ CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...) NOT-FOR-US: Multi-Party Threshold Signature Scheme CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...) - TODO: check + NOT-FOR-US: io.finnet tss-lib CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...) {DSA-5324-1 DLA-3349-1} - linux 6.1.7-1 @@ -29836,7 +29836,7 @@ CVE-2022-47437 CVE-2022-47436 RESERVED CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47434 RESERVED CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...) @@ -36337,7 +36337,7 @@ CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffing CVE-2022-45362 RESERVED CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45360 RESERVED CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift C ...) @@ -37102,7 +37102,7 @@ CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulner CVE-2022-45081 RESERVED CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45079 RESERVED CVE-2022-45078 @@ -37114,7 +37114,7 @@ CVE-2022-45076 CVE-2022-45075 RESERVED CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentica ...) NOT-FOR-US: WordPress plugin CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...) @@ -37974,7 +37974,7 @@ CVE-2022-44745 (Sensitive information leak through log files. The following prod CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) NOT-FOR-US: Acronis CVE-2022-44743 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Blu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...) NOT-FOR-US: WordPress plugin CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) @@ -39324,7 +39324,7 @@ CVE-2022-44633 CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...) NOT-FOR-US: WordPress plugin CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44630 RESERVED CVE-2022-44629 @@ -39569,7 +39569,7 @@ CVE-2022-44596 CVE-2022-44595 RESERVED CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44593 RESERVED CVE-2022-44592 @@ -39593,7 +39593,7 @@ CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ pl CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin & ...) NOT-FOR-US: WordPress plugin CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Appt ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44581 RESERVED CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0ff9aa3ba814aa5d6854a5aa538ea8b3b2a9f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0ff9aa3ba814aa5d6854a5aa538ea8b3b2a9f7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits