Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5d5cf9e by Salvatore Bonaccorso at 2023-05-02T10:17:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4446,9 +4446,9 @@ CVE-2023-29683
CVE-2023-29682
RESERVED
CVE-2023-29681 (Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0,
firmware ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-29680 (Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0,
Firmwar ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-29679
RESERVED
CVE-2023-29678
@@ -5211,7 +5211,7 @@ CVE-2023-1913 (The Maps Widget for Google Maps for
WordPress is vulnerable to St
CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: Limit Login Attempts plugin for WordPress
CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not
ensure t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1910
RESERVED
CVE-2023-1909 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
@@ -5426,7 +5426,7 @@ CVE-2023-1863 (Improper Neutralization of Special
Elements used in an SQL Comman
CVE-2023-1862
RESERVED
CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to
Cross-Site R ...)
NOT-FOR-US: WCFM Membership plugin for WordPress
CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to
unauthorized ...)
@@ -5938,7 +5938,7 @@ CVE-2023-1810 (Heap buffer overflow in Visuals in Google
Chrome prior to 112.0.5
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1809 (The Download Manager WordPress plugin before 6.3.0 leaks master
key in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1808
RESERVED
CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not
effectively f ...)
@@ -6048,9 +6048,9 @@ CVE-2023-1807
CVE-2023-1806
RESERVED
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1803 (Authentication Bypass by Alternate Name vulnerability in DTS
Electroni ...)
NOT-FOR-US: DTS Electronics Redline Router firmware
CVE-2023-1802 (In Docker Desktop 4.17.x the Artifactory Integration falls back
to sen ...)
@@ -6474,7 +6474,7 @@ CVE-2023-1732
CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file
upload fun ...)
NOT-FOR-US: LTOS
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not
validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1729
RESERVED
- libraw <undetermined>
@@ -6854,7 +6854,7 @@ CVE-2023-1670 (A flaw use after free in the Linux kernel
Xircom 16-bit PCMCIA (P
[bullseye] - linux 5.10.178-1
NOTE:
https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
CVE-2023-1669 (The SEOPress WordPress plugin before 6.5.0.3 unserializes user
input p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4934 (A post-auth command injection vulnerability in the exception
wizard of ...)
NOT-FOR-US: Sophos
CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of
Sophos W ...)
@@ -7312,7 +7312,7 @@ CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage
products have an acces
CVE-2023-1615
RESERVED
CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28807
RESERVED
CVE-2023-28806
@@ -7663,7 +7663,7 @@ CVE-2023-27394 (Osprey Pump Controller version 1.01 is
vulnerable an unauthentic
CVE-2023-25071
RESERVED
CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1553
RESERVED
CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a
deserialization vulne ...)
@@ -7733,7 +7733,7 @@ CVE-2023-1548 (A CWE-269: Improper Privilege Management
vulnerability exists tha
CVE-2023-1547
RESERVED
CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not
escape som ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass
prior to 3 ...)
- teampass <itp> (bug #730180)
CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's
paravirtual RD ...)
@@ -7856,7 +7856,7 @@ CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in
GitHub repository tsoluci
CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have
risk o ...)
NOT-FOR-US: HP
CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1524
RESERVED
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate
privile ...)
@@ -11958,7 +11958,7 @@ CVE-2023-1127 (Divide By Zero in GitHub repository
vim/vim prior to 9.0.1367.)
CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1125 (The Ruby Help Desk WordPress plugin before 1.3.4 does not
ensure that ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before
5.4.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1123
@@ -12230,7 +12230,7 @@ CVE-2023-1092 (The OAuth Single Sign On Free WordPress
plugin before 6.24.2, OAu
CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Alpata Licensed Warehousing Automation System
CVE-2023-1090 (The SMTP Mailing Queue WordPress plugin before 2.0.1 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF
check ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not
have CSRF ...)
@@ -14119,7 +14119,7 @@ CVE-2023-1023 (The WP Meta SEO plugin for WordPress is
vulnerable to unauthorize
CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to
unauthorized opt ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1019
@@ -15286,7 +15286,7 @@ CVE-2023-0926
CVE-2023-0925
RESERVED
CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate
the typ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0923
RESERVED
NOT-FOR-US: Red Hat OpenShift Data Science
@@ -15733,7 +15733,7 @@ CVE-2023-0893 (The Time Sheets WordPress plugin before
1.29.3 does not sanitise
CVE-2023-0892
RESERVED
CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate
WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not
have auth ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d5cf9e83a6fbcc3b1e453f15adb68f208364c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5d5cf9e83a6fbcc3b1e453f15adb68f208364c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
