Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d6fa11f7 by Salvatore Bonaccorso at 2023-05-15T22:18:51+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2139,9 +2139,9 @@ CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab <unfixed> CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2178 RESERVED CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...) @@ -3346,7 +3346,7 @@ CVE-2023-2011 CVE-2023-2010 RESERVED CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) - linux 5.18.14-1 [bullseye] - linux 5.10.127-1 @@ -6054,7 +6054,7 @@ CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtif NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537 NOTE: Crash in CLI tool, no security impact CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1914 RESERVED CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to Stored ...) @@ -6228,7 +6228,7 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidek CVE-2023-1891 RESERVED CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1889 RESERVED CVE-2023-1888 @@ -6663,7 +6663,7 @@ CVE-2023-23581 CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...) NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 @@ -6674,7 +6674,7 @@ CVE-2023-1837 CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...) - gitlab <unfixed> CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...) NOT-FOR-US: Rockwell Automation CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...) @@ -8325,7 +8325,7 @@ CVE-2023-1598 CVE-2023-1597 RESERVED CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...) NOT-FOR-US: novel-plus CVE-2023-1594 (A vulnerability, which was classified as critical, was found in novel- ...) @@ -8609,7 +8609,7 @@ CVE-2023-1551 CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...) NOT-FOR-US: NGINX Agent CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user input ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Schneider CVE-2023-1547 @@ -11567,7 +11567,7 @@ CVE-2023-1209 CVE-2023-1208 RESERVED CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1206 RESERVED CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format s ...) @@ -15014,7 +15014,7 @@ CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not s CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...) NOT-FOR-US: WordPress plugin CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...) - libtpms 0.9.2-3.1 (bug #1032420) NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 @@ -16628,7 +16628,7 @@ CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin throug CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...) @@ -17411,7 +17411,7 @@ CVE-2023-0813 RESERVED NOT-FOR-US: Network Observability plugin for OpenShift console CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on the mem ...) NOT-FOR-US: Omron CJ1M CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) @@ -17871,11 +17871,11 @@ CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...) NOT-FOR-US: WordPress plugin CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...) - gpac <unfixed> (bug #1033116) [bullseye] - gpac <no-dsa> (Minor issue) @@ -19476,7 +19476,7 @@ CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a speci NOTE: https://github.com/libjxl/libjxl/issues/2100 NOTE: https://github.com/libjxl/libjxl/pull/2101 CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress plugin th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...) NOT-FOR-US: squidex CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...) @@ -19976,7 +19976,7 @@ CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM SQR has a vulnerability CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...) NOT-FOR-US: WisdomGarden Tronclass CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) NOT-FOR-US: Rapid7 CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...) @@ -20810,7 +20810,7 @@ CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin thro CVE-2023-0521 RESERVED CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) NOT-FOR-US: Modoboa CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -21132,7 +21132,7 @@ CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1. CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0489 RESERVED CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...) @@ -24285,7 +24285,7 @@ CVE-2023-0235 CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user input f ...) NOT-FOR-US: WordPress plugin CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...) @@ -28562,7 +28562,7 @@ CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the file ty ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: cloudsync CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fa11f76aa1367ad9b7081cfe3cc7cfc2a70789 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits