Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df0d4b4d by Salvatore Bonaccorso at 2023-06-20T13:58:57+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,7 @@ CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization ...) - TODO: check + NOT-FOR-US: CMS Commander plugin for WordPress CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site ...) - TODO: check + NOT-FOR-US: WP Sticky Social plugin for WordPress CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...) TODO: check CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...) @@ -70,37 +70,37 @@ CVE-2023-31410 (A remote unprivileged attacker can intercept the communication v CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress plugin be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not validate the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not escape a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and escape s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user input on c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not check f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting Systems Imag ...) TODO: check CVE-2022-48501 (Configuration defects in the secure OS module.Successful exploitation ...) @@ -5618,7 +5618,7 @@ CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not saniti CVE-2023-2222 RESERVED CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: KodExplorer CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...) @@ -25075,7 +25075,7 @@ CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not validate and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...) - pyload <itp> (bug #1001980) CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...) @@ -27047,7 +27047,7 @@ CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not vali CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual Compose ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...) NOT-FOR-US: MyCMS CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP query h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits