Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df0d4b4d by Salvatore Bonaccorso at 2023-06-20T13:58:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to
authorization ...)
- TODO: check
+ NOT-FOR-US: CMS Commander plugin for WordPress
CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WP Sticky Social plugin for WordPress
CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1
and ear ...)
TODO: check
CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
EventPri ...)
@@ -70,37 +70,37 @@ CVE-2023-31410 (A remote unprivileged attacker can
intercept the communication v
CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does
not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not
validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not
escape a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not
sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin
WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through
1.1.1 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and
escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user
input on c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not
check f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting
Systems Imag ...)
TODO: check
CVE-2022-48501 (Configuration defects in the secure OS module.Successful
exploitation ...)
@@ -5618,7 +5618,7 @@ CVE-2023-2223 (The Login rebuilder WordPress plugin
before 2.8.1 does not saniti
CVE-2023-2222
RESERVED
CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not
properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4944 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: KodExplorer
CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5.
It has ...)
@@ -25075,7 +25075,7 @@ CVE-2023-0491 (The Schedulicity WordPress plugin
through 2.21 does not validate
CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not
validate and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
- pyload <itp> (bug #1001980)
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not
properly ...)
@@ -27047,7 +27047,7 @@ CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin
through 1.0.6 does not vali
CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual
Compose ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as
problema ...)
NOT-FOR-US: MyCMS
CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP
query h ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0d4b4d2b797a180506479c84878945a13e42a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
