Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 374116f8 by Salvatore Bonaccorso at 2023-06-27T22:31:05+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -39,43 +39,43 @@ CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...) TODO: check CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequately ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...) TODO: check CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and escape th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks ( ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict the infor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation Apache Ai ...) NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) @@ -6618,7 +6618,7 @@ CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin th CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...) - linux 5.18.16-1 [bullseye] - linux 5.10.136-1 @@ -7581,7 +7581,7 @@ CVE-2023-2070 CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through 2.3.2 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) @@ -7655,7 +7655,7 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 all - chromium 112.0.5615.121-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2023-2030 @@ -10812,7 +10812,7 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidek NOTE: Introduced by: https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73 (v7.0.4) NOTE: Fixed by: https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 (v7.0.8) CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not escape vari ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...) NOT-FOR-US: WordPress plugin CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...) @@ -17067,7 +17067,7 @@ CVE-2023-1168 (An authenticated remote code execution vulnerability exists i CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from 12.3.0 ...) - gitlab <not-affected> (Specific to EE) CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...) NOT-FOR-US: icplayer CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...) @@ -20457,13 +20457,13 @@ CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a lo CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local use ...) NOT-FOR-US: IBM CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-26275 RESERVED CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-26272 RESERVED CVE-2023-26271 @@ -21466,7 +21466,7 @@ CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly s CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25932 RESERVED CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps, which are ...) @@ -24795,7 +24795,7 @@ CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_a CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-4900 RESERVED CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...) @@ -29021,7 +29021,7 @@ CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privil CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...) NOT-FOR-US: IBM CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...) NOT-FOR-US: Media CP Media Control Panel CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...) @@ -32068,7 +32068,7 @@ CVE-2023-22595 CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...) NOT-FOR-US: IBM CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...) NOT-FOR-US: IBM CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 throug ...) @@ -41663,7 +41663,7 @@ CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a p CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...) NOT-FOR-US: Quarkus CVE-2022-4115 (The Editorial Calendar WordPress plugin through 3.7.12 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-XXXX [rust-atty: Potential unaligned read] - rust-atty <not-affected> (Windows-specific) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html @@ -76107,7 +76107,7 @@ CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted sto CVE-2022-34353 RESERVED CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allo ...) NOT-FOR-US: IBM CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/374116f8b5166a4da82f33c0b0c4a8d69beae08a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/374116f8b5166a4da82f33c0b0c4a8d69beae08a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits