Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
374116f8 by Salvatore Bonaccorso at 2023-06-27T22:31:05+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,43 +39,43 @@ CVE-2023-33567 (An unauthorized access vulnerability has
been discovered in ROS2
CVE-2023-33566 (An unauthorized node injection vulnerability has been
identified in RO ...)
TODO: check
CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate
uploaded ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not
adequately ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does
not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2818 (An insecure filesystem permission in the Insider Threat
Management Age ...)
TODO: check
CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and
escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF
checks ( ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper
CSRF a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict
the infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not
proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin
before 1.3.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation
Apache Ai ...)
NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider
CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
@@ -6618,7 +6618,7 @@ CVE-2023-2180 (The KIWIZ Invoices Certification & PDF
System WordPress plugin th
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network
protoco ...)
- linux 5.18.16-1
[bullseye] - linux 5.10.136-1
@@ -7581,7 +7581,7 @@ CVE-2023-2070
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through
2.3.2 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
@@ -7655,7 +7655,7 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome
prior to 112.0.5615.121 all
- chromium 112.0.5615.121-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not
properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable
to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2030
@@ -10812,7 +10812,7 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected
in GitHub repository sidek
NOTE: Introduced by:
https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73
(v7.0.4)
NOTE: Fixed by:
https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214
(v7.0.8)
CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not
escape vari ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape
various ge ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an
Insecure Dire ...)
@@ -17067,7 +17067,7 @@ CVE-2023-1168 (An authenticated remote code execution
vulnerability exists i
CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from
12.3.0 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been
rated a ...)
NOT-FOR-US: icplayer
CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been
declare ...)
@@ -20457,13 +20457,13 @@ CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0
through 10.1.3 could allow a lo
CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a
local use ...)
NOT-FOR-US: IBM
CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic
algorith ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26275
RESERVED
CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
This vuln ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to
perform una ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26272
RESERVED
CVE-2023-26271
@@ -21466,7 +21466,7 @@ CVE-2023-0875 (The WP Meta SEO WordPress plugin before
4.5.3 does not properly s
CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25932
RESERVED
CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps,
which are ...)
@@ -24795,7 +24795,7 @@ CVE-2023-0590 (A use-after-free flaw was found in
qdisc_graft in net/sched/sch_a
CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin
before 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4900
RESERVED
CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker
can suppl ...)
@@ -29021,7 +29021,7 @@ CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could
allow an authenticated privil
CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1,
18.0.2, 19.0. ...)
NOT-FOR-US: IBM
CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.7.3 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS
possible th ...)
NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently
protected ...)
@@ -32068,7 +32068,7 @@ CVE-2023-22595
CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through
21.0.4 is ...)
NOT-FOR-US: IBM
CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.7.3 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.4 cou ...)
NOT-FOR-US: IBM
CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and
23.0.0 throug ...)
@@ -41663,7 +41663,7 @@ CVE-2022-4117 (The IWS WordPress plugin through 1.0
does not properly escape a p
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
NOT-FOR-US: Quarkus
CVE-2022-4115 (The Editorial Calendar WordPress plugin through 3.7.12 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [rust-atty: Potential unaligned read]
- rust-atty <not-affected> (Windows-specific)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html
@@ -76107,7 +76107,7 @@ CVE-2022-34354 (IBM Sterling Partner Engagement Manager
2.0 allows encrypted sto
CVE-2022-34353
RESERVED
CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure
allowing a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information
exposure allo ...)
NOT-FOR-US: IBM
CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through
10.0.1.7, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/374116f8b5166a4da82f33c0b0c4a8d69beae08a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/374116f8b5166a4da82f33c0b0c4a8d69beae08a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
