Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8bda3422 by Salvatore Bonaccorso at 2023-07-10T22:49:25+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal
1.0. It ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Shopping Portal
CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best Fee Management System
CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub
repository s ...)
- TODO: check
+ NOT-FOR-US: squidex
CVE-2023-3579 (A vulnerability, which was classified as problematic, has been
found i ...)
TODO: check
CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS
5.7.109. A ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-3574 (Improper Authorization in GitHub repository
pimcore/customer-data-fram ...)
- TODO: check
+ NOT-FOR-US: pimcore customer-data-framework
CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an
unauthenti ...)
TODO: check
CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK
ICR890-4 c ...)
@@ -59,31 +59,31 @@ CVE-2023-37701 (Tenda FH1203 V2.0.1.6 was discovered to
contain a stack overflow
CVE-2023-37700 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack
overflow via t ...)
NOT-FOR-US: Tenda
CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak
Anand WP Dum ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS)
vulnerability i ...)
TODO: check
CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows
unauthenticated us ...)
- TODO: check
+ NOT-FOR-US: Projectworlds Online Art Gallery Project
CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the
upload of ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Pizza Ordering System
CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a
Cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Pizza Ordering System
CVE-2023-36940 (Cross Site Scripting (XSS) vulnerability in PHPGurukul Online
Fire Rep ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Fire Reporting System
CVE-2023-36939 (Cross-Site Scripting (XSS) vulnerability in Hostel Management
System v ...)
- TODO: check
+ NOT-FOR-US: Hostel Management System
CVE-2023-36936 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online
Security ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
CVE-2023-36691 (Cross-Site Request Forgery (CSRF) vulnerability in Albert
Peschar Webw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36376 (Cross-Site Scripting (XSS) vulnerability in Hostel Management
System v ...)
- TODO: check
+ NOT-FOR-US: Hostel Management System
CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System
v2.1 al ...)
- TODO: check
+ NOT-FOR-US: Hostel Management System
CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone
Potent Dona ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an
unauthen ...)
TODO: check
CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could
allow a rem ...)
@@ -95,15 +95,15 @@ CVE-2023-35696 (Unauthenticated endpoints in the SICK
ICR890-4 could allow an un
CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the
lsx_read ...)
TODO: check
CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to
1.0.7 con ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the
startrea ...)
TODO: check
CVE-2023-34316 (An attacker could bypass the latest Delta Electronics
InfraSuite Devic ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-32627 (A floating point exception vulnerability was found in sox, in
the read ...)
TODO: check
CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to
1.0.7 con ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2964 (The Simple Iframe WordPress plugin before 1.2.0 does not
properly vali ...)
@@ -129,9 +129,9 @@ CVE-2016-15034 (A vulnerability was found in Dynacase
Webdesk and classified as
CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up
to 1.0. ...)
TODO: check
CVE-2015-10120 (A vulnerability, which was classified as problematic, was
found in WDS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10119 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [spip: Use a dedicated function to clean author data when
preparing a session]
- spip 4.1.11+dfsg-1
[bookworm] - spip <no-dsa> (Minor issue)
@@ -13115,7 +13115,7 @@ CVE-2023-29097
CVE-2023-29096
RESERVED
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F.
Carr RSV ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in PI W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -13495,7 +13495,7 @@ CVE-2023-28997 (The Nextcloud Desktop Client is a tool
to synchronize files from
CVE-2023-28996
RESERVED
CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith
Solomon Confi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28994
RESERVED
CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ignazio ...)
@@ -13507,13 +13507,13 @@ CVE-2023-28991 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-28990
RESERVED
CVE-2023-28989 (Cross-Site Request Forgery (CSRF) vulnerability in weDevs
Happy Addons ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in PI W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28987
RESERVED
CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider,
wpaffil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28985
RESERVED
CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning
Manager ...)
@@ -24622,7 +24622,7 @@ CVE-2023-25480
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet
Weather ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25477
RESERVED
CVE-2023-25476
@@ -27774,7 +27774,7 @@ CVE-2023-24407
CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mune ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage
Marketi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP F ...)
@@ -27794,7 +27794,7 @@ CVE-2023-24397
CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24394
RESERVED
CVE-2023-24393
@@ -28761,7 +28761,7 @@ CVE-2023-23995 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in
LionScripts.Com Lio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23991
@@ -29063,7 +29063,7 @@ CVE-2023-23899 (Cross-Site Request Forgery (CSRF)
vulnerability in HasThemes Ext
CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette
Plugins Simp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23896
RESERVED
CVE-2023-23895
@@ -29119,7 +29119,7 @@ CVE-2023-23871
CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in wpde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit
Agarwal Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23868
RESERVED
CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -29307,7 +29307,7 @@ CVE-2023-23806 (Auth. (admin+) StoredCross-Site
Scripting (XSS) vulnerability in
CVE-2023-23805
RESERVED
CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Feed p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23803
RESERVED
CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Easy G ...)
@@ -29341,7 +29341,7 @@ CVE-2023-23789 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Flor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23787 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce
Premmerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Chr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in DgCu ...)
@@ -30870,7 +30870,7 @@ CVE-2022-48255 (There is a system command injection
vulnerability in BiSheng-WNM
CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29
2.0.0.49(M0 ...)
NOT-FOR-US: Huawei
CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual
edit of a ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-23347
RESERVED
CVE-2023-23346
@@ -33097,9 +33097,9 @@ CVE-2023-22697
CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22695 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki
Miyashita C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22694 (Cross-Site Request Forgery (CSRF) vulnerability in Arian
Khosravi, Nor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh
WP Goog ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen
Peters Name ...)
@@ -33141,7 +33141,7 @@ CVE-2023-22675
CVE-2023-22674
RESERVED
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet
Website Mon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22672
RESERVED
CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable
to a Zi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bda342279324119566e1645027ef5d1ed9db6f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bda342279324119566e1645027ef5d1ed9db6f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
