Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8bda3422 by Salvatore Bonaccorso at 2023-07-10T22:49:25+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,15 +1,15 @@ CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Online Shopping Portal CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Best Fee Management System CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub repository s ...) - TODO: check + NOT-FOR-US: squidex CVE-2023-3579 (A vulnerability, which was classified as problematic, has been found i ...) TODO: check CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS 5.7.109. A ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2023-3574 (Improper Authorization in GitHub repository pimcore/customer-data-fram ...) - TODO: check + NOT-FOR-US: pimcore customer-data-framework CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) TODO: check CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK ICR890-4 c ...) @@ -59,31 +59,31 @@ CVE-2023-37701 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow CVE-2023-37700 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dum ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...) TODO: check CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...) - TODO: check + NOT-FOR-US: Projectworlds Online Art Gallery Project CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the upload of ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Pizza Ordering System CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scri ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Pizza Ordering System CVE-2023-36940 (Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Rep ...) - TODO: check + NOT-FOR-US: PHPGurukul Online Fire Reporting System CVE-2023-36939 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) - TODO: check + NOT-FOR-US: Hostel Management System CVE-2023-36936 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security ...) - TODO: check + NOT-FOR-US: PHPGurukul Online Security Guards Hiring System CVE-2023-36691 (Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar Webw ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36376 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) - TODO: check + NOT-FOR-US: Hostel Management System CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System v2.1 al ...) - TODO: check + NOT-FOR-US: Hostel Management System CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Dona ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthen ...) TODO: check CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could allow a rem ...) @@ -95,15 +95,15 @@ CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an un CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) TODO: check CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) - TODO: check + NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) TODO: check CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) - TODO: check + NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) TODO: check CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) - TODO: check + NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-2964 (The Simple Iframe WordPress plugin before 1.2.0 does not properly vali ...) @@ -129,9 +129,9 @@ CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) TODO: check CVE-2015-10120 (A vulnerability, which was classified as problematic, was found in WDS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-10119 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session] - spip 4.1.11+dfsg-1 [bookworm] - spip <no-dsa> (Minor issue) @@ -13115,7 +13115,7 @@ CVE-2023-29097 CVE-2023-29096 RESERVED CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -13495,7 +13495,7 @@ CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from CVE-2023-28996 RESERVED CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Confi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28994 RESERVED CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) @@ -13507,13 +13507,13 @@ CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-28990 RESERVED CVE-2023-28989 (Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-28987 RESERVED CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28985 RESERVED CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...) @@ -24622,7 +24622,7 @@ CVE-2023-25480 CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) NOT-FOR-US: WordPress plugin CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25477 RESERVED CVE-2023-25476 @@ -27774,7 +27774,7 @@ CVE-2023-24407 CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) NOT-FOR-US: WordPress plugin CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...) NOT-FOR-US: WordPress plugin CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) @@ -27794,7 +27794,7 @@ CVE-2023-24397 CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24394 RESERVED CVE-2023-24393 @@ -28761,7 +28761,7 @@ CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Lio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-23991 @@ -29063,7 +29063,7 @@ CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Ext CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23896 RESERVED CVE-2023-23895 @@ -29119,7 +29119,7 @@ CVE-2023-23871 CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) NOT-FOR-US: WordPress plugin CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23868 RESERVED CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -29307,7 +29307,7 @@ CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in CVE-2023-23805 RESERVED CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23803 RESERVED CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) @@ -29341,7 +29341,7 @@ CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...) NOT-FOR-US: WordPress plugin CVE-2023-23787 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...) NOT-FOR-US: WordPress plugin CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...) @@ -30870,7 +30870,7 @@ CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0.49(M0 ...) NOT-FOR-US: Huawei CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-23347 RESERVED CVE-2023-23346 @@ -33097,9 +33097,9 @@ CVE-2023-22697 CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22695 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22694 (Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Nor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...) NOT-FOR-US: WordPress plugin CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...) @@ -33141,7 +33141,7 @@ CVE-2023-22675 CVE-2023-22674 RESERVED CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22672 RESERVED CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bda342279324119566e1645027ef5d1ed9db6f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bda342279324119566e1645027ef5d1ed9db6f0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits