Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8ddb100b by Salvatore Bonaccorso at 2023-07-18T22:22:50+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,81 +1,81 @@ CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote ...) - TODO: check + NOT-FOR-US: Ap Page Builder CVE-2023-38326 REJECTED CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insec ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Repla ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - Plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead to a De ...) TODO: check CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...) TODO: check CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...) TODO: check CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...) - TODO: check + NOT-FOR-US: 1Panel CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...) TODO: check CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a stack overf ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36670 (A remotely exploitable command injection vulnerability was found on th ...) - TODO: check + NOT-FOR-US: Kratos NGC-IDU CVE-2023-36669 (Missing Authentication for a Critical Function within the Kratos NGC I ...) - TODO: check + NOT-FOR-US: Kratos NGC-IDU CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeop ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mag ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36120 REJECTED CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a crypto ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may cause a i ...) - TODO: check + NOT-FOR-US: AMI SPx CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause an auth ...) - TODO: check + NOT-FOR-US: AMI SPx CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...) TODO: check CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...) - TODO: check + NOT-FOR-US: Iagona ScrutisWeb CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Ea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) TODO: check CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient input valida ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31441 (In NATO Communications and Information Agency anet (aka Advisor Networ ...) - TODO: check + NOT-FOR-US: NATO Communications and Information Agency anet CVE-2023-2913 (An executable used in Rockwell Automation ThinManager ThinServer can b ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) NOT-FOR-US: YARPP plugin for WordPress CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin up to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection Instrument up ...) TODO: check CVE-2018-25088 (A vulnerability, which was classified as critical, was found in Blue Y ...) @@ -8860,7 +8860,7 @@ CVE-2023-2265 CVE-2023-2264 RESERVED CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-2262 RESERVED CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) @@ -9472,7 +9472,7 @@ CVE-2023-30908 CVE-2023-30907 RESERVED CVE-2023-30906 (The vulnerability could be locally exploited to allow escalation of pr ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...) NOT-FOR-US: HPE CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...) @@ -11339,7 +11339,7 @@ CVE-2023-30385 CVE-2023-30384 RESERVED CVE-2023-30383 (TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Ar ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life up to 543 ...) NOT-FOR-US: hl.exe of Valve Half-Life CVE-2023-30381 @@ -11813,7 +11813,7 @@ CVE-2023-30155 CVE-2023-30154 RESERVED CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-30152 RESERVED CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddb100ba928b6d911f9d0fa0bbbdaa4f3fce0d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddb100ba928b6d911f9d0fa0bbbdaa4f3fce0d4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits