[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 24 21:14:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa718d59 by Salvatore Bonaccorso at 2023-04-24T22:14:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2315,27 +2315,27 @@ CVE-2023-30380
CVE-2023-30379
RESERVED
CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30377
RESERVED
CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-ba ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30374
RESERVED
CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-bas ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30367
RESERVED
CVE-2023-30366
@@ -6487,9 +6487,9 @@ CVE-2023-1625 [information leak in API]
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1)
CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1622
REJECTED
CVE-2023-1621
@@ -7650,7 +7650,7 @@ CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing
NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4)
NOTE: Introduced by: https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06 (jettison-1.3.1)
CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1434
RESERVED
CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...)
@@ -7997,7 +7997,7 @@ CVE-2023-22361
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
NOT-FOR-US: WAB-MAT
CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1419
RESERVED
CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -8009,7 +8009,7 @@ CVE-2023-1416 (A vulnerability classified as critical has been found in Simple A
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
NOT-FOR-US: Simple Art Gallery
CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have authorisation an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
@@ -9205,7 +9205,7 @@ CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and
CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1323
RESERVED
CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...)
@@ -11159,7 +11159,7 @@ CVE-2023-24463
CVE-2023-22312
RESERVED
CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1128
RESERVED
CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ...)
@@ -11168,7 +11168,7 @@ CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ..
NOTE: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367)
NOTE: Crash in CLI tool, no security impact
CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1125
RESERVED
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 ...)
@@ -13310,7 +13310,7 @@ CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorize
CVE-2023-1021
RESERVED
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1019
RESERVED
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...)
@@ -14749,7 +14749,7 @@ CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in Git
CVE-2023-0900
RESERVED
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0898
RESERVED
CVE-2023-0897
@@ -20746,7 +20746,7 @@ CVE-2023-0426
CVE-2023-0425
RESERVED
CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...)
@@ -20754,11 +20754,11 @@ CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not prope
CVE-2023-0421
RESERVED
CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4894
RESERVED
CVE-2022-4893
@@ -21294,7 +21294,7 @@ CVE-2023-0390
CVE-2023-0389
RESERVED
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0387
RESERVED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
@@ -22143,7 +22143,7 @@ CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly
CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa718d59d18d9d1abd4b1ec0155e52dbd7923997
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa718d59d18d9d1abd4b1ec0155e52dbd7923997
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/89a481a6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list