[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 15 19:21:27 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
634d774f by Salvatore Bonaccorso at 2023-08-15T20:20:53+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository libre
 CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP  ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed OpenLiteSpeed
 CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...)
 	TODO: check
 CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...)
@@ -15,9 +15,9 @@ CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflo
 CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in Svelte ...)
-	TODO: check
+	NOT-FOR-US: Svelecte
 CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue  ...)
 	TODO: check
 CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
@@ -46,11 +46,11 @@ CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with un
 CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...)
 	NOT-FOR-US: OpenMNS
 CVE-2023-40024 (ScanCode.io is a server to script and automate software composition an ...)
-	TODO: check
+	NOT-FOR-US: ScanCode.io
 CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. The Yak  ...)
-	TODO: check
+	NOT-FOR-US: yaklang
 CVE-2023-40020 (PrivateUploader is an open source image hosting server written in Vue  ...)
-	TODO: check
+	NOT-FOR-US: PrivateUploader
 CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise and esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 doe ...)
@@ -74,13 +74,13 @@ CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable
 CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...)
 	NOT-FOR-US: IBM
 CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: novel-plus
 CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to Cross S ...)
 	NOT-FOR-US: Code Projects Hospital Information System
 CVE-2023-33013 (A post-authentication command injection vulnerability in the NTP featu ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect through 19.3 S ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29  ...)
@@ -792,7 +792,7 @@ CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer ove
 CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: mAyaNet E-Commerce Software
 CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...)
-	TODO: check
+	NOT-FOR-US: jackson-dataformats-text
 CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Farmakom Remote Administration Console
 CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -1147,7 +1147,7 @@ CVE-2023-39526 (PrestaShop is an open source e-commerce web application. Version
 CVE-2023-39525 (PrestaShop is an open source e-commerce web application. Prior to vers ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-39523 (ScanCode.io is a server to script and automate software composition an ...)
-	TODO: check
+	NOT-FOR-US: ScanCode.io
 CVE-2023-39440 (In SAP BusinessObjects Business Intelligence - version 420,  If a user ...)
 	NOT-FOR-US: SAP
 CVE-2023-39439 (SAP Commerce Cloud may accept an empty passphrase for user ID and pass ...)
@@ -12629,7 +12629,7 @@ CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask v
 CVE-2023-31042
 	RESERVED
 CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2023-31040
 	RESERVED
 CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
@@ -13667,17 +13667,17 @@ CVE-2023-30756
 CVE-2023-30755
 	RESERVED
 CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30750
 	RESERVED
 CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30748
 	RESERVED
 CVE-2023-30747
@@ -14595,7 +14595,7 @@ CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
 CVE-2023-30490
 	RESERVED
 CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30488
 	RESERVED
 CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...)
@@ -14607,7 +14607,7 @@ CVE-2023-30485
 CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...)
@@ -14619,11 +14619,11 @@ CVE-2023-30479
 CVE-2023-30478
 	RESERVED
 CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30476
 	RESERVED
 CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
 	NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
 CVE-2023-30473
@@ -15312,11 +15312,11 @@ CVE-2023-30190
 CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Prestashop
 CVE-2023-30188 (Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 th ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30187 (An out of bounds memory access vulnerability in ONLYOFFICE DocumentSer ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30186 (A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 t ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30185 (CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload  ...)
 	NOT-FOR-US: CRMEB
 CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 al ...)
@@ -17001,7 +17001,7 @@ CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing e
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4)
 CVE-2023-29468 (The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2023-29467
 	RESERVED
 CVE-2023-29466



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634d774f7884ccfcf30bd2c839ce1f0392248b5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634d774f7884ccfcf30bd2c839ce1f0392248b5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230815/8e45d903/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list