[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 10 16:56:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
794a40e8 by Salvatore Bonaccorso at 2023-06-10T17:56:06+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17952,7 +17952,7 @@ CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server i
CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...)
NOT-FOR-US: RPA: Synchronization Engine
CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-25944
RESERVED
CVE-2023-25779
@@ -18383,7 +18383,7 @@ CVE-2023-0956
CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...)
- TODO: check
+ NOT-FOR-US: Sensormatic Electronics Illustra Pro
CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...)
NOT-FOR-US: Devolutions Server
CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3.12 a ...)
@@ -20679,9 +20679,9 @@ CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapo
CVE-2023-25612
RESERVED
CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
@@ -20962,11 +20962,11 @@ CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authoriz
CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...)
NOT-FOR-US: SourceCodester
CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -21106,21 +21106,21 @@ CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allo
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...)
NOT-FOR-US: HashiCorp Boundary
CVE-2023-0689
RESERVED
CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...)
NOT-FOR-US: XpressEngine
CVE-2023-25498
@@ -23919,7 +23919,7 @@ CVE-2023-24512 (On affected platforms running Arista EOS, an authorized attacker
CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...)
NOT-FOR-US: Arista
CVE-2023-24510 (On the affected platforms running EOS, a malformed DHCP packet might c ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with both re ...)
NOT-FOR-US: Arista
CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...)
@@ -26689,7 +26689,7 @@ CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible
CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: Quiz And Survey Master plugin for WordPress
CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to authorizatio ...)
- TODO: check
+ NOT-FOR-US: Quiz And Survey Master for WordPress
CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter ...)
NOT-FOR-US: Rapid7
CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
@@ -34182,7 +34182,7 @@ CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 do
CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4569 (A local privilege escalation vulnerability in the ThinkPad Hybrid USB- ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-4568 (A directory permissions management vulnerability in Lenovo System Upda ...)
NOT-FOR-US: Lenovo
CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
@@ -36660,9 +36660,9 @@ CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitL
CVE-2022-4334
REJECTED
CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher A ...)
- TODO: check
+ NOT-FOR-US: Sprecher Automation
CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x avulnera ...)
- TODO: check
+ NOT-FOR-US: Sprecher Automation
CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...)
@@ -36690,9 +36690,9 @@ CVE-2023-21672
CVE-2023-21671
RESERVED
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21668
RESERVED
CVE-2023-21667
@@ -36708,17 +36708,17 @@ CVE-2023-21663
CVE-2023-21662
RESERVED
CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21659 (Transient DOS in WLAN Firmware while processing frames with missing he ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21658 (Transient DOS in WLAN Firmware while processing the received beacon or ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record use cas ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21655
RESERVED
CVE-2023-21654
@@ -36766,7 +36766,7 @@ CVE-2023-21634
CVE-2023-21633
RESERVED
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21631
RESERVED
CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...)
@@ -36774,7 +36774,7 @@ CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflo
CVE-2023-21629
RESERVED
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21627
RESERVED
CVE-2023-21626
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a40e843991c6cc2e5c6b0dac416f2c4cdaecd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a40e843991c6cc2e5c6b0dac416f2c4cdaecd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230610/14da2e88/attachment.htm>
More information about the debian-security-tracker-commits
mailing list