[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 20 20:07:53 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0c76425 by Moritz Muehlenhoff at 2023-06-20T21:07:37+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authoriza
 CVE-2023-3320 (The WP Sticky Social  plugin for WordPress is vulnerable to Cross-Site ...)
 	NOT-FOR-US: WP Sticky Social plugin for WordPress
 CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...)
-	TODO: check
+	NOT-FOR-US: EventPrime plugin
 CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vady ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross- ...)
-	TODO: check
+	NOT-FOR-US: SUBNET PowerSYSTEM Center
 CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: SUBNET PowerSYSTEM Center
 CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management System 1 ...)
 	NOT-FOR-US: SourceCodester Resort Management System
 CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
@@ -28,7 +28,7 @@ CVE-2023-3312 (A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in
 	- linux <not-affected> (Vulnerable code never present in released version)
 	NOTE: https://git.kernel.org/linus/ba5e770c9698782bc203bbf5cf3b36a77720bdbe (6.4-rc1)
 CVE-2023-35843 (NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2023-35779 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-35776 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -64,11 +64,11 @@ CVE-2023-34155 (Vulnerability of unauthorized calling on HUAWEI phones and table
 CVE-2023-33213 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-31411 (A remote unprivileged attacker can modify and access configuration set ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Marksoft
 CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise ...)
@@ -102,39 +102,39 @@ CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user input
 CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not check f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting Systems Imag ...)
-	TODO: check
+	NOT-FOR-US: Dominion Voting Systems
 CVE-2022-48501 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48500 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48499 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48498 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48497 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48496 (Vulnerability of lax app identity verification in the pre-authorizatio ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48495 (Vulnerability of unauthorized access to foreground app information.Suc ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48494 (Vulnerability of lax app identity verification in the pre-authorizatio ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48493 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48492 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48491 (Vulnerability of missing authentication on certain HUAWEI phones.Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48490 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48489 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48488 (Vulnerability of bypassing the default desktop security controls.Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48487 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48486 (Configuration defects in the secure OS module.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-3311 (A vulnerability, which was classified as problematic, was found in Pun ...)
 	NOT-FOR-US: PuneethReddyHC online-shopping-system-advanced
 CVE-2023-3310 (A vulnerability, which was classified as critical, has been found in c ...)
@@ -209,7 +209,7 @@ CVE-2023-32270 (Access of memory location after end of buffer issue exists in TE
 CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
 	NOT-FOR-US: TELLUS
 CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V- ...)
-	TODO: check
+	NOT-FOR-US: FUJI
 CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX  ...)
 	NOT-FOR-US: Ricoh
 CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
@@ -507,7 +507,7 @@ CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to caus
 	[bullseye] - jtidy <no-dsa> (Minor issue)
 	NOTE: https://github.com/trajano/jtidy/issues/4
 CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...)
-	TODO: check
+	NOT-FOR-US: hjson
 CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...)
 	TODO: check
 CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c76425bbba68a1de1dde3906baad031a9fb13b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c76425bbba68a1de1dde3906baad031a9fb13b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/772fbe18/attachment.htm>


More information about the debian-security-tracker-commits mailing list