[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 26 22:00:55 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad5f4919 by Salvatore Bonaccorso at 2023-05-26T22:59:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi Design smart ...)
- TODO: check
+ NOT-FOR-US: TFDi Design smartCARS
CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows ...)
- TODO: check
+ NOT-FOR-US: XXL-Job
CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4 ...)
- TODO: check
+ NOT-FOR-US: mp4v2
CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701. User-supplied input ...)
- TODO: check
+ NOT-FOR-US: Papaya Viewer
CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...)
TODO: check
CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...)
TODO: check
CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-2854
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
@@ -2052,11 +2052,11 @@ CVE-2023-31229
CVE-2023-31228
RESERVED
CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31194
RESERVED
CVE-2023-27390
@@ -2102,25 +2102,25 @@ CVE-2023-2296
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
NOT-FOR-US: Dataprobe
CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48479 (The facial recognition TA of some products has the out-of-bounds memor ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48478 (The facial recognition TA of some products lacks memory length verific ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46886 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46885 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46884 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46883 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46882 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...)
@@ -5326,7 +5326,7 @@ CVE-2023-30147
CVE-2023-30146
RESERVED
CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...)
- TODO: check
+ NOT-FOR-US: Camaleon CMS
CVE-2023-30144
RESERVED
CVE-2023-30143
@@ -8118,7 +8118,7 @@ CVE-2023-29100
CVE-2023-29099
RESERVED
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29097
RESERVED
CVE-2023-29096
@@ -17661,7 +17661,7 @@ CVE-2023-25978
CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25975
RESERVED
CVE-2023-25974
@@ -17671,7 +17671,7 @@ CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Aposto
CVE-2023-25972
RESERVED
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25970
RESERVED
CVE-2023-25969
@@ -18181,7 +18181,7 @@ CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
NOT-FOR-US: OpenNMS
CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...)
@@ -19490,13 +19490,13 @@ CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlo
CVE-2023-25471
RESERVED
CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25469
RESERVED
CVE-2023-25468
RESERVED
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25466
RESERVED
CVE-2023-25465
@@ -20472,7 +20472,7 @@ CVE-2023-25060
CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25057
RESERVED
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
@@ -20512,7 +20512,7 @@ CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-25039
RESERVED
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25037
RESERVED
CVE-2023-25036
@@ -20520,7 +20520,7 @@ CVE-2023-25036
CVE-2023-25035
RESERVED
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25033
RESERVED
CVE-2023-25032
@@ -20530,7 +20530,7 @@ CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25030
RESERVED
CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -23516,9 +23516,9 @@ CVE-2023-24010
CVE-2023-24009
RESERVED
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
@@ -24425,7 +24425,7 @@ CVE-2023-23716
CVE-2023-23715
RESERVED
CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...)
@@ -27379,9 +27379,9 @@ CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.
CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
NOT-FOR-US: BlogEngine.NET
CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks strict ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-0116 (The reminder module lacks an authentication mechanism for broadcasts r ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-0115
REJECTED
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
@@ -27892,7 +27892,7 @@ CVE-2023-22695
CVE-2023-22694
RESERVED
CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5f4919481e170dc595f938bae3660aff5fdca6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5f4919481e170dc595f938bae3660aff5fdca6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230526/95d4d220/attachment.htm>
More information about the debian-security-tracker-commits
mailing list