[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 6 08:21:47 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aac7d617 by Salvatore Bonaccorso at 2023-11-06T09:20:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-47271 (PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, ...)
TODO: check
CVE-2023-47253 (Qualitor through 8.20 allows remote attackers to execute arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts XML exte ...)
- TODO: check
+ NOT-FOR-US: e-Tax software
CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...)
TODO: check
CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri ...)
TODO: check
CVE-2023-38382 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32840 (In modem CCCI, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32839 (In dpe, there is a possible out of bounds write due to a missing valid ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32838 (In dpe, there is a possible out of bounds write due to a missing valid ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32837 (In video, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32836 (In display, there is a possible out of bounds write due to an integer ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32835 (In keyinstall, there is a possible memory corruption due to type confu ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32834 (In secmem, there is a possible memory corruption due to type confusion ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32832 (In video, there is a possible memory corruption due to a race conditio ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32825 (In bluethooth service, there is a possible out of bounds reads due to ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32818 (In vdec, there is a possible out of bounds write due to type confusion ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-4430 (A vulnerability classified as problematic has been found in Ortus Solu ...)
- TODO: check
+ NOT-FOR-US: Ortus Solutions ColdBox Elixir
CVE-2018-25093 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...)
- TODO: check
+ NOT-FOR-US: Vaerys-Dawn DiscordSailv2
CVE-2018-25092 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...)
- TODO: check
+ NOT-FOR-US: Vaerys-Dawn DiscordSailv2
CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium ...)
- TODO: check
+ NOT-FOR-US: Magnesium-PHP
CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -56453,15 +56453,15 @@ CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor inter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47430 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47429
RESERVED
CVE-2022-47428 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -56477,7 +56477,7 @@ CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Acc
CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47420 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...)
NOT-FOR-US: Mayan EDMS DMS
CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
@@ -58252,7 +58252,7 @@ CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Q
CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46860 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...)
@@ -58274,7 +58274,7 @@ CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Fo
CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to Arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46847
@@ -58419,7 +58419,7 @@ CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Th
CVE-2022-46809
RESERVED
CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46807
RESERVED
CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All ...)
@@ -63085,7 +63085,7 @@ CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2022-45374
RESERVED
CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Ga ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
@@ -68131,7 +68131,7 @@ CVE-2023-20704 (In apu, there is a possible out of bounds read due to a missing
CVE-2023-20703 (In apu, there is a possible out of bounds read due to a missing bounds ...)
NOT-FOR-US: Mediatek
CVE-2023-20702 (In 5G NRLC, there is a possible invalid memory access due to lack of e ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a logic er ...)
NOT-FOR-US: Mediatek
CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a logic er ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac7d617e428aaed9180449710e85d0af948e666
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac7d617e428aaed9180449710e85d0af948e666
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231106/ab820783/attachment.htm>
More information about the debian-security-tracker-commits
mailing list