[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 8 20:23:56 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54ca0415 by Salvatore Bonaccorso at 2023-11-08T21:23:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...)
- TODO: check
+ NOT-FOR-US: Lanaccess ONSAFE MonitorHM
CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...)
- TODO: check
+ NOT-FOR-US: FreeBSD (cap_net libcasper service)
CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...)
- TODO: check
+ NOT-FOR-US: Microfocus opentext
CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...)
- TODO: check
+ NOT-FOR-US: Norton
CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
TODO: check
CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...)
- TODO: check
+ NOT-FOR-US: opoGrafix DataPlugin for GPX
CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...)
- TODO: check
+ NOT-FOR-US: WeBid
CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...)
- TODO: check
+ NOT-FOR-US: PILOS
CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46763 (Vulnerability of background app permission management in the framework ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...)
TODO: check
CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
TODO: check
CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...)
- TODO: check
+ NOT-FOR-US: Bastion
CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Apache UIMA
CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
TODO: check
CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-47248
- apache-arrow <itp> (bug #970021)
CVE-2023-40114
@@ -144375,7 +144375,7 @@ CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 t
CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
NOT-FOR-US: Sourcecodester
CVE-2021-43419 (An Information Disclosure vulnerability exists in Opay Mobile applicat ...)
- TODO: check
+ NOT-FOR-US: Opay Mobile application
CVE-2021-43418
RESERVED
CVE-2021-43417
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ca0415ea95c77454226293428b57bc76b9fa7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ca0415ea95c77454226293428b57bc76b9fa7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231108/fdd26d11/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list