[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 20 20:25:39 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c702a1a by Salvatore Bonaccorso at 2023-11-20T21:25:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and
 CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place  ...)
 	NOT-FOR-US: WooHoo Newspaper Magazine theme
 CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not validate and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...)
 	TODO: check
 CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of  ...)
@@ -53,35 +53,35 @@ CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prio
 CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...)
 	TODO: check
 CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...)
-	TODO: check
+	NOT-FOR-US: Strapi Protected Populate Plugin
 CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...)
 	TODO: check
 CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in  ...)
 	TODO: check
 CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...)
-	TODO: check
+	NOT-FOR-US: DZSlides
 CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...)
 	TODO: check
 CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...)
@@ -97,13 +97,13 @@ CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has
 CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...)
 	TODO: check
 CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...)
-	TODO: check
+	NOT-FOR-US: INEA ME RTU firmware
 CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...)
-	TODO: check
+	NOT-FOR-US: INEA ME RTU firmware
 CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...)
 	NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...)
@@ -189866,7 +189866,7 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to intege
 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small buffer on ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments TI-RTOS
 CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its  ...)
@@ -201600,7 +201600,7 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an ou
 CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments TI-RTOS
 CVE-2021-22635
 	RESERVED
 CVE-2021-22634



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/78527918/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list