[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 20 20:25:39 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c702a1a by Salvatore Bonaccorso at 2023-11-20T21:25:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and
CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place ...)
NOT-FOR-US: WooHoo Newspaper Magazine theme
CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...)
TODO: check
CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of ...)
@@ -53,35 +53,35 @@ CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prio
CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...)
TODO: check
CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...)
- TODO: check
+ NOT-FOR-US: Strapi Protected Populate Plugin
CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...)
TODO: check
CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...)
TODO: check
CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...)
- TODO: check
+ NOT-FOR-US: DZSlides
CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...)
TODO: check
CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...)
@@ -97,13 +97,13 @@ CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has
CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...)
TODO: check
CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...)
- TODO: check
+ NOT-FOR-US: INEA ME RTU firmware
CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...)
- TODO: check
+ NOT-FOR-US: INEA ME RTU firmware
CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...)
NOT-FOR-US: LuxCal Web Calendar
CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...)
@@ -189866,7 +189866,7 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to intege
CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small buffer on ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments TI-RTOS
CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its ...)
@@ -201600,7 +201600,7 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an ou
CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
NOT-FOR-US: Fuji Electric
CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments TI-RTOS
CVE-2021-22635
RESERVED
CVE-2021-22634
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/78527918/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list