[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 6 22:24:17 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a6c84b0 by Salvatore Bonaccorso at 2023-10-06T23:23:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate privi
CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Turna Advertising Administration Panel
CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45311 (fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us- ...)
TODO: check
CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if users ...)
@@ -21,31 +21,31 @@ CVE-2023-45244 (Sensitive information disclosure and manipulation due to missing
CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit 4fdf178 ...)
TODO: check
CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the canc ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: GDidees CMS
CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects, issue types ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Inst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...)
TODO: check
CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...)
@@ -53,35 +53,35 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege
CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...)
TODO: check
CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0wp DX-a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus subsyste ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-38703 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for Virtual Enviro ...)
NOT-FOR-US: IBM
CVE-2023-32972 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-5408
NOT-FOR-US: OpenShift
CVE-2023-4061
@@ -25518,7 +25518,7 @@ CVE-2023-29237
CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
NOT-FOR-US: WordPress theme
CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Sw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29234
RESERVED
CVE-2023-23581
@@ -27122,7 +27122,7 @@ CVE-2023-28793
CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
@@ -31180,7 +31180,7 @@ CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
@@ -31745,7 +31745,7 @@ CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Tepli
CVE-2023-27449
RESERVED
CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27447
RESERVED
CVE-2023-27446
@@ -37624,7 +37624,7 @@ CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel W
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...)
@@ -38715,7 +38715,7 @@ CVE-2023-25035
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25032
RESERVED
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -43825,9 +43825,9 @@ CVE-2023-23373
CVE-2023-23372
RESERVED
CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23369
RESERVED
CVE-2023-23368
@@ -43835,9 +43835,9 @@ CVE-2023-23368
CVE-2023-23367
RESERVED
CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...)
NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...)
@@ -52047,7 +52047,7 @@ CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay W
CVE-2022-47176
RESERVED
CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
@@ -59795,7 +59795,7 @@ CVE-2023-21293
CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...)
NOT-FOR-US: Android
CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...)
@@ -59845,7 +59845,7 @@ CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change
CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...)
NOT-FOR-US: Android
CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...)
@@ -59878,9 +59878,9 @@ CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory co
CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...)
NOT-FOR-US: Android
CVE-2023-21253 (In multiple locations, there is a possible way to crash multiple syste ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...)
NOT-FOR-US: Android
CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...)
@@ -59896,7 +59896,7 @@ CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way fo
CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...)
NOT-FOR-US: Android
CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass of user ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...)
NOT-FOR-US: Android
CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c84b0791a7407b89fea81ccd585f0aecea1a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c84b0791a7407b89fea81ccd585f0aecea1a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/7484c3df/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list