[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 21 16:00:20 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34b0ddb1 by Salvatore Bonaccorso at 2023-10-21T16:59:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,31 +63,31 @@ CVE-2023-45661 (stb_image is a single file MIT licensed library for processing i
- libstb <unfixed>
NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: opensolution Quick CMS
CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keep ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remo ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows supe ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spam ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Expo ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an attacker to f ...)
- TODO: check
+ NOT-FOR-US: Langchain
CVE-2023-32785 (In Langchain through 0.0.155, prompt injection allows execution of arb ...)
- TODO: check
+ NOT-FOR-US: Langchain
CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...)
@@ -118,23 +118,23 @@ CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior t
NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Gecko Bootloader
CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was discovered to ...)
- TODO: check
+ NOT-FOR-US: Sitolog sitologapplicationconnect
CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Tim ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege escalation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception]
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -23420,7 +23420,7 @@ CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/inf
NOTE: https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
NOTE: https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1)
CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2175
RESERVED
CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized modific ...)
@@ -25684,9 +25684,9 @@ CVE-2023-30134
CVE-2023-30133
RESERVED
CVE-2023-30132 (An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attacke ...)
- TODO: check
+ NOT-FOR-US: IXP Data EasyInstall
CVE-2023-30131 (An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: IXP Data EasyInstall
CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute ...)
NOT-FOR-US: CraftCMS
CVE-2023-30129
@@ -27858,9 +27858,9 @@ CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-
CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WCFM Marketplace plugin for WordPress
CVE-2021-4335 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...)
NOT-FOR-US: phpMiniAdmin
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
@@ -33455,13 +33455,13 @@ CVE-2023-27797
CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...)
NOT-FOR-US: RG-EW1200G PRO Wireless Routers
CVE-2023-27795 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local a ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27794
RESERVED
CVE-2023-27793 (An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows loca ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27792 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attack ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...)
NOT-FOR-US: IXP Data Easy Install
CVE-2023-27790
@@ -46512,7 +46512,7 @@ CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23372
RESERVED
CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
@@ -50993,7 +50993,7 @@ CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not validate
CVE-2022-4713
RESERVED
CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to stored cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the ...)
@@ -56898,7 +56898,7 @@ CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882.)
CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...)
NOT-FOR-US: Avast Antivirus
CVE-2022-4290 (The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4288
@@ -68547,7 +68547,7 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared a
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
CVE-2022-3622 (The Blog2Social plugin for WordPress is vulnerable to authorization b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
{DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
@@ -73853,7 +73853,7 @@ CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A
CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3342 (The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserializa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...)
{DLA-3454-1}
- ffmpeg 7:5.1-1
@@ -89230,7 +89230,7 @@ CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cro
CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to remote co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2440
RESERVED
CVE-2022-2439
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b0ddb1bcb079a35a585fd31339a4c3e6e3fa8f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b0ddb1bcb079a35a585fd31339a4c3e6e3fa8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231021/e14ca84a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list