[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Sep 26 09:39:37 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
849b83f8 by Salvatore Bonaccorso at 2023-09-26T10:39:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is vulnerabl
 CVE-2023-5129 (With a specially crafted WebP lossless file, libwebp may write data ou ...)
 	TODO: check
 CVE-2023-4565 (Broadcast permission control vulnerability in the framework module. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-4506 (The Active Directory Integration / LDAP Integration plugin for WordPre ...)
 	NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress
 CVE-2023-4505 (The Staff / Employee Business Directory for Active Directory plugin fo ...)
@@ -19,17 +19,17 @@ CVE-2023-4259 (Two potential buffer overflow vulnerabilities at the following lo
 CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key that  ...)
 	TODO: check
 CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: Service Provider Management System
 CVE-2023-43326 (mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: mooSocial
 CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the data[redir ...)
-	TODO: check
+	NOT-FOR-US: mooSocial
 CVE-2023-43278 (A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up  ...)
-	TODO: check
+	NOT-FOR-US: Seacms
 CVE-2023-43132 (szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remo ...)
-	TODO: check
+	NOT-FOR-US: szvone vmqphp
 CVE-2023-42426 (Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1 ...)
-	TODO: check
+	NOT-FOR-US: Froala Froala Editor
 CVE-2023-41861 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict ...)
 	TODO: check
 CVE-2023-41860 (Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin < ...)
@@ -39,23 +39,23 @@ CVE-2023-41312 (Permission control vulnerability in the audio module. Successful
 CVE-2023-41311 (Permission control vulnerability in the audio module. Successful explo ...)
 	TODO: check
 CVE-2023-41310 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41309 (Permission control vulnerability in the MediaPlaybackController module ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41308 (Screenshot vulnerability in the input module. Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41307 (Memory overwriting vulnerability in the security module. Successful ex ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41306 (Vulnerability of mutex management in the bone voice ID trusted applica ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted in a V ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP  Webse ...)
 	TODO: check
 CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-5166 (Docker Desktop before 4.23.0 allows Access Token theft via a crafted e ...)
 	NOT-FOR-US: Docker Desktop
 CVE-2023-5165 (Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enh ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/849b83f85672333235df530bda9aa3d8243ab7fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/849b83f85672333235df530bda9aa3d8243ab7fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230926/d4c0b27f/attachment.htm>
