[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Sep 26 12:10:41 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee874705 by Moritz Muehlenhoff at 2023-09-26T13:10:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-5192 (Excessive Data Query Operations in a Large Data Table in GitHub reposi ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-5162 (The Options for Twenty Seventeen plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: Options for Twenty Seventeen plugin for WordPress
 CVE-2023-5161 (The Modal Window plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -23,9 +23,9 @@ CVE-2023-4506 (The Active Directory Integration / LDAP Integration plugin for Wo
 CVE-2023-4505 (The Staff / Employee Business Directory for Active Directory plugin fo ...)
 	NOT-FOR-US: Staff / Employee Business Directory for Active Directory plugin for WordPress
 CVE-2023-4259 (Two potential buffer overflow vulnerabilities at the following locatio ...)
-	TODO: check
+	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key that  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...)
 	NOT-FOR-US: Service Provider Management System
 CVE-2023-43326 (mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS ...)
@@ -39,13 +39,13 @@ CVE-2023-43132 (szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorize
 CVE-2023-42426 (Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1 ...)
 	NOT-FOR-US: Froala Froala Editor
 CVE-2023-41861 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41860 (Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin < ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41312 (Permission control vulnerability in the audio module. Successful explo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41311 (Permission control vulnerability in the audio module. Successful explo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41310 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
 	NOT-FOR-US: Huawei
 CVE-2023-41309 (Permission control vulnerability in the MediaPlaybackController module ...)
@@ -59,7 +59,7 @@ CVE-2023-41306 (Vulnerability of mutex management in the bone voice ID trusted a
 CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted in a V ...)
 	NOT-FOR-US: Huawei
 CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP  Webse ...)
-	TODO: check
+	NOT-FOR-US: EasyPHP Webserver
 CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
 	NOT-FOR-US: TP-Link
 CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...)
@@ -82,7 +82,7 @@ CVE-2023-5156 (A flaw was found in the GNU C Library. A recent fix for CVE-2023-
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
 	NOTE: https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html
 CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows events  ...)
-	TODO: check
+	NOT-FOR-US: Teedy
 CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers such as  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4549 (The DoLogin Security WordPress plugin before 3.7 does not properly san ...)
@@ -104,7 +104,7 @@ CVE-2023-4238 (The Prevent files / folders access WordPress plugin before 2.5.2
 CVE-2023-4148 (The Ditty WordPress plugin before 3.1.25 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-43644 (Sing-box is an open source proxy system. Affected versions are subject ...)
-	TODO: check
+	NOT-FOR-US: sing-box
 CVE-2023-43642 (snappy-java is a Java port of the snappy, a fast C++ compresser/decomp ...)
 	TODO: check
 CVE-2023-43458 (Cross Site Scripting (XSS) vulnerability in Resort Reservation System  ...)
@@ -118,7 +118,7 @@ CVE-2023-43339 (Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.
 CVE-2023-43319 (Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWar ...)
 	NOT-FOR-US: IceWarp WebClient
 CVE-2023-43256 (A path traversal in Gladys Assistant v4.26.1 and below allows authenti ...)
-	TODO: check
+	NOT-FOR-US: Gladys Assistant
 CVE-2023-43141 (TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulner ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-43131 (General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.)
@@ -154,7 +154,7 @@ CVE-2023-41296 (Vulnerability of missing authorization in the kernel module. Suc
 CVE-2023-41295 (Vulnerability of improper permission management in the displayengine m ...)
 	NOT-FOR-US: Huawei
 CVE-2023-41294 (The DP module has a service hijacking vulnerability.Successful exploit ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-41293 (Data security classification vulnerability in the DDMP module. Success ...)
 	NOT-FOR-US: Huawei
 CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buffer_for ...)
@@ -171,7 +171,7 @@ CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3
 CVE-2023-3226 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-39640 (UpLight cookiebanner before 1.5.1 was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: UpLight cookiebanner
 CVE-2023-39453 (A use-after-free vulnerability exists in the tif_parse_sub_IFD functio ...)
 	TODO: check
 CVE-2023-39409 (DoS vulnerability in the PMS module. Successful exploitation of this v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee874705fa730f06afd054a6d0f45884a0a0f8c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee874705fa730f06afd054a6d0f45884a0a0f8c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230926/ae2b5085/attachment.htm>

More information about the debian-security-tracker-commits mailing list