Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad5f4919 by Salvatore Bonaccorso at 2023-05-26T22:59:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi
Design smart ...)
- TODO: check
+ NOT-FOR-US: TFDi Design smartCARS
CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: XXL-Job
CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the
class MP4 ...)
- TODO: check
+ NOT-FOR-US: mp4v2
CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS).
Attackers ...)
- TODO: check
+ NOT-FOR-US: skycaiji
CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701.
User-supplied input ...)
- TODO: check
+ NOT-FOR-US: Papaya Viewer
CVE-2023-33247 (Talend Data Catalog remote harvesting server before
8.0-20230413 conta ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the
web. Cro ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The
django_ses librar ...)
TODO: check
CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with
Fuel Bett ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the
session ...)
TODO: check
CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-2854
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
@@ -2052,11 +2052,11 @@ CVE-2023-31229
CVE-2023-31228
RESERVED
CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling
verification. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper
permission ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful
exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31194
RESERVED
CVE-2023-27390
@@ -2102,25 +2102,25 @@ CVE-2023-2296
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain
text i ...)
NOT-FOR-US: Dataprobe
CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48479 (The facial recognition TA of some products has the
out-of-bounds memor ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48478 (The facial recognition TA of some products lacks memory length
verific ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46886 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46885 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46884 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46883 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46882 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46881 (The video framework has memory overwriting caused by addition
overflow ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated
author user ...)
@@ -5326,7 +5326,7 @@ CVE-2023-30147
CVE-2023-30146
RESERVED
CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side
Template I ...)
- TODO: check
+ NOT-FOR-US: Camaleon CMS
CVE-2023-30144
RESERVED
CVE-2023-30143
@@ -8118,7 +8118,7 @@ CVE-2023-29100
CVE-2023-29099
RESERVED
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ArtistSc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29097
RESERVED
CVE-2023-29096
@@ -17661,7 +17661,7 @@ CVE-2023-25978
CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in 9see ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks
Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25975
RESERVED
CVE-2023-25974
@@ -17671,7 +17671,7 @@ CVE-2023-25973 (Cross-Site Request Forgery (CSRF)
vulnerability in Lucian Aposto
CVE-2023-25972
RESERVED
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD
Educare plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25970
RESERVED
CVE-2023-25969
@@ -18181,7 +18181,7 @@ CVE-2023-25783 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area
Postcode Chec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Seba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of
alarm r ...)
NOT-FOR-US: OpenNMS
CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with
servic ...)
@@ -19490,13 +19490,13 @@ CVE-2023-25472 (Cross-Site Request Forgery (CSRF)
vulnerability in Podlove Podlo
CVE-2023-25471
RESERVED
CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton
Skorobogatov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25469
RESERVED
CVE-2023-25468
RESERVED
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Mores, A. Hu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25466
RESERVED
CVE-2023-25465
@@ -20472,7 +20472,7 @@ CVE-2023-25060
CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in aval ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25057
RESERVED
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix
Feed The ...)
@@ -20512,7 +20512,7 @@ CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-25039
RESERVED
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For
the visu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25037
RESERVED
CVE-2023-25036
@@ -20520,7 +20520,7 @@ CVE-2023-25036
CVE-2023-25035
RESERVED
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP
Clean U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25033
RESERVED
CVE-2023-25032
@@ -20530,7 +20530,7 @@ CVE-2023-25031 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25030
RESERVED
CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP
Social Bo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in chuy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
@@ -23516,9 +23516,9 @@ CVE-2023-24010
CVE-2023-24009
RESERVED
CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre
Maspik \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in
TheOnlineHero - Tom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Link Softwa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Winw ...)
@@ -24425,7 +24425,7 @@ CVE-2023-23716
CVE-2023-23715
RESERVED
CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl
Uncanny ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj
Thulasidas Th ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta
Manager p ...)
@@ -27379,9 +27379,9 @@ CVE-2023-22857 (A stored Cross-site Scripting (XSS)
vulnerability in BlogEngine.
CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in
BlogEngine.NET 3. ...)
NOT-FOR-US: BlogEngine.NET
CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks
strict ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-0116 (The reminder module lacks an authentication mechanism for
broadcasts r ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-0115
REJECTED
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated
as prob ...)
@@ -27892,7 +27892,7 @@ CVE-2023-22695
CVE-2023-22694
RESERVED
CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh
WP Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen
Peters Name ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5f4919481e170dc595f938bae3660aff5fdca6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad5f4919481e170dc595f938bae3660aff5fdca6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
