Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0c76425 by Moritz Muehlenhoff at 2023-06-20T21:07:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2023-3325 (The CMS Commander plugin for WordPress is
vulnerable to authoriza
CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to
Cross-Site ...)
NOT-FOR-US: WP Sticky Social plugin for WordPress
CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1
and ear ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
EventPri ...)
- TODO: check
+ NOT-FOR-US: EventPrime plugin
CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Vady ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain
a cross- ...)
- TODO: check
+ NOT-FOR-US: SUBNET PowerSYSTEM Center
CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SUBNET PowerSYSTEM Center
CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management
System 1 ...)
NOT-FOR-US: SourceCodester Resort Management System
CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
@@ -28,7 +28,7 @@ CVE-2023-3312 (A vulnerability was found in
drivers/cpufreq/qcom-cpufreq-hw.c in
- linux <not-affected> (Vulnerable code never present in released
version)
NOTE:
https://git.kernel.org/linus/ba5e770c9698782bc203bbf5cf3b36a77720bdbe (6.4-rc1)
CVE-2023-35843 (NocoDB through 0.106.0 (or 0.109.1) has a path traversal
vulnerability ...)
- TODO: check
+ NOT-FOR-US: NocoDB
CVE-2023-35779 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Seed ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35776 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -64,11 +64,11 @@ CVE-2023-34155 (Vulnerability of unauthorized calling on
HUAWEI phones and table
CVE-2023-33213 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gVec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31411 (A remote unprivileged attacker can modify and access
configuration set ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-31410 (A remote unprivileged attacker can intercept the communication
via e.g ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Marksoft
CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not
sanitise ...)
@@ -102,39 +102,39 @@ CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6
doesn't filter user input
CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not
check f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting
Systems Imag ...)
- TODO: check
+ NOT-FOR-US: Dominion Voting Systems
CVE-2022-48501 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48500 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48499 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48498 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48497 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48496 (Vulnerability of lax app identity verification in the
pre-authorizatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48495 (Vulnerability of unauthorized access to foreground app
information.Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48494 (Vulnerability of lax app identity verification in the
pre-authorizatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48493 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48492 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48491 (Vulnerability of missing authentication on certain HUAWEI
phones.Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48490 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48489 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48488 (Vulnerability of bypassing the default desktop security
controls.Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48487 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48486 (Configuration defects in the secure OS module.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-3311 (A vulnerability, which was classified as problematic, was found
in Pun ...)
NOT-FOR-US: PuneethReddyHC online-shopping-system-advanced
CVE-2023-3310 (A vulnerability, which was classified as critical, has been
found in c ...)
@@ -209,7 +209,7 @@ CVE-2023-32270 (Access of memory location after end of
buffer issue exists in TE
CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS
v4.0.15.0 a ...)
NOT-FOR-US: TELLUS
CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server
v4.0.15.0 and V- ...)
- TODO: check
+ NOT-FOR-US: FUJI
CVE-2023-30759 (The driver installation package created by Printer Driver
Packager NX ...)
NOT-FOR-US: Ricoh
CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
@@ -507,7 +507,7 @@ CVE-2023-34623 (An issue was discovered jtidy thru r938
allows attackers to caus
[bullseye] - jtidy <no-dsa> (Minor issue)
NOTE: https://github.com/trajano/jtidy/issues/4
CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to
cause a d ...)
- TODO: check
+ NOT-FOR-US: hjson
CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to
cause a de ...)
TODO: check
CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to
cause a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c76425bbba68a1de1dde3906baad031a9fb13b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0c76425bbba68a1de1dde3906baad031a9fb13b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
