[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Tue, 15 Aug 2023 11:21:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
634d774f by Salvatore Bonaccorso at 2023-08-15T20:20:53+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub 
repository libre
 CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to 
Stored  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly 
validate HTTP  ...)
-       TODO: check
+       NOT-FOR-US: LiteSpeed OpenLiteSpeed
 CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has 
control of a ...)
        TODO: check
 CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using 
XMLHttpRequ ...)
@@ -15,9 +15,9 @@ CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to 
contain a stack overflo
 CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack 
overflow via  ...)
        NOT-FOR-US: Tenda
 CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written 
in Svelte ...)
-       TODO: check
+       NOT-FOR-US: Svelecte
 CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, 
there is a  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-32358 (A type confusion issue was addressed with improved checks. 
This issue  ...)
        TODO: check
 CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2 prio ...)
@@ -46,11 +46,11 @@ CVE-2023-40312 (Multiple reflected XSS were found on 
different JSP files with un
 CVE-2023-40311 (Multiple stored XSS were found on different JSP files with 
unsanitized ...)
        NOT-FOR-US: OpenMNS
 CVE-2023-40024 (ScanCode.io is a server to script and automate software 
composition an ...)
-       TODO: check
+       NOT-FOR-US: ScanCode.io
 CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. 
The Yak  ...)
-       TODO: check
+       NOT-FOR-US: yaklang
 CVE-2023-40020 (PrivateUploader is an open source image hosting server written 
in Vue  ...)
-       TODO: check
+       NOT-FOR-US: PrivateUploader
 CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise 
and esca ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 
2.2.0 doe ...)
@@ -74,13 +74,13 @@ CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, 
and 9.1 is vulnerable
 CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for 
i conta ...)
        NOT-FOR-US: IBM
 CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: novel-plus
 CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to 
Cross S ...)
        NOT-FOR-US: Code Projects Hospital Information System
 CVE-2023-33013 (A post-authentication command injection vulnerability in the 
NTP featu ...)
        NOT-FOR-US: Zyxel
 CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect 
through 19.3 S ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 
3.1.29  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 
3.1.29  ...)
@@ -792,7 +792,7 @@ CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a 
stack-based buffer ove
 CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: mAyaNet E-Commerce Software
 CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: jackson-dataformats-text
 CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Farmakom Remote Administration Console
 CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -1147,7 +1147,7 @@ CVE-2023-39526 (PrestaShop is an open source e-commerce 
web application. Version
 CVE-2023-39525 (PrestaShop is an open source e-commerce web application. Prior 
to vers ...)
        NOT-FOR-US: PrestaShop
 CVE-2023-39523 (ScanCode.io is a server to script and automate software 
composition an ...)
-       TODO: check
+       NOT-FOR-US: ScanCode.io
 CVE-2023-39440 (In SAP BusinessObjects Business Intelligence - version 420,  
If a user ...)
        NOT-FOR-US: SAP
 CVE-2023-39439 (SAP Commerce Cloud may accept an empty passphrase for user ID 
and pass ...)
@@ -12629,7 +12629,7 @@ CVE-2023-2247 (In affected versions of Octopus Deploy 
it is possible to unmask v
 CVE-2023-31042
        RESERVED
 CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O 
with ker ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2023-31040
        RESERVED
 CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza 
Ordering ...)
@@ -13667,17 +13667,17 @@ CVE-2023-30756
 CVE-2023-30755
        RESERVED
 CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
AdFoxly  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Phan Chu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Silv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in iCon ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30750
        RESERVED
 CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in ihom ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30748
        RESERVED
 CVE-2023-30747
@@ -14595,7 +14595,7 @@ CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in Co
 CVE-2023-30490
        RESERVED
 CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
I Thirte ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30488
        RESERVED
 CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ThimPres ...)
@@ -14607,7 +14607,7 @@ CVE-2023-30485
 CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress 
Enable Acces ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Kiboko L ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Alexey G ...)
@@ -14619,11 +14619,11 @@ CVE-2023-30479
 CVE-2023-30478
        RESERVED
 CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Essi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30476
        RESERVED
 CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Elliot S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian 
Evang Ultima ...)
        NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
 CVE-2023-30473
@@ -15312,11 +15312,11 @@ CVE-2023-30190
 CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL 
Injection via ...)
        NOT-FOR-US: Prestashop
 CVE-2023-30188 (Memory Exhaustion vulnerability in ONLYOFFICE Document Server 
4.0.3 th ...)
-       TODO: check
+       NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30187 (An out of bounds memory access vulnerability in ONLYOFFICE 
DocumentSer ...)
-       TODO: check
+       NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30186 (A use after free issue discovered in ONLYOFFICE DocumentServer 
4.0.3 t ...)
-       TODO: check
+       NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2023-30185 (CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file 
upload  ...)
        NOT-FOR-US: CRMEB
 CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho 
v1.2.0 al ...)
@@ -17001,7 +17001,7 @@ CVE-2023-29469 (An issue was discovered in libxml2 
before 2.10.4. When hashing e
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
 (v2.10.4)
 CVE-2023-29468 (The Texas Instruments (TI) WiLink WL18xx MCP driver does not 
limit the ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments
 CVE-2023-29467
        RESERVED
 CVE-2023-29466



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634d774f7884ccfcf30bd2c839ce1f0392248b5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634d774f7884ccfcf30bd2c839ce1f0392248b5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to