Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a6c84b0 by Salvatore Bonaccorso at 2023-10-06T23:23:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path
to escalate privi
CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Turna Advertising Administration Panel
CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45311 (fsevents before 1.2.11 depends on the
https://fsevents-binaries.s3-us- ...)
TODO: check
CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection
if users ...)
@@ -21,31 +21,31 @@ CVE-2023-45244 (Sensitive information disclosure and
manipulation due to missing
CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit
4fdf178 ...)
TODO: check
CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in
the canc ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS
v.9.4.59197 ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS
v.9.4.59197 ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in
Concrete CMS v. ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: GDidees CMS
CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects,
issue types ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan
Blokhuis Inst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins
Best Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront
Inc. Che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a
vendor-neutral open- ...)
TODO: check
CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to
privilege escal ...)
@@ -53,35 +53,35 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is
vulnerable to privilege
CVE-2023-42445 (Gradle is a build tool with a focus on build automation and
support fo ...)
TODO: check
CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta -
Roel Bous ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP
Classifieds Tea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople
CP Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules
Colle, BDWM R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas
Heigl authL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal
Remove/hi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in
\u5927\u4fa0wp DX-a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO
CLUEVO LMS, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh
Matta Simpl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus
subsyste ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-38703 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
CVE-2023-36465 (Decidim is a participatory democracy framework, written in
Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for
Virtual Enviro ...)
NOT-FOR-US: IBM
CVE-2023-32972 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32971 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-5408
NOT-FOR-US: OpenShift
CVE-2023-4061
@@ -25518,7 +25518,7 @@ CVE-2023-29237
CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cththeme ...)
NOT-FOR-US: WordPress theme
CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu
Maintenance Sw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29234
RESERVED
CVE-2023-23581
@@ -27122,7 +27122,7 @@ CVE-2023-28793
CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh
Matta Simpl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Bre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cimatti ...)
@@ -31180,7 +31180,7 @@ CVE-2023-27617 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
David F. Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C.
Gajjar WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian
Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
MonitorC ...)
@@ -31745,7 +31745,7 @@ CVE-2023-27450 (Unauth. Stored Cross-Site Scripting
(XSS) vulnerability in Tepli
CVE-2023-27449
RESERVED
CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories
Team Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27447
RESERVED
CVE-2023-27446
@@ -37624,7 +37624,7 @@ CVE-2023-25482 (Cross-Site Request Forgery (CSRF)
vulnerability in Mike Martel W
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Sub ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid
Post and P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet
Weather ...)
@@ -38715,7 +38715,7 @@ CVE-2023-25035
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP
Clean U ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social
Share B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25032
RESERVED
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
@@ -43825,9 +43825,9 @@ CVE-2023-23373
CVE-2023-23372
RESERVED
CVE-2023-23371 (A cleartext transmission of sensitive information
vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23370 (An insufficiently protected credentials vulnerability has been
reporte ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23369
RESERVED
CVE-2023-23368
@@ -43835,9 +43835,9 @@ CVE-2023-23368
CVE-2023-23367
RESERVED
CVE-2023-23366 (A path traversal vulnerability has been reported to affect
Music Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23365 (A path traversal vulnerability has been reported to affect
Music Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has
been re ...)
NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has
been re ...)
@@ -52047,7 +52047,7 @@ CVE-2022-47177 (Cross-Site Request Forgery (CSRF)
vulnerability in WP Easy Pay W
CVE-2022-47176
RESERVED
CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal
Royal Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress
Performan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nasi ...)
@@ -59795,7 +59795,7 @@ CVE-2023-21293
CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to
reveal i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to
bypass file ...)
NOT-FOR-US: Android
CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi
user secu ...)
@@ -59845,7 +59845,7 @@ CVE-2023-21268 (In update of MmsProvider.java, there is
a possible way to change
CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java,
there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21265 (In multiple locations, there are root CA certificates which
need to be ...)
NOT-FOR-US: Android
CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible
way to acc ...)
@@ -59878,9 +59878,9 @@ CVE-2023-21255 (In multiple functions of binder.c,
there is a possible memory co
CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there
is a po ...)
NOT-FOR-US: Android
CVE-2023-21253 (In multiple locations, there is a possible way to crash
multiple syste ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to
connect ...)
NOT-FOR-US: Android
CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible
out of bou ...)
@@ -59896,7 +59896,7 @@ CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java,
there is a possible way fo
CVE-2023-21245 (In showNextSecurityScreenOrFinish of
KeyguardSecurityContainerControll ...)
NOT-FOR-US: Android
CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass
of user ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java,
there is a ...)
NOT-FOR-US: Android
CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java,
there is ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c84b0791a7407b89fea81ccd585f0aecea1a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a6c84b0791a7407b89fea81ccd585f0aecea1a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
