Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34b0ddb1 by Salvatore Bonaccorso at 2023-10-21T16:59:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,31 +63,31 @@ CVE-2023-45661 (stb_image is a single file MIT licensed
library for processing i
- libstb <unfixed>
NOTE:
https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/
CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick
CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: opensolution Quick CMS
CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It
allows keep ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It
allows Remo ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It
allows supe ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It
allows spam ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It
allows Expo ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an
attacker to f ...)
- TODO: check
+ NOT-FOR-US: Langchain
CVE-2023-32785 (In Langchain through 0.0.155, prompt injection allows
execution of arb ...)
- TODO: check
+ NOT-FOR-US: Langchain
CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository
modoboa/modoboa ...)
@@ -118,23 +118,23 @@ CVE-2023-44483 (All versions of Apache Santuario - XML
Security for Java prior t
NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version
4.3.1 and ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Gecko Bootloader
CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Sitolog sitologapplicationconnect
CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU
(Time-of-check Tim ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege
escalation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior
to 13.5) ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception]
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -23420,7 +23420,7 @@ CVE-2023-2176 (A vulnerability was found in
compare_netdev_and_ip in drivers/inf
NOTE:
https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leo...@nvidia.com/
NOTE:
https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1)
CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2175
RESERVED
CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized
modific ...)
@@ -25684,9 +25684,9 @@ CVE-2023-30134
CVE-2023-30133
RESERVED
CVE-2023-30132 (An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: IXP Data EasyInstall
CVE-2023-30131 (An issue discovered in IXP EasyInstall 6.6.14884.0 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: IXP Data EasyInstall
CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to
execute ...)
NOT-FOR-US: CraftCMS
CVE-2023-30129
@@ -27858,9 +27858,9 @@ CVE-2022-4936 (The WCFM Marketplace plugin for
WordPress is vulnerable to Cross-
CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WCFM Marketplace plugin for WordPress
CVE-2021-4335 (The Fancy Product Designer plugin for WordPress is vulnerable
to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable
to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125094 (A vulnerability classified as problematic was found in
phpMiniAdmin up ...)
NOT-FOR-US: phpMiniAdmin
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters
into field ...)
@@ -33455,13 +33455,13 @@ CVE-2023-27797
CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX
PRO Wire ...)
NOT-FOR-US: RG-EW1200G PRO Wireless Routers
CVE-2023-27795 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows a
local a ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27794
RESERVED
CVE-2023-27793 (An issue discovered in IXP Data Easy Install v.6.6.14884.0
allows loca ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27792 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows
an attack ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a
remote att ...)
NOT-FOR-US: IXP Data Easy Install
CVE-2023-27790
@@ -46512,7 +46512,7 @@ CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code
Execution Vulnerability)
CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-23373 (An OS command injection vulnerability has been reported to
affect QUSB ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23372
RESERVED
CVE-2023-23371 (A cleartext transmission of sensitive information
vulnerability has be ...)
@@ -50993,7 +50993,7 @@ CVE-2022-4714 (The WP Dark Mode WordPress plugin before
4.0.0 does not validate
CVE-2022-4713
RESERVED
CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to
stored cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input
validation in the ...)
@@ -56898,7 +56898,7 @@ CVE-2022-4292 (Use After Free in GitHub repository
vim/vim prior to 9.0.0882.)
CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained
a pote ...)
NOT-FOR-US: Avast Antivirus
CVE-2022-4290 (The Cyr to Lat plugin for WordPress is vulnerable to
authenticated SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4288
@@ -68547,7 +68547,7 @@ CVE-2022-3623 (A vulnerability was found in Linux
Kernel. It has been declared a
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
CVE-2022-3622 (The Blog2Social plugin for WordPress is vulnerable to
authorization b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been
classified as p ...)
{DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
@@ -73853,7 +73853,7 @@ CVE-2022-3344 (A flaw was found in the KVM's AMD nested
virtualization (SVM). A
CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a
companion p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3342 (The Jetpack CRM plugin for WordPress is vulnerable to PHAR
deserializa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in
decode_ ...)
{DLA-3454-1}
- ffmpeg 7:5.1-1
@@ -89230,7 +89230,7 @@ CVE-2022-2443 (The FreeMind WP Browser plugin for
WordPress is vulnerable to Cro
CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to
remote co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2440
RESERVED
CVE-2022-2439
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b0ddb1bcb079a35a585fd31339a4c3e6e3fa8f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b0ddb1bcb079a35a585fd31339a4c3e6e3fa8f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
