Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aac7d617 by Salvatore Bonaccorso at 2023-11-06T09:20:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in
Mitsub ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-47271 (PKP-WAL (aka PKP Web Application Library or pkp-lib) before
3.3.0-16, ...)
TODO: check
CVE-2023-47253 (Qualitor through 8.20 allows remote attackers to execute
arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: Qualitor
CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts
XML exte ...)
- TODO: check
+ NOT-FOR-US: e-Tax software
CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to
read beyond ...)
TODO: check
CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles
an nlri ...)
TODO: check
CVE-2023-38382 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33924 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32840 (In modem CCCI, there is a possible out of bounds write due to
a missin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32839 (In dpe, there is a possible out of bounds write due to a
missing valid ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32838 (In dpe, there is a possible out of bounds write due to a
missing valid ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32837 (In video, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32836 (In display, there is a possible out of bounds write due to an
integer ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32835 (In keyinstall, there is a possible memory corruption due to
type confu ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32834 (In secmem, there is a possible memory corruption due to type
confusion ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32832 (In video, there is a possible memory corruption due to a race
conditio ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32825 (In bluethooth service, there is a possible out of bounds reads
due to ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-32818 (In vdec, there is a possible out of bounds write due to type
confusion ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2021-4430 (A vulnerability classified as problematic has been found in
Ortus Solu ...)
- TODO: check
+ NOT-FOR-US: Ortus Solutions ColdBox Elixir
CVE-2018-25093 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to
2.10.2. I ...)
- TODO: check
+ NOT-FOR-US: Vaerys-Dawn DiscordSailv2
CVE-2018-25092 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to
2.10.2. I ...)
- TODO: check
+ NOT-FOR-US: Vaerys-Dawn DiscordSailv2
CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
Magnesium ...)
- TODO: check
+ NOT-FOR-US: Magnesium-PHP
CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via
thumbnails ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -56453,15 +56453,15 @@ CVE-2022-47434 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel
Powney ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47432 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in
Tussendoor inter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47430 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47429
RESERVED
CVE-2022-47428 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -56477,7 +56477,7 @@ CVE-2022-47422 (Cross-Site Request Forgery (CSRF)
vulnerability in HM Plugin Acc
CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Repu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47420 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS.
Successful ...)
NOT-FOR-US: Mayan EDMS DMS
CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are
vulnerable to a s ...)
@@ -58252,7 +58252,7 @@ CVE-2022-46862 (Cross-Site Request Forgery (CSRF)
vulnerability in ExpressTech Q
CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Zia ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46860 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Amin A.R ...)
@@ -58274,7 +58274,7 @@ CVE-2022-46851 (Cross-Site Request Forgery (CSRF)
vulnerability in Brainstorm Fo
CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to
Arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46849 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46847
@@ -58419,7 +58419,7 @@ CVE-2022-46810 (Cross-Site Request Forgery (CSRF)
vulnerability in VillaTheme Th
CVE-2022-46809
RESERVED
CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46807
RESERVED
CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Cart All ...)
@@ -63085,7 +63085,7 @@ CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2022-45374
RESERVED
CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer
Product Ga ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet
ShopEngine pl ...)
@@ -68131,7 +68131,7 @@ CVE-2023-20704 (In apu, there is a possible out of
bounds read due to a missing
CVE-2023-20703 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
NOT-FOR-US: Mediatek
CVE-2023-20702 (In 5G NRLC, there is a possible invalid memory access due to
lack of e ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a
logic er ...)
NOT-FOR-US: Mediatek
CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a
logic er ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac7d617e428aaed9180449710e85d0af948e666
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac7d617e428aaed9180449710e85d0af948e666
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
