Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c702a1a by Salvatore Bonaccorso at 2023-11-20T21:25:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6
does not sanitise and
CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in
place ...)
NOT-FOR-US: WooHoo Newspaper Magazine theme
CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth`
applicati ...)
TODO: check
CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the
loading of ...)
@@ -53,35 +53,35 @@ CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT)
implementation. Prio
CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS)
functionality sur ...)
TODO: check
CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints
from rev ...)
- TODO: check
+ NOT-FOR-US: Strapi Protected Populate Plugin
CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack
overflow via t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap
overflow via th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap
overflow via th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory
leaks in ...)
TODO: check
CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory
leak in ...)
TODO: check
CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in
Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component
/shells/embe ...)
- TODO: check
+ NOT-FOR-US: DZSlides
CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e
allows a ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker causes ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker get se ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker arbitr ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local
attacker get co ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker
get co ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site
request ...)
TODO: check
CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in
the Commun ...)
@@ -97,13 +97,13 @@ CVE-2023-38880 (The Community Edition version 9.0 of
OS4ED's openSIS Classic has
CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic
allows re ...)
TODO: check
CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9
v.1.0, AC ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are
vulnerable to ope ...)
- TODO: check
+ NOT-FOR-US: INEA ME RTU firmware
CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not
require authen ...)
- TODO: check
+ NOT-FOR-US: INEA ME RTU firmware
CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar
prior to 5.2 ...)
NOT-FOR-US: LuxCal Web Calendar
CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to
5.2.4M (My ...)
@@ -189866,7 +189866,7 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to
2.1.3 are vulnerable to intege
CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included
unused ha ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small
buffer on ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments TI-RTOS
CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports
upgrading f ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around
in its ...)
@@ -201600,7 +201600,7 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and
prior is vulnerable to an ou
CVE-2021-22637 (Multiple stack-based buffer overflow issues have been
identified in th ...)
NOT-FOR-US: Fuji Electric
CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem
heap(default ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments TI-RTOS
CVE-2021-22635
RESERVED
CVE-2021-22634
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c702a1ab2f04fb2fc94f1b09b8a75d16d3107fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
