Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa718d59 by Salvatore Bonaccorso at 2023-04-24T22:14:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2315,27 +2315,27 @@ CVE-2023-30380
CVE-2023-30379
RESERVED
CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a
stack-b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30377
RESERVED
CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user"
contains a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a
stack-ba ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30374
RESERVED
CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user"
contains a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains
a stack ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a
stack-b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a
stack-bas ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via
the initWe ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-30367
RESERVED
CVE-2023-30366
@@ -6487,9 +6487,9 @@ CVE-2023-1625 [information leak in API]
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE:
https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf
(20.0.0.0rc1)
CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when
deleti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not
proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1622
REJECTED
CVE-2023-1621
@@ -7650,7 +7650,7 @@ CVE-2023-1436 (An infinite recursion is triggered in
Jettison when constructing
NOTE:
https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f
(jettison-1.5.4)
NOTE: Introduced by:
https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06
(jettison-1.3.1)
CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1434
RESERVED
CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online
Orderi ...)
@@ -7997,7 +7997,7 @@ CVE-2023-22361
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an
unquote ...)
NOT-FOR-US: WAB-MAT
CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax
Search Pro W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1419
RESERVED
CVE-2023-1418 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -8009,7 +8009,7 @@ CVE-2023-1416 (A vulnerability classified as critical has
been found in Simple A
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has
been decla ...)
NOT-FOR-US: Simple Art Gallery
CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have
authorisation an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and
escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access
Contro ...)
@@ -9205,7 +9205,7 @@ CVE-2023-1326 (A privilege escalation attack was found in
apport-cli 2.26.0 and
CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1323
RESERVED
CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as
critical. A ...)
@@ -11159,7 +11159,7 @@ CVE-2023-24463
CVE-2023-22312
RESERVED
CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not
ensures tha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1128
RESERVED
CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
...)
@@ -11168,7 +11168,7 @@ CVE-2023-1127 (Divide By Zero in GitHub repository
vim/vim prior to 9.0.1367. ..
NOTE:
https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
(v9.0.1367)
NOTE: Crash in CLI tool, no security impact
CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1125
RESERVED
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before
5.4.3 ...)
@@ -13310,7 +13310,7 @@ CVE-2023-1022 (The WP Meta SEO plugin for WordPress is
vulnerable to unauthorize
CVE-2023-1021
RESERVED
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1019
RESERVED
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module
Library ...)
@@ -14749,7 +14749,7 @@ CVE-2023-0901 (Exposure of Sensitive Information to an
Unauthorized Actor in Git
CVE-2023-0900
RESERVED
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0898
RESERVED
CVE-2023-0897
@@ -20746,7 +20746,7 @@ CVE-2023-0426
CVE-2023-0425
RESERVED
CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not
properly s ...)
@@ -20754,11 +20754,11 @@ CVE-2023-0422 (The Article Directory WordPress plugin
through 1.3 does not prope
CVE-2023-0421
RESERVED
CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin
through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not
validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4894
RESERVED
CVE-2022-4893
@@ -21294,7 +21294,7 @@ CVE-2023-0390
CVE-2023-0389
RESERVED
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0387
RESERVED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access
to the ...)
@@ -22143,7 +22143,7 @@ CVE-2023-0278 (The GeoDirectory WordPress plugin before
2.2.24 does not properly
CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before
4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa718d59d18d9d1abd4b1ec0155e52dbd7923997
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa718d59d18d9d1abd4b1ec0155e52dbd7923997
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
