Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcffc51e by Salvatore Bonaccorso at 2023-10-31T20:50:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,9 +79,9 @@ CVE-2023-5844 (Unverified Password Change in GitHub
repository pimcore/admin-ui-
CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to
Remote ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5833 (Improper Access Control in GitHub repository
mintplex-labs/anything-ll ...)
- TODO: check
+ NOT-FOR-US: AnythingLLM
CVE-2023-5832 (Improper Input Validation in GitHub repository
mintplex-labs/anything- ...)
- TODO: check
+ NOT-FOR-US: AnythingLLM
CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to
PHP Obje ...)
@@ -109,9 +109,9 @@ CVE-2023-5164 (The Bellows Accordion Menu plugin for
WordPress is vulnerable to
CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4964 (Potential open redirect vulnerability in opentext Service
Management A ...)
- TODO: check
+ NOT-FOR-US: Microfocus opentext
CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows
shell met ...)
- TODO: check
+ NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs)
CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint
SSL VPN Cl ...)
NOT-FOR-US: Securepoint SSL VPN Client
CVE-2023-45780 (In Print Service, there is a possible background activity
launch due t ...)
@@ -145,7 +145,7 @@ CVE-2023-40101 (In collapse of canonicalize_md.c, there is
a possible out of bou
CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE
10, WPB_M ...)
NOT-FOR-US: SAP
CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows
shell meta ...)
- TODO: check
+ NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs)
CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository
dolibarr/doli ...)
- dolibarr <removed>
NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3
@@ -153,11 +153,11 @@ CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in
GitHub repository dolibarr
CVE-2023-4393 (HTML and SMTP injections on the registration page of
LiquidFiles versi ...)
NOT-FOR-US: LiquidFiles
CVE-2023-46867 (In International Color Consortium DemoIccMAX 79ecb74,
CIccXformMatrixT ...)
- TODO: check
+ NOT-FOR-US: International Color Consortium DemoIccMAX
CVE-2023-46866 (In International Color Consortium DemoIccMAX 79ecb74,
CIccCLUT::Interp ...)
- TODO: check
+ NOT-FOR-US: International Color Consortium DemoIccMAX
CVE-2023-46865 (/api/v1/company/upload-logo in CompanyController.php in crater
through ...)
- TODO: check
+ NOT-FOR-US: Crater
CVE-2023-46864 (Peppermint Ticket Management through 0.2.4 allows remote
attackers to ...)
NOT-FOR-US: Peppermint Ticket Management
CVE-2023-46863 (Peppermint Ticket Management before 0.2.4 allows remote
attackers to r ...)
@@ -1043,7 +1043,7 @@ CVE-2023-31582 (jose4j before v0.9.3 allows attackers to
set a low iteration cou
CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a
hardcoded key.)
NOT-FOR-US: Dromara Sureness
CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key
without any ...)
- TODO: check
+ NOT-FOR-US: light-oauth2
CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This
issue oc ...)
- xorg-server <unfixed>
[bookworm] - xorg-server <no-dsa> (Minor issue)
@@ -63992,7 +63992,7 @@ CVE-2023-21374 (In System UI, there is a possible
factory reset protection bypas
CVE-2023-21373 (In Telephony, there is a possible way for a guest user to
change the p ...)
NOT-FOR-US: Android
CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due
to an i ...)
NOT-FOR-US: Android
CVE-2023-21370 (In the Security Element API, there is a possible out of bounds
write d ...)
@@ -64118,7 +64118,7 @@ CVE-2023-21311 (In Settings, there is a possible way to
control private DNS sett
CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a
heap bu ...)
NOT-FOR-US: Android
CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a
missing bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a
missing b ...)
NOT-FOR-US: Android
CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth
device to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcffc51eede220b5fa38e11fc8cfbe254cc5a8ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcffc51eede220b5fa38e11fc8cfbe254cc5a8ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
