[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 3 20:42:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e01db48d by Salvatore Bonaccorso at 2023-04-03T21:41:50+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-1801
RESERVED
CVE-2023-1800 (A vulnerability, which was classified as critical, has been found in s ...)
- TODO: check
+ NOT-FOR-US: sjqzhang go-fastdfs
CVE-2023-1799 (A vulnerability, which was classified as problematic, was found in Eyo ...)
NOT-FOR-US: EyouCMS
CVE-2023-1798 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -53,7 +53,7 @@ CVE-2023-1786
CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2023-29149
RESERVED
CVE-2023-29148
@@ -381,7 +381,7 @@ CVE-2023-29034
CVE-2023-29033
REJECTED
CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...)
NOT-FOR-US: SourceCodester Air Cargo Management System
CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...)
@@ -439,7 +439,7 @@ CVE-2023-1714
CVE-2023-1713
RESERVED
CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...)
- TODO: check
+ NOT-FOR-US: deepset-ai haystack
CVE-2023-1711
RESERVED
CVE-2023-29032
@@ -782,7 +782,7 @@ CVE-2023-1667
CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic Question Pa ...)
NOT-FOR-US: SourceCodester Automatic Question Paper Generator System
CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
- TODO: check
+ NOT-FOR-US: linagora twake
CVE-2023-28927
RESERVED
CVE-2023-28926
@@ -1001,7 +1001,7 @@ CVE-2023-1639 (A vulnerability classified as problematic has been found in IObit
CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...)
- TODO: check
+ NOT-FOR-US: pullit Node.js package
CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open ...)
- python-redis <not-affected> (Incomplete fix for CVE-2023-28858 not applied)
NOTE: https://github.com/redis/redis-py/issues/2665
@@ -1720,7 +1720,7 @@ CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the n
CVE-2023-28646 (Nextcloud android is an android app for interfacing with the nextcloud ...)
NOT-FOR-US: Nextcloud android application
CVE-2023-28645 (Nextcloud richdocuments is a Nextcloud app integrating the office suit ...)
- TODO: check
+ NOT-FOR-US: Nextcloud richdocuments
CVE-2023-28644 (Nextcloud server is an open source home cloud implementation. In relea ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-28643 (Nextcloud server is an open source home cloud implementation. In affec ...)
@@ -1735,7 +1735,7 @@ CVE-2023-28642 (runc is a CLI tool for spawning and running containers according
CVE-2023-28641
RESERVED
CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...)
- TODO: check
+ NOT-FOR-US: Apiman
CVE-2023-28639
RESERVED
CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...)
@@ -4237,7 +4237,7 @@ CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web Services
CVE-2023-27893 (An attacker authenticated as a user with a non-administrative role and ...)
NOT-FOR-US: SAP
CVE-2023-1258 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: ABB Flow-X firmware
CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...)
NOT-FOR-US: Moxa UC Series devices
CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...)
@@ -6167,7 +6167,7 @@ CVE-2023-1062 (A vulnerability, which was classified as critical, was found in S
CVE-2023-1061 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-1060 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: YKM YKM CRM
CVE-2023-1059 (A vulnerability classified as critical was found in SourceCodester Doc ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-1058 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -6895,7 +6895,7 @@ CVE-2023-26927
CVE-2023-26926
RESERVED
CVE-2023-26925 (An information disclosure vulnerability exists in the Syslog functiona ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...)
TODO: check
CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that ...)
@@ -7034,7 +7034,7 @@ CVE-2023-26860
CVE-2023-26859
RESERVED
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
- TODO: check
+ NOT-FOR-US: prestashop
CVE-2023-26857
RESERVED
CVE-2023-26856
@@ -7090,9 +7090,9 @@ CVE-2023-26832
CVE-2023-26831
RESERVED
CVE-2023-26830 (An unrestricted file upload vulnerability in the administrative portal ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2023-26829 (An authentication bypass vulnerability in the Password Reset component ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2023-26828
RESERVED
CVE-2023-26827
@@ -15837,9 +15837,9 @@ CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP c
CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...)
NOT-FOR-US: Akuvox
CVE-2023-0344 (Akuvox E11 appears to be using a custom version of dropbear SSH server ...)
- TODO: check
+ NOT-FOR-US: Akuvox E11
CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are then f ...)
- TODO: check
+ NOT-FOR-US: Akuvox E11
CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
NOT-FOR-US: frioux ptome
CVE-2023-23753
@@ -16401,7 +16401,7 @@ CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command inject
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...)
NOT-FOR-US: BlueCat Device Registration Portal
CVE-2023-23594 (An authentication bypass vulnerability in the web client interface for ...)
- TODO: check
+ NOT-FOR-US: CL4NX printer
CVE-2023-23593
RESERVED
CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
@@ -18142,7 +18142,7 @@ CVE-2023-22289
CVE-2023-0209
RESERVED
CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DCGM for Linux
CVE-2023-0207
RESERVED
CVE-2023-0206
@@ -18249,7 +18249,7 @@ CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, wh
[buster] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
CVE-2023-0192 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1033783)
- nvidia-graphics-drivers-tesla <unfixed> (bug #1033782)
@@ -18339,7 +18339,7 @@ CVE-2023-0187 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1033783)
- nvidia-graphics-drivers-tesla <unfixed> (bug #1033782)
@@ -18386,7 +18386,7 @@ CVE-2023-0183 (NVIDIA GPU Display Driver for Linux contains a vulnerability in t
[bullseye] - nvidia-graphics-drivers <no-dsa> (non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452
CVE-2023-0182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2023-0181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
TODO: check
CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a kern ...)
@@ -22745,7 +22745,7 @@ CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Scri
CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...)
NOT-FOR-US: Siren Investigate
CVE-2022-47542 (Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Cont ...)
- TODO: check
+ NOT-FOR-US: Red Gate SQL Monitor
CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
NOT-FOR-US: OpenEMR
CVE-2022-4614 (Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znot ...)
@@ -25100,15 +25100,15 @@ CVE-2023-0011
CVE-2022-47193
RESERVED
CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Generex UPS CS141
CVE-2022-47191 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Generex UPS CS141
CVE-2022-47190 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Generex UPS CS141
CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker toupload a fi ...)
- TODO: check
+ NOT-FOR-US: Generex UPS CS141
CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...)
- TODO: check
+ NOT-FOR-US: Generex UPS CS141
CVE-2022-47187
RESERVED
CVE-2022-47186
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e01db48d31f8ed5af96a922a188a9f230d26e482
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e01db48d31f8ed5af96a922a188a9f230d26e482
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230403/098c601d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list