[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 6 17:10:59 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55fde9fb by Moritz Mühlenhoff at 2023-04-06T18:10:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1853,7 +1853,7 @@ CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that a
CVE-2023-28849 (GLPI is a free asset and IT management software package. Starting in v ...)
- glpi <removed>
CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...)
- TODO: check
+ NOT-FOR-US: user_oidc extension for NextCloud
CVE-2023-28847
RESERVED
CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
@@ -2265,7 +2265,7 @@ CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management Sy
CVE-2023-1555
RESERVED
CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28730
RESERVED
CVE-2023-28729
@@ -2594,7 +2594,7 @@ CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated
CVE-2023-1523
RESERVED
CVE-2023-1522 (SQL Injection in the Hardware Inventory report of Security Center 5.11 ...)
- TODO: check
+ NOT-FOR-US: Security Center
CVE-2023-1521
RESERVED
CVE-2023-1520
@@ -3423,7 +3423,7 @@ CVE-2023-1414
CVE-2023-1413
RESERVED
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
- TODO: check
+ NOT-FOR-US: Cloudflare WARP
CVE-2023-1411
RESERVED
CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability. G ...)
@@ -3575,7 +3575,7 @@ CVE-2019-25117
CVE-2019-25116
RESERVED
CVE-2023-28342 (Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to cond ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-28341
RESERVED
CVE-2023-28340
@@ -4482,7 +4482,7 @@ CVE-2023-28071
CVE-2023-28070
RESERVED
CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28068
RESERVED
CVE-2023-28067
@@ -4528,7 +4528,7 @@ CVE-2023-28048
CVE-2023-28047
RESERVED
CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28045
RESERVED
CVE-2023-28044
@@ -5610,7 +5610,7 @@ CVE-2023-27736
CVE-2023-27735
RESERVED
CVE-2023-27734 (An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker ...)
- TODO: check
+ NOT-FOR-US: Eteran edb-debugger
CVE-2023-27733
RESERVED
CVE-2023-27732
@@ -7210,13 +7210,13 @@ CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allo
CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...)
NOT-FOR-US: request-baskets
CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...)
- TODO: check
+ NOT-FOR-US: openapi-generator
CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)
NOT-FOR-US: Jellyfin
CVE-2023-27160 (forem up to v2022.11.11 was discovered to contain a Server-Side Reques ...)
- TODO: check
+ NOT-FOR-US: forem
CVE-2023-27159 (Appwrite up to v1.2.1 was discovered to contain a Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: Appwrite
CVE-2023-27158
RESERVED
CVE-2023-27157
@@ -7377,7 +7377,7 @@ CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 al
CVE-2023-27090
RESERVED
CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...)
- TODO: check
+ NOT-FOR-US: Ehuacui
CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
NOT-FOR-US: feiqu-opensource Background Vertical
CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...)
@@ -7720,7 +7720,7 @@ CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability
CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
NOT-FOR-US: Varisicte
CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...)
- TODO: check
+ NOT-FOR-US: quectel
CVE-2023-26920
RESERVED
CVE-2023-26919
@@ -7831,7 +7831,7 @@ CVE-2023-26868
CVE-2023-26867
RESERVED
CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...)
- TODO: check
+ NOT-FOR-US: GreenPacket
CVE-2023-26865
RESERVED
CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
@@ -7849,9 +7849,9 @@ CVE-2023-26859
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
NOT-FOR-US: prestashop
CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2023-26856 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2023-26855 (The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt v ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26854
@@ -7985,7 +7985,7 @@ CVE-2023-26791
CVE-2023-26790
RESERVED
CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2023-26788
RESERVED
CVE-2023-26787
@@ -8009,7 +8009,7 @@ CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization
CVE-2023-26778
RESERVED
CVE-2023-26777 (Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.1 ...)
- TODO: check
+ NOT-FOR-US: Uptima Kuma
CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a ...)
NOT-FOR-US: Monitorr
CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...)
@@ -8077,7 +8077,7 @@ CVE-2023-26752
CVE-2023-26751
RESERVED
CVE-2023-26750 (SQL injection vulnerability found in Yii Framework Yii 2 Framework bef ...)
- TODO: check
+ NOT-FOR-US: Yii 2
CVE-2023-26749
RESERVED
CVE-2023-26748
@@ -8111,7 +8111,7 @@ CVE-2023-26735
CVE-2023-26734
RESERVED
CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...)
- TODO: check
+ NOT-FOR-US: tinyTIFF
CVE-2023-26732
RESERVED
CVE-2023-26731
@@ -8193,7 +8193,7 @@ CVE-2023-26694
CVE-2023-26693
RESERVED
CVE-2023-26692 (ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Manage ...)
- TODO: check
+ NOT-FOR-US: ZCBS Zijper Collectie Beheer Systeem
CVE-2023-26691
RESERVED
CVE-2023-26690
@@ -8748,7 +8748,7 @@ CVE-2023-26495
CVE-2023-26494
RESERVED
CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
- TODO: check
+ NOT-FOR-US: Cocos Engine
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...)
@@ -9205,7 +9205,7 @@ CVE-2023-0969
CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...)
NOT-FOR-US: Watu Quiz plugin for WordPress
CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal user ...)
- TODO: check
+ NOT-FOR-US: Bhima
CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2023-0965
@@ -9221,7 +9221,7 @@ CVE-2023-0961 (A vulnerability was found in SourceCodester Music Gallery Site 1.
CVE-2023-0960 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...)
NOT-FOR-US: SeaCMS
CVE-2023-0959 (Bhima version 1.27.0 allows a remote attacker to update the privileges ...)
- TODO: check
+ NOT-FOR-US: Bhima
CVE-2023-0958
RESERVED
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
@@ -9301,7 +9301,7 @@ CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Managem
CVE-2023-0945 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Best POS Management System
CVE-2023-0944 (Bhima version 1.27.0 allows an authenticated attacker with regular use ...)
- TODO: check
+ NOT-FOR-US: Bhima
CVE-2023-0943 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Best POS Management System
CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...)
@@ -9756,7 +9756,7 @@ CVE-2023-26121
CVE-2023-26120
RESERVED
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
- TODO: check
+ NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (All versions of the package angular are vulnerable to Regular Expressi ...)
- angular.js <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
@@ -9769,7 +9769,7 @@ CVE-2023-26116 (All versions of the package angular are vulnerable to Regular Ex
CVE-2023-26115
RESERVED
CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
- TODO: check
+ NOT-FOR-US: Node code-server
CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
TODO: check
CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...)
@@ -10258,11 +10258,11 @@ CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ord
CVE-2023-25943
RESERVED
CVE-2023-25942 (Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled res ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25941 (Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of p ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link resolutio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25939
RESERVED
CVE-2023-25938
@@ -11592,7 +11592,7 @@ CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerde
CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
NOT-FOR-US: Answer
CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
- TODO: check
+ NOT-FOR-US: OrangeScrum
CVE-2023-0737
RESERVED
CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
@@ -11711,7 +11711,7 @@ CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat'
CVE-2023-25543
RESERVED
CVE-2023-25542 (Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an impr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25541
RESERVED
CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...)
@@ -11727,7 +11727,7 @@ CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive inf
CVE-2023-25535
RESERVED
CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Interactive Geo Maps plugin for WordPress
CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -12217,9 +12217,9 @@ CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild
CVE-2023-25357
RESERVED
CVE-2023-25356 (CoreDial sipXcom up to and including 21.04 is vulnerable to Improper N ...)
- TODO: check
+ NOT-FOR-US: CoreDial sipXcom
CVE-2023-25355 (CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure P ...)
- TODO: check
+ NOT-FOR-US: CoreDial sipXcom
CVE-2023-25354
RESERVED
CVE-2023-25353
@@ -12269,7 +12269,7 @@ CVE-2023-25332
CVE-2023-25331
RESERVED
CVE-2023-25330 (A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows rem ...)
- TODO: check
+ NOT-FOR-US: Mybatis
CVE-2023-25329
RESERVED
CVE-2023-25328
@@ -12319,11 +12319,11 @@ CVE-2023-25307
CVE-2023-25306
RESERVED
CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mr ...)
- TODO: check
+ NOT-FOR-US: PolyMC Launcher
CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...)
NOT-FOR-US: Prism Launcher
CVE-2023-25303 (ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpa ...)
- TODO: check
+ NOT-FOR-US: ATLauncher
CVE-2023-25302
RESERVED
CVE-2023-25301
@@ -12659,7 +12659,7 @@ CVE-2023-0672
CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. ...)
- froxlor <itp> (bug #581792)
CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an atta ...)
- TODO: check
+ NOT-FOR-US: ULearn
CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
NOT-FOR-US: Fortra GoAnywhere MFT
CVE-2023-0668
@@ -13817,7 +13817,7 @@ CVE-2023-24749
CVE-2023-24748
RESERVED
CVE-2023-24747 (Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Jfinal CMS
CVE-2023-24746
RESERVED
CVE-2023-24745
@@ -13871,7 +13871,7 @@ CVE-2023-24722
CVE-2023-24721
RESERVED
CVE-2023-24720 (An arbitrary file upload vulnerability in readium-js v0.32.0 allows at ...)
- TODO: check
+ NOT-FOR-US: readium-js
CVE-2023-24719
RESERVED
CVE-2023-24718
@@ -14650,7 +14650,7 @@ CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/p
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
- TODO: check
+ NOT-FOR-US: VitalPBX
CVE-2023-0485
RESERVED
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg B ...)
@@ -14668,7 +14668,7 @@ CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the Dat
CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.creat ...)
NOT-FOR-US: Quarkus
CVE-2023-0480 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
- TODO: check
+ NOT-FOR-US: VitalPBX
CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...)
{DSA-5367-1 DLA-3347-1}
- spip 4.1.8+dfsg-1
@@ -15917,9 +15917,9 @@ CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company B
CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23982 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23981 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23980
RESERVED
CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fde9fb24072e0a23d951ff893c0d1031b10a74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55fde9fb24072e0a23d951ff893c0d1031b10a74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230406/da40323f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list