[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Apr 10 13:18:47 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f22923d by Moritz Muehlenhoff at 2023-04-10T14:16:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34,7 +34,7 @@ CVE-2018-25084
CVE-2023-30451
RESERVED
CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...)
- TODO: check
+ NOT-FOR-US: Redpanda
CVE-2023-30449
RESERVED
CVE-2023-30448
@@ -78,13 +78,13 @@ CVE-2023-30430
CVE-2015-10100
RESERVED
CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...)
- TODO: check
+ NOT-FOR-US: Dart http_server
CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...)
- TODO: check
+ NOT-FOR-US: BestWebSoft
CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Button up ...)
- TODO: check
+ NOT-FOR-US: BestWebSoft
CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...)
- TODO: check
+ NOT-FOR-US: Turante Sandbox Theme
CVE-2023-30429
RESERVED
CVE-2023-30428
@@ -1926,9 +1926,9 @@ CVE-2023-1943
CVE-2015-10099
RESERVED
CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29530
RESERVED
CVE-2023-29529
@@ -2237,9 +2237,9 @@ CVE-2023-1906
CVE-2023-1905
RESERVED
CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6. It h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html]
- rust-spin <unfixed>
[bullseye] - rust-spin <not-affected> (Introduced in 0.9.3)
@@ -3526,7 +3526,7 @@ CVE-2023-29010 (Budibase is a low code platform for creating internal tools, wor
CVE-2023-29009
RESERVED
CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
- TODO: check
+ NOT-FOR-US: SvelteKit
CVE-2023-29007
RESERVED
CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...)
@@ -7885,13 +7885,13 @@ CVE-2023-27732
CVE-2023-27731
RESERVED
CVE-2023-27730 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2023-27729 (Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2023-27728 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2023-27727 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2023-27726
RESERVED
CVE-2023-27725
@@ -7905,11 +7905,11 @@ CVE-2023-27722
CVE-2023-27721
RESERVED
CVE-2023-27720 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-27719 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-27717
RESERVED
CVE-2023-27716
@@ -10192,13 +10192,13 @@ CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a comm
CVE-2023-26821
RESERVED
CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: siteproxy
CVE-2023-26819
RESERVED
CVE-2023-26818
RESERVED
CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...)
- TODO: check
+ NOT-FOR-US: codefever
CVE-2023-26816
RESERVED
CVE-2023-26815
@@ -12023,7 +12023,7 @@ CVE-2023-26122
CVE-2023-26121
RESERVED
CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...)
- TODO: check
+ NOT-FOR-US: com.xuxueli:xxl-job
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
CVE-2023-26118 (All versions of the package angular are vulnerable to Regular Expressi ...)
@@ -13041,7 +13041,7 @@ CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1,
NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27)
NOTE: Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2)
CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...)
- TODO: check
+ NOT-FOR-US: Node markdown-pdf
CVE-2023-0834
RESERVED
CVE-2023-25181
@@ -13572,7 +13572,7 @@ CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository mo
CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...)
NOT-FOR-US: Baicells
CVE-2023-0775 (An invalid ‘prepare write request’ command can cause the B ...)
- TODO: check
+ NOT-FOR-US: GSDK
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
NOT-FOR-US: SourceCodester Medical Certificate Generator App
CVE-2023-0773
@@ -14514,9 +14514,9 @@ CVE-2023-25347
CVE-2023-25346
RESERVED
CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...)
- TODO: check
+ NOT-FOR-US: swig-templates
CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...)
- TODO: check
+ NOT-FOR-US: swig-templates
CVE-2023-25343
RESERVED
CVE-2023-25342
@@ -17242,7 +17242,7 @@ CVE-2023-24404
CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24401
RESERVED
CVE-2023-24400
@@ -17250,7 +17250,7 @@ CVE-2023-24400
CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24397
RESERVED
CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
@@ -18189,7 +18189,7 @@ CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23995
RESERVED
CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23993
RESERVED
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...)
@@ -18511,7 +18511,7 @@ CVE-2023-23887
CVE-2023-23886
RESERVED
CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23884
RESERVED
CVE-2023-23883
@@ -18741,7 +18741,7 @@ CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Rea
CVE-2023-23800
RESERVED
CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23798
RESERVED
CVE-2023-23797
@@ -18909,9 +18909,9 @@ CVE-2023-23764
CVE-2023-23763
RESERVED
CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23759
@@ -19445,7 +19445,7 @@ CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been
CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
NOT-FOR-US: GitLab DAST API scanner
CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker to expl ...)
- TODO: check
+ NOT-FOR-US: Uvdesk
CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -19885,7 +19885,7 @@ CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...)
- TODO: check
+ NOT-FOR-US: Uvdesk
CVE-2023-0264
RESERVED
NOT-FOR-US: Keycloak
@@ -22689,7 +22689,7 @@ CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid w
CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...)
NOT-FOR-US: OpenHarmony
CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream parser functi ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...)
NOT-FOR-US: Keycloak
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
@@ -24836,9 +24836,9 @@ CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in des
CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...)
NOT-FOR-US: text_helpers gem
CVE-2022-47925 (The validate JSON endpoint of the Secvisogram csaf-validator-service i ...)
- TODO: check
+ NOT-FOR-US: csaf-validator-service
CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the validate ...)
- TODO: check
+ NOT-FOR-US: csaf-validator-service
CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
@@ -25062,7 +25062,7 @@ CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request for
CVE-2022-47871
RESERVED
CVE-2022-47870 (A Cross Site Scripting (XSS) vulnerability in the web SQL monitor logi ...)
- TODO: check
+ NOT-FOR-US: Redgate SQL Monitor
CVE-2022-47869
RESERVED
CVE-2022-47868
@@ -29387,7 +29387,7 @@ CVE-2022-46783
CVE-2022-46782
RESERVED
CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
- TODO: check
+ NOT-FOR-US: Arm Mali GPU Kernel Driver
CVE-2022-46780
RESERVED
CVE-2022-46779
@@ -30483,7 +30483,7 @@ CVE-2022-46389
CVE-2022-46388
RESERVED
CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...)
- TODO: check
+ NOT-FOR-US: ConEmu
CVE-2022-46386
RESERVED
CVE-2022-46385
@@ -30517,7 +30517,7 @@ CVE-2022-4272 (A vulnerability, which was classified as critical, has been found
CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...)
NOT-FOR-US: WellinTech KingHistorian
CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena function ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-46378
@@ -31111,7 +31111,7 @@ CVE-2022-44453
CVE-2022-44451
RESERVED
CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...)
NOT-FOR-US: WellinTech KingHistorian
CVE-2022-43503
@@ -32845,7 +32845,7 @@ CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulner
CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
NOT-FOR-US: Joplin Desktop App
CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. ...)
- TODO: check
+ NOT-FOR-US: ComponentSpace.Saml2
CVE-2022-45596
RESERVED
CVE-2022-45595
@@ -36994,7 +36994,7 @@ CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been rated
CVE-2020-36608 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Tribal Systems Zenario CMS
CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2023-20902
RESERVED
CVE-2023-20901
@@ -37086,7 +37086,7 @@ CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25
NOTE: https://spring.io/security/cve-2023-20860
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
- TODO: check
+ NOT-FOR-US: Spring Vault
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
NOT-FOR-US: VMware
CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...)
@@ -39209,9 +39209,9 @@ CVE-2023-20561
CVE-2023-20560
RESERVED
CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a privi ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20557
RESERVED
CVE-2023-20556
@@ -41263,7 +41263,7 @@ CVE-2022-43611 (This vulnerability allows remote attackers to disclose sensitive
CVE-2022-43610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: IronCAD
CVE-2022-43608 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: Canon
CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
@@ -42261,7 +42261,7 @@ CVE-2022-43311
CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released Foxit R ...)
NOT-FOR-US: Foxit Reader
CVE-2022-43309 (Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers ...)
NOT-FOR-US: INTELBRAS
CVE-2022-43307
@@ -55407,7 +55407,7 @@ CVE-2022-38084
CVE-2022-38083
RESERVED
CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...)
- TODO: check
+ NOT-FOR-US: ADMesh
CVE-2022-38071
RESERVED
CVE-2022-37408
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f22923d3574db6421251fa3e54e8b0a9a5e876a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f22923d3574db6421251fa3e54e8b0a9a5e876a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/55c50bb9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list