[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 19 16:24:31 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
689ceebd by Moritz Muehlenhoff at 2023-04-19T17:24:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28208,17 +28208,17 @@ CVE-2023-21999 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2023-21998 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21997 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21995
RESERVED
CVE-2023-21994
RESERVED
CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture product of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21991 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -28232,21 +28232,21 @@ CVE-2023-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2023-21986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
NOT-FOR-US: GraalVM
CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21983
RESERVED
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -28256,15 +28256,15 @@ CVE-2023-21975
CVE-2023-21974
RESERVED
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
TODO: check
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Suppo ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28276,9 +28276,9 @@ CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -28286,15 +28286,15 @@ CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21961
RESERVED
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21958
RESERVED
CVE-2023-21957
RESERVED
CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -28304,7 +28304,7 @@ CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21951
RESERVED
CVE-2023-21950
@@ -28312,7 +28312,7 @@ CVE-2023-21950
CVE-2023-21949
RESERVED
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -28320,13 +28320,13 @@ CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -28342,17 +28342,17 @@ CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28360,33 +28360,33 @@ CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21926 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21925 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21924 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21923 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1
CVE-2023-21916 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21915 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21914
RESERVED
CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -28396,23 +28396,23 @@ CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21908 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21907 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21906 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21905 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21904 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21903 (Vulnerability in the Oracle Banking Virtual Account Management product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21902 (Vulnerability in the Oracle Financial Services Behavior Detection Plat ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21901
RESERVED
CVE-2023-21900 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -28424,7 +28424,7 @@ CVE-2023-21898 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2023-21897
RESERVED
CVE-2023-21896 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21895
RESERVED
CVE-2023-21894 (Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Fr ...)
@@ -31651,7 +31651,7 @@ CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command i
CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...)
NOT-FOR-US: D-Link
CVE-2022-46640 (Nanoleaf Desktop App before v1.3.1 was discovered to contain a command ...)
- TODO: check
+ NOT-FOR-US: Nanoleaf
CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...)
NOT-FOR-US: Prestashop
CVE-2022-46638
@@ -32224,7 +32224,7 @@ CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to
CVE-2022-46390
RESERVED
CVE-2022-46389 (There exists a reflected XSS within the logout functionality of Servic ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2022-46388
RESERVED
CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...)
@@ -34019,13 +34019,13 @@ CVE-2022-45841
CVE-2022-45840
RESERVED
CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45837
RESERVED
CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45835
RESERVED
CVE-2022-45834
@@ -37267,7 +37267,7 @@ CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in All-In-On
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44735 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -38624,7 +38624,7 @@ CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W –
CVE-2022-44633
RESERVED
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44631
RESERVED
CVE-2022-44630
@@ -43879,11 +43879,11 @@ CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collabora
CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to deseriali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43378 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43377 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43376 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43375
RESERVED
CVE-2022-43374
@@ -67248,7 +67248,7 @@ CVE-2022-34757 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vuln
CVE-2022-34756 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
NOT-FOR-US: Schneider Electric
CVE-2022-34755 (A CWE-427 - Uncontrolled Search Path Element vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-34754 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
NOT-FOR-US: Schneider Electric
CVE-2022-34753 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...)
@@ -122690,11 +122690,11 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-def
CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy bec ...)
NOT-FOR-US: GoAhead Web Server
CVE-2021-41614 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41613 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41612 (An issue was discovered in the ALU unit of the OpenRISC mor1kx process ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...)
- squid 5.2-1
[bullseye] - squid <not-affected> (Vulnerable code introduced later)
@@ -125576,9 +125576,9 @@ CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input Durin
CVE-2021-40508
RESERVED
CVE-2021-40507 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...)
- TODO: check
+ NOT-FOR-US: OR1200
CVE-2021-40506 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...)
- TODO: check
+ NOT-FOR-US: OR1200
CVE-2021-40505
RESERVED
CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689ceebd3853cdc7a34bfd8da1e2c733983ab08c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689ceebd3853cdc7a34bfd8da1e2c733983ab08c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230419/7ced7519/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list