[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 20 10:48:48 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd21c2e7 by Moritz Muehlenhoff at 2023-04-20T11:48:24+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-30897
CVE-2023-2192
RESERVED
CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...)
- TODO: check
+ NOT-FOR-US: azuracast
CVE-2023-2190
RESERVED
CVE-2023-2189
@@ -260,7 +260,7 @@ CVE-2023-30799
CVE-2023-30798
RESERVED
CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...)
- TODO: check
+ NOT-FOR-US: Netflix Lemur
CVE-2023-30796
RESERVED
CVE-2023-30795
@@ -326,7 +326,7 @@ CVE-2023-2140
CVE-2023-2139
RESERVED
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
- TODO: check
+ NOT-FOR-US: eslint-detailed-reporter
CVE-2022-48475
RESERVED
CVE-2022-48474
@@ -342,7 +342,7 @@ CVE-2022-48470
CVE-2022-48469
RESERVED
CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...)
- TODO: check
+ NOT-FOR-US: I Recommend This Plugin
CVE-2023-30794
RESERVED
CVE-2023-30793
@@ -858,15 +858,15 @@ CVE-2023-30616
CVE-2023-30615
RESERVED
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
- TODO: check
+ NOT-FOR-US: Pay (payments engine for Ruby on Rails)
CVE-2023-30613
RESERVED
CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
- TODO: check
+ NOT-FOR-US: Cloud hypervisor
CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
NOT-FOR-US: Discourse-reactions plugin
CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...)
- TODO: check
+ NOT-FOR-US: aws-sigv4
CVE-2023-30609
RESERVED
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...)
@@ -1517,7 +1517,7 @@ CVE-2023-1965
CVE-2023-30464
RESERVED
CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2023-30462
RESERVED
CVE-2023-30461
@@ -8311,11 +8311,11 @@ CVE-2023-28126
CVE-2023-28125
RESERVED
CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...)
- TODO: check
+ NOT-FOR-US: UI Desktop for Windows
CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...)
- TODO: check
+ NOT-FOR-US: UI Desktop for Windows
CVE-2023-28122 (A local privilege escalation (LPE) vulnerability in UI Desktop for Win ...)
- TODO: check
+ NOT-FOR-US: UI Desktop for Windows
CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28120
@@ -8484,7 +8484,7 @@ CVE-2023-28049
CVE-2023-28048
RESERVED
CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
NOT-FOR-US: Dell
CVE-2023-28045
@@ -21255,7 +21255,7 @@ CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions sta
CVE-2023-0318
RESERVED
CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateMa ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...)
NOT-FOR-US: Sisimai
CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified ...)
@@ -21875,7 +21875,7 @@ CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3
CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...)
NOT-FOR-US: SICK
CVE-2023-23451 (The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNE ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-23450
RESERVED
CVE-2023-23449
@@ -23533,9 +23533,9 @@ CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86
NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4)
CVE-2023-22894 (Strapi through 4.5.5 allows attackers (with access to the admin panel) ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-22893 (Strapi through 4.5.5 does not verify the access or ID tokens issued du ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...)
NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...)
@@ -24465,7 +24465,7 @@ CVE-2023-22647
CVE-2023-22646
RESERVED
CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
- TODO: check
+ NOT-FOR-US: kubewarden
CVE-2023-22644
RESERVED
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
@@ -24593,7 +24593,7 @@ CVE-2023-22623
CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...)
- wordpress <not-affected> (Not an issue for packaged WordPress)
CVE-2023-22621 (Strapi through 4.5.5 allows authenticated Server-Side Template Injecti ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
NOT-FOR-US: SecurePoint UTM
CVE-2023-22619
@@ -28346,7 +28346,7 @@ CVE-2023-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2023-21989 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21988 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- TODO: check
+ - virtualbox 7.0.8-dfsg-1
CVE-2023-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
@@ -31694,7 +31694,7 @@ CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not san
CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4308 (Plaintext Storage of a Password vulnerability in Secomea GateManager ( ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-4307 (The پلاگین پرد&# ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not s ...)
@@ -58288,7 +58288,7 @@ CVE-2022-38127
CVE-2022-38126
REJECTED
CVE-2022-38125 (Improper Restriction of Communication Channel to Intended Endpoints vu ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...)
NOT-FOR-US: Secomea
CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...)
@@ -62856,7 +62856,7 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau
CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...)
NOT-FOR-US: Octopus Server
CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render user s ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-2506
RESERVED
CVE-2022-36363 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
@@ -113639,7 +113639,7 @@ CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is
NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
NOTE: https://github.com/haiwen/seafile-server/pull/520
CVE-2021-43819 (Stargate-Bukkit is a mod for the minecraft video game which adds a por ...)
- TODO: check
+ NOT-FOR-US: Stargate-Bukkit
CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
{DSA-5043-1 DLA-2871-1}
- lxml 4.7.1-1 (bug #1001885)
@@ -141744,17 +141744,17 @@ CVE-2021-33977
CVE-2021-33976
RESERVED
CVE-2021-33975 (Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33974 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33973 (Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v1 ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33972 (Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 a ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33971 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33970 (Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows ...)
- TODO: check
+ NOT-FOR-US: Qihoo 360
CVE-2021-33969
RESERVED
CVE-2021-33968
@@ -156944,7 +156944,7 @@ CVE-2021-28256
CVE-2021-28255
RESERVED
CVE-2021-28254 (A deserialization vulnerability in the destruct() function of Laravel ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2021-28253
RESERVED
CVE-2021-28252
@@ -186766,33 +186766,33 @@ CVE-2021-0887 (In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of
CVE-2021-0886
RESERVED
CVE-2021-0885 (In PVRSRVBridgeSyncPrimOpTake of the PowerVR kernel driver, a missing ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0884 (In PVRSRVBridgePhysmemImportSparseDmaBuf of the PowerVR kernel driver, ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0883 (In PVRSRVBridgeCacheOpQueue of the PowerVR kernel driver, a missing si ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0882 (In PVRSRVBridgeRGXKickSync of the PowerVR kernel driver, a missing siz ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0881 (In PVRSRVBridgeRGXKickCDM of the PowerVR kernel driver, a missing size ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0880 (In PVRSRVBridgeRGXKickTA3D of the PowerVR kernel driver, a missing siz ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0879 (In PVRSRVBridgeRGXTDMSubmitTransfer of the PowerVR kernel driver, a mi ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0878 (In PVRSRVBridgeServerSyncGetStatus of the PowerVR kernel driver, a mis ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0877
RESERVED
CVE-2021-0876 (In PVRSRVBridgePhysmemNewRamBackedLockedPMR of the PowerVR kernel driv ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0875 (In PVRSRVBridgeChangeSparseMem of the PowerVR kernel driver, a missing ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0874 (In PVRSRVBridgeDevicememHistorySparseChange of the PowerVR kernel driv ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0873 (In PVRSRVBridgeRGXKickRS of the PowerVR kernel driver, a missing size ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0872 (In PVRSRVBridgeRGXKickVRDM of the PowerVR kernel driver, a missing siz ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies components for Android
CVE-2021-0871 (In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a mi ...)
NOT-FOR-US: Android
CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21c2e78971dd489f6d2f08185d52f7273c5009
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd21c2e78971dd489f6d2f08185d52f7273c5009
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230420/0665af73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list