[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 20 21:23:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6371ee77 by Salvatore Bonaccorso at 2023-04-20T22:22:20+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -484,7 +484,7 @@ CVE-2023-2114
CVE-2023-2113
RESERVED
CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-2111
RESERVED
CVE-2023-2110
@@ -2350,7 +2350,7 @@ CVE-2023-30078
CVE-2023-30077
RESERVED
CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Judging Management System
CVE-2023-30075
RESERVED
CVE-2023-30074
@@ -2650,7 +2650,7 @@ CVE-2023-29928
CVE-2023-29927
RESERVED
CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...)
- TODO: check
+ NOT-FOR-US: PowerJob
CVE-2023-29925
RESERVED
CVE-2023-29924
@@ -3594,7 +3594,7 @@ CVE-2023-29530
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
NOT-FOR-US: matrix-js-sdk
CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-29527 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2023-29526 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -4951,7 +4951,7 @@ CVE-2023-1769 (A vulnerability, which was classified as problematic, was found i
CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= ...)
- check-mk <removed>
CVE-2023-1767 (The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Snyk Advisor website
CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Akbim Computer Panon
CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -9785,7 +9785,7 @@ CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an atta
CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
NOT-FOR-US: WHO
CVE-2023-27652 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...)
- TODO: check
+ NOT-FOR-US: Ego Studio SuperClean
CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...)
NOT-FOR-US: Ego Studio SuperClean
CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...)
@@ -10723,9 +10723,9 @@ CVE-2023-27353
CVE-2023-27352
RESERVED
CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: PaperCut
CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: PaperCut
CVE-2023-27349
RESERVED
CVE-2023-27348
@@ -15611,7 +15611,7 @@ CVE-2023-25603
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
NOT-FOR-US: FortiGuard
CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...)
- TODO: check
+ NOT-FOR-US: Apache DolphinScheduler
CVE-2023-0753
RESERVED
CVE-2023-0752
@@ -19148,15 +19148,15 @@ CVE-2023-24373
CVE-2023-24372
RESERVED
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
- TODO: check
+ NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
- TODO: check
+ NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22354 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
- TODO: check
+ NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22321 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
- TODO: check
+ NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22295 (Datakit CrossCadWare_x64.dll contains an out of bounds read past the e ...)
- TODO: check
+ NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-0452 (All versions of Econolite EOS traffic control software are vulnerable ...)
NOT-FOR-US: Econolite EOS traffic control software
CVE-2023-0451 (All versions of Econolite EOS traffic control software are vulnerable ...)
@@ -20223,7 +20223,7 @@ CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart c
CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...)
NOT-FOR-US: Azure/setup-kubectl
CVE-2023-23938 (Tuleap is a Free & Source tool for end to end traceability of appl ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
NOT-FOR-US: Pimcore
CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...)
@@ -20674,9 +20674,9 @@ CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access t
CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: Custom 404 Pro plugin for WordPress
CVE-2023-0384 (User-controlled operations could have allowed Denial of Service in M-F ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-0383 (User-controlled operations could have allowed Denial of Service in M-F ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-0382 (User-controlled operations could have allowed Denial of Service in M-F ...)
NOT-FOR-US: M-Files Server
CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...)
@@ -81000,7 +81000,7 @@ CVE-2022-29946
CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypted info ...)
NOT-FOR-US: DJI drone devices
CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29943 (Talend Administration Center has a vulnerability that allows an authen ...)
NOT-FOR-US: Talend Administration Center
CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an authen ...)
@@ -82062,17 +82062,17 @@ CVE-2022-29611 (SAP NetWeaver Application Server for ABAP and ABAP Platform do n
CVE-2022-29610 (SAP NetWeaver Application Server ABAP allows an authenticated attacker ...)
NOT-FOR-US: SAP
CVE-2022-29609 (An issue was discovered in ONOS 2.5.1. An intent with the same source ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29608 (An issue was discovered in ONOS 2.5.1. An intent with a port that is a ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29607 (An issue was discovered in ONOS 2.5.1. Modification of an existing int ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29606 (An issue was discovered in ONOS 2.5.1. An intent with a large port num ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29605 (An issue was discovered in ONOS 2.5.1. IntentManager attempts to insta ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29604 (An issue was discovered in ONOS 2.5.1. An intent with an uppercase let ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS UniverSIS-API throug ...)
NOT-FOR-US: UniverSIS
CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1, 8.x thro ...)
@@ -98592,7 +98592,7 @@ CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfol
CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...)
NOT-FOR-US: Kiteworks managed file transfer
CVE-2022-24109 (An issue was discovered in ONOS 2.5.1. To attack an intent installed b ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...)
NOT-FOR-US: OpenCart plugin
CVE-2022-24107 (Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. ...)
@@ -98828,7 +98828,7 @@ CVE-2021-4216 (A Floating point exception (division-by-zero) flaw was found in M
NOTE: https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf (1.20.0-rc1)
NOTE: Negligible security impact, crash in CLI tool
CVE-2022-24035 (An issue was discovered in ONOS 2.5.1. The purge-requested intent rema ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2022-24034
RESERVED
CVE-2022-24033
@@ -131060,9 +131060,9 @@ CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sy
- opensysusers 0.6-3 (bug #992058)
[bullseye] - opensysusers <no-dsa> (Minor issue; if fixed upstream address via point release)
CVE-2021-38364 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2021-38363 (An issue was discovered in ONOS 2.5.1. In IntentManager, the install-r ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2021-38362 (In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker ...)
NOT-FOR-US: RSA Archer
CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6371ee779a3f3ef3e332cb6843e0c6569229ef04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6371ee779a3f3ef3e332cb6843e0c6569229ef04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230420/0fd90847/attachment.htm>
More information about the debian-security-tracker-commits
mailing list