[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 29 13:30:02 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89f642d7 by Salvatore Bonaccorso at 2023-04-29T14:29:37+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It has been rated as cri
CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been decla ...)
NOT-FOR-US: Zhong Bang CRMEB
CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been classifi ...)
- TODO: check
+ NOT-FOR-US: Konga
CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 ...)
NOT-FOR-US: ks-soft Advanced Host Monitor
CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
@@ -118,7 +118,7 @@ CVE-2023-2363 (A vulnerability, which was classified as critical, has been found
CVE-2023-2361 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-2360 (Sensitive information disclosure due to CORS misconfiguration. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-2356 (Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
NOT-FOR-US: mlflow
CVE-2023-2355 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...)
@@ -1379,11 +1379,11 @@ CVE-2023-30860
CVE-2023-30859
RESERVED
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs. Starting in ...)
- TODO: check
+ NOT-FOR-US: Denosaurs emoji package
CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for JavaScr ...)
TODO: check
CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and pri ...)
- TODO: check
+ NOT-FOR-US: eDEX-UI
CVE-2023-30855
RESERVED
CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4, an OS ...)
@@ -1531,7 +1531,7 @@ CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa p
CVE-2023-2159
RESERVED
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...)
- TODO: check
+ NOT-FOR-US: Code Dx
CVE-2023-2157
RESERVED
CVE-2023-2156
@@ -6340,7 +6340,7 @@ CVE-2023-29058 (A valid, authenticated XCC user with read-only permissions can m
CVE-2023-29057 (A valid XCC user's local account permissions overrides their active di ...)
NOT-FOR-US: Lenovo
CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to read-onl ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-29055
RESERVED
CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
@@ -7786,7 +7786,7 @@ CVE-2023-1528 (Use after free in Passwords in Google Chrome prior to 111.0.5563.
CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
NOT-FOR-US: Corebos
CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have risk o ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1525
RESERVED
CVE-2023-1524
@@ -8417,19 +8417,19 @@ CVE-2023-28479
CVE-2023-28478
RESERVED
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28475 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28474 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28473 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to possib ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28472 (Concrete CMS (previously concrete5) before 9.2 does not have Secure an ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...)
NOT-FOR-US: Couchbase Server
CVE-2023-28469
@@ -9072,7 +9072,7 @@ CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
CVE-2023-28287
RESERVED
CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
@@ -9122,7 +9122,7 @@ CVE-2023-28263 (Visual Studio Information Disclosure Vulnerability)
CVE-2023-28262 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28261 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft .NET
CVE-2023-28259
@@ -10103,11 +10103,11 @@ CVE-2023-27975
CVE-2023-27974 (Bitwarden through 2023.2.1 offers password auto-fill when the second-l ...)
NOT-FOR-US: Bitwarden
CVE-2023-27973 (Certain HP LaserJet Pro print products are potentially vulnerable to H ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-27972 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-27971 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1284
RESERVED
CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0.)
@@ -13300,9 +13300,9 @@ CVE-2023-26815
CVE-2023-26814
RESERVED
CVE-2023-26813 (SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictiona ...)
- TODO: check
+ NOT-FOR-US: wangmarket CMS
CVE-2023-26812 (Command execution vulnerability in the ActionEnter Class ins jfinal CM ...)
- TODO: check
+ NOT-FOR-US: jfinal CMS
CVE-2023-26811
RESERVED
CVE-2023-26810
@@ -13362,9 +13362,9 @@ CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine v.1.
CVE-2023-26783
RESERVED
CVE-2023-26782 (An issue discovered in mccms 2.6.1 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-26781 (SQL injection vulnerability in mccms 2.6 allows remote attackers to ru ...)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.)
NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which ...)
@@ -16190,7 +16190,7 @@ CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1,
CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...)
NOT-FOR-US: Node markdown-pdf
CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
- TODO: check
+ NOT-FOR-US: HYPR Workforce Access on MacOS
CVE-2023-25181
RESERVED
CVE-2023-0833
@@ -17352,9 +17352,9 @@ CVE-2023-25498
CVE-2023-25497
RESERVED
CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo Drivers Ma ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25495 (A valid, authenticated administrative user can query a web interface A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25494
RESERVED
CVE-2023-25493
@@ -17470,7 +17470,7 @@ CVE-2023-25439
CVE-2023-25438
RESERVED
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...)
- TODO: check
+ NOT-FOR-US: vTech
CVE-2023-25436
RESERVED
CVE-2023-25435
@@ -20780,7 +20780,7 @@ CVE-2023-24271
CVE-2023-24270
RESERVED
CVE-2023-24269 (An arbitrary file upload vulnerability in the plugin upload function o ...)
- TODO: check
+ NOT-FOR-US: Textpattern plugin
CVE-2023-24268
RESERVED
CVE-2023-24267
@@ -30998,7 +30998,7 @@ CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability)
CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21712 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21711
RESERVED
CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability)
@@ -50887,13 +50887,13 @@ CVE-2022-41402
CVE-2022-41401
RESERVED
CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encryp ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version 2022 use ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41398 (The optional Global Search feature for Sage 300 through version 2022 u ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41397 (The optional Web Screens and Global Search features for Sage 300 throu ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41396 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
NOT-FOR-US: Tenda
CVE-2022-41395 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...)
@@ -57782,7 +57782,7 @@ CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was f
[bullseye] - linux 5.10.148-1
NOTE: https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
CVE-2022-38730 (Docker Desktop for Windows before 4.6 allows attackers to overwrite an ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-38729
RESERVED
CVE-2022-38728
@@ -58240,7 +58240,7 @@ CVE-2022-38585
CVE-2022-38584
RESERVED
CVE-2022-38583 (On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of Watchdo ...)
NOT-FOR-US: Watchdog Antivirus
CVE-2022-38581
@@ -61783,7 +61783,7 @@ CVE-2022-37341
CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...)
NOT-FOR-US: Intel
CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to delete (or ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
{DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
@@ -70238,7 +70238,7 @@ CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial o
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
CVE-2022-34292 (Docker Desktop for Windows before 4.6.0 allows attackers to overwrite ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...)
NOT-FOR-US: Siemens
CVE-2022-34290 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...)
@@ -77272,7 +77272,7 @@ CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensiti
CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...)
NOT-FOR-US: Talend Administration Center
CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-31646
RESERVED
CVE-2022-31645
@@ -77280,7 +77280,7 @@ CVE-2022-31645
CVE-2022-31644
RESERVED
CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31642
RESERVED
CVE-2022-31641
@@ -96718,7 +96718,7 @@ CVE-2022-25093
CVE-2022-25092
RESERVED
CVE-2022-25091 (Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow a ...)
- TODO: check
+ NOT-FOR-US: Infopop Ultimate Bulletin Board
CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 creates a tem ...)
NOT-FOR-US: Printix Secure Cloud Print Management
CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...)
@@ -201534,7 +201534,7 @@ CVE-2020-23649
CVE-2020-23648 (Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulne ...)
NOT-FOR-US: Asus
CVE-2020-23647 (Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4 ...)
- TODO: check
+ NOT-FOR-US: BoxBilling
CVE-2020-23646
RESERVED
CVE-2020-23645
@@ -205872,7 +205872,7 @@ CVE-2020-21645
CVE-2020-21644
RESERVED
CVE-2020-21643 (Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attacke ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...)
NOT-FOR-US: ManageEngine Analytics Plus
CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f642d7767437cac543e32babaab58473e85c1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f642d7767437cac543e32babaab58473e85c1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/ae6db473/attachment.htm>
More information about the debian-security-tracker-commits
mailing list