[Git][security-tracker-team/security-tracker][master] Process one NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 17 21:59:14 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ca78786 by Salvatore Bonaccorso at 2023-08-17T22:58:44+02:00
Process one NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,9 +20,9 @@ CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch project
CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library) hosting ser ...)
TODO: check
CVE-2023-3698 (Printer service fails to adequately handle user input, allowing an rem ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR
CVE-2023-3697 (Printer service fails to adequately handle user input, allowing an rem ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR
CVE-2023-3078 (An uncontrolled search path vulnerability was reported in the Lenovo U ...)
NOT-FOR-US: Lenovo
CVE-2023-39974 (Exposure of Sensitive Information vulnerability in AcyMailing Enterpri ...)
@@ -50,13 +50,13 @@ CVE-2023-38838 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a r
CVE-2023-37914 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2023-36847 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-36846 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-36845 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2 and earlie ...)
TODO: check
CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility driver in so ...)
@@ -96,19 +96,19 @@ CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and cla
CVE-2023-40281 (EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerabili ...)
NOT-FOR-US: EC-CUBE
CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Genians
CVE-2023-40251 (Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Ge ...)
- TODO: check
+ NOT-FOR-US: Genians
CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...)
TODO: check
CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...)
- TODO: check
+ NOT-FOR-US: Flarum
CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...)
- TODO: check
+ NOT-FOR-US: Oppia
CVE-2023-3244 (The Comments Like Dislike plugin for WordPress is vulnerable to unauth ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39846 (An issue in Konga v0.14.9 allows attackers to bypass authentication vi ...)
- TODO: check
+ NOT-FOR-US: Konga
CVE-2023-38894 (A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before all ...)
TODO: check
CVE-2023-35893 (IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote ...)
@@ -13009,7 +13009,7 @@ CVE-2023-31093
CVE-2023-31092
RESERVED
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31090
RESERVED
CVE-2023-31089
@@ -13042,23 +13042,23 @@ CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidt
CVE-2023-31080
RESERVED
CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31078
RESERVED
CVE-2023-31077
RESERVED
CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31075
RESERVED
CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31073
RESERVED
CVE-2023-31072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31070
RESERVED
CVE-2023-31069
@@ -13594,19 +13594,19 @@ CVE-2023-30879
CVE-2023-30878
RESERVED
CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30875
RESERVED
CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30873
RESERVED
CVE-2023-30872
RESERVED
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30870
RESERVED
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
@@ -13967,23 +13967,23 @@ CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker t
CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
NOT-FOR-US: MonicaHQ
CVE-2023-30786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30783
RESERVED
CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30781
RESERVED
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
@@ -14178,7 +14178,7 @@ CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-30748
RESERVED
CVE-2023-30747 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...)
@@ -15074,7 +15074,7 @@ CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP
CVE-2023-30499
RESERVED
CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2023-30497
RESERVED
CVE-2023-30496
@@ -15124,7 +15124,7 @@ CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in El
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2023-30472
RESERVED
CVE-2023-30471
@@ -18819,7 +18819,7 @@ CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2023-29096
RESERVED
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...)
@@ -19984,7 +19984,7 @@ CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress Plugin
CVE-2023-28782
RESERVED
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...)
@@ -20017,7 +20017,7 @@ CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI \u20
CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc.so\u2 ...)
NOT-FOR-US: Zyxel
CVE-2023-28768 (Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28767 (The configuration parser fails to sanitize user-controlled input in th ...)
NOT-FOR-US: Zyxel
CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...)
@@ -20565,7 +20565,7 @@ CVE-2023-28624
CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topic-base ...)
NOT-FOR-US: Zulip
CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28621
RESERVED
CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
@@ -20888,11 +20888,11 @@ CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module i
CVE-2023-28536
RESERVED
CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28532
RESERVED
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
@@ -21145,15 +21145,15 @@ CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas
NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4)
CVE-2023-28483 (An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query ...)
- TODO: check
+ NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28482 (An issue was discovered in Tigergraph Enterprise 3.7.0. A single Tiger ...)
- TODO: check
+ NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28481 (An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsec ...)
- TODO: check
+ NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28480 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...)
- TODO: check
+ NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28479 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...)
- TODO: check
+ NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
NOT-FOR-US: TP-Link
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
@@ -22576,7 +22576,7 @@ CVE-2023-28077
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
NOT-FOR-US: Dell
CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28074
RESERVED
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ca787868baa231e16c7683eb8060e9df63cca89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ca787868baa231e16c7683eb8060e9df63cca89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/4ffc9b74/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list