[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Aug 28 09:31:22 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad2aa325 by Moritz Muehlenhoff at 2023-08-28T10:31:00+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
- TODO: check
+ NOT-FOR-US: Omeka S
CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...)
- TODO: check
+ NOT-FOR-US: Omeka S
CVE-2023-4559 (A vulnerability, which was classified as critical, has been found in B ...)
- TODO: check
+ NOT-FOR-US: Bettershop LaikeTui
CVE-2023-4558 (A vulnerability classified as critical was found in SourceCodester Inv ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-4557 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-40195 (Deserialization of Untrusted Data, Inclusion of Functionality from Unt ...)
- TODO: check
+ NOT-FOR-US: Apache Airflow Spark Provider
CVE-2023-38730 (IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38030 (Saho\u2019s attendance devices ADM100 and ADM-100FP have a vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Saho
CVE-2023-38029 (Saho\u2019s attendance devices ADM100 and ADM-100FP has insufficient f ...)
- TODO: check
+ NOT-FOR-US: Saho
CVE-2023-38028 (Saho\u2019s attendance devices ADM100 and ADM-100FP have insufficient ...)
- TODO: check
+ NOT-FOR-US: Saho
CVE-2023-38027 (SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vu ...)
- TODO: check
+ NOT-FOR-US: SpotCam
CVE-2023-38026 (SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-code ...)
- TODO: check
+ NOT-FOR-US: SpotCam
CVE-2023-38025 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...)
- TODO: check
+ NOT-FOR-US: SpotCam
CVE-2023-38024 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...)
- TODO: check
+ NOT-FOR-US: SpotCam
CVE-2023-33852 (IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-15035 (A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified ...)
- TODO: check
+ NOT-FOR-US: Doc2k RE-Chat
CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory Management ...)
@@ -69,11 +69,11 @@ CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal
CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)
NOT-FOR-US: OWASP Coraza WAF
CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...)
- TODO: check
+ NOT-FOR-US: ironic-image container image
CVE-2023-40583 (libp2p is a networking stack and library modularized out of The IPFS P ...)
NOT-FOR-US: go-libp2p
CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic vulnerabilities. V ...)
- TODO: check
+ NOT-FOR-US: weblogic-framework
CVE-2023-40166 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
NOT-FOR-US: Notepad++
CVE-2023-40164 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
@@ -119,7 +119,7 @@ CVE-2023-41249 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possibl
CVE-2023-41248 (In JetBrains TeamCity before 2023.05.3 stored XSS was possible during ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2023-41173 (AdGuard DNS before 2.2 allows remote attackers to cause a denial of se ...)
- TODO: check
+ NOT-FOR-US: AdGuard
CVE-2023-41167 (@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by c ...)
NOT-FOR-US: Webiny
CVE-2023-40915 (Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detec ...)
@@ -484,7 +484,7 @@ CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a path
NOTE: Backport for 3.12: https://github.com/python/cpython/pull/107981
NOTE: Backport for 3.11: https://github.com/python/cpython/pull/107982
CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x befor ...)
- TODO: check
+ NOT-FOR-US: libvmod-digest
CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) ex ...)
NOT-FOR-US: TYPO3 extension
CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsC ...)
@@ -16288,11 +16288,11 @@ CVE-2023-30439
CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM Power9 and Po ...)
NOT-FOR-US: IBM
CVE-2023-30437 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-30436 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-30435 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cro ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...)
NOT-FOR-US: IBM
CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...)
@@ -28660,11 +28660,11 @@ CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Thi
CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...)
NOT-FOR-US: IBM
CVE-2023-26272 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26271 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26270 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...)
NOT-FOR-US: Apache James
CVE-2023-26268 (Design documents with matching document IDs, from databases on the sam ...)
@@ -32828,7 +32828,7 @@ CVE-2023-24961
CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
NOT-FOR-US: IBM
CVE-2023-24959 (IBM InfoSphere Information Systems 11.7 could expose information about ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...)
NOT-FOR-US: IBM
CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
@@ -37374,7 +37374,7 @@ CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-si
CVE-2023-23474
RESERVED
CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-23472
RESERVED
CVE-2023-23471
@@ -39302,7 +39302,7 @@ CVE-2023-22879
CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials in plai ...)
NOT-FOR-US: IBM
CVE-2023-22877 (IBM InfoSphere Information Server 11.7 is potentially vulnerable to CS ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
NOT-FOR-US: IBM
CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...)
@@ -58303,17 +58303,17 @@ CVE-2022-43911
CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their ...)
NOT-FOR-US: IBM
CVE-2022-43909 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause ...)
NOT-FOR-US: IBM
CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43906
RESERVED
CVE-2022-43905
RESERVED
CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43903
RESERVED
CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2aa3250959efd4cb1e63e15a81d7172ee48c09
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2aa3250959efd4cb1e63e15a81d7172ee48c09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230828/ed2f0c82/attachment.htm>
More information about the debian-security-tracker-commits
mailing list