[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 15 14:54:31 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8911f33 by Moritz Muehlenhoff at 2023-12-15T15:51:02+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,43 +3,43 @@ CVE-2023-46279
CVE-2023-49898
NOT-FOR-US: Apache StreamPark
CVE-2023-6832 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2023-6831 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-6827 (The Essential Real Estate plugin for WordPress is vulnerable to arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6826 (The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50715 (Home Assistant is open source home automation software. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: Home assistant
CVE-2023-4489 (The first S0 encryption key is generated with an uninitialized PRNG in ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2023-48379 (Softnext Mail SQR Expert is an email management platform, it has inade ...)
- TODO: check
+ NOT-FOR-US: Softnext Mail SQR Expert
CVE-2023-48378 (Softnext Mail SQR Expert has a path traversal vulnerability within its ...)
- TODO: check
+ NOT-FOR-US: Softnext Mail SQR Expert
CVE-2023-48376 (SmartStar Software CWS is a web-based integration platform, its file u ...)
- TODO: check
+ NOT-FOR-US: SmartStar Software CWS
CVE-2023-48375 (SmartStar Software CWS is a web-based integration platform, it has a v ...)
- TODO: check
+ NOT-FOR-US: SmartStar Software CWS
CVE-2023-48374 (SmartStar Software CWS is a web-base integration platform, it has a vu ...)
- TODO: check
+ NOT-FOR-US: SmartStar Software CWS
CVE-2023-48373 (ITPison OMICARD EDM has a path traversal vulnerability within its para ...)
- TODO: check
+ NOT-FOR-US: ITPison OMICARD EDM
CVE-2023-48372 (ITPison OMICARD EDM 's SMS-related function has insufficient validatio ...)
- TODO: check
+ NOT-FOR-US: ITPison OMICARD EDM
CVE-2023-48371 (ITPison OMICARD EDM\u2019s file uploading function does not restrict u ...)
- TODO: check
+ NOT-FOR-US: ITPison OMICARD EDM
CVE-2023-48050 (SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biom ...)
- TODO: check
+ NOT-FOR-US: Cams Biometrics Zkteco
CVE-2023-48049 (A SQL injection vulnerability in Cybrosys Techno Solutions Website Blo ...)
- TODO: check
+ NOT-FOR-US: Cybrosys Techno Solutions
CVE-2023-42183 (lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post- ...)
- TODO: check
+ NOT-FOR-US: Classic LOCKSS Daemon
CVE-2023-40954 (A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress ...)
- TODO: check
+ NOT-FOR-US: Grzegorz Marczynski Dynamic Progress Bar
CVE-2023-36878 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
NOT-FOR-US: WhatsUp Gold
CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
@@ -49,7 +49,7 @@ CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
NOT-FOR-US: kubeflow
CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
- TODO: check
+ NOT-FOR-US: h2oai/h2o-3
CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...)
NOT-FOR-US: Keycloak
CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...)
@@ -71,7 +71,7 @@ CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX
CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...)
NOT-FOR-US: Speckle Server
CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...)
NOT-FOR-US: EyouCMS
CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...)
@@ -234,7 +234,7 @@ CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerab
CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
NOT-FOR-US: PHOENIX
CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...)
NOT-FOR-US: IBM
CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...)
@@ -252,11 +252,11 @@ CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25
CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
NOT-FOR-US: Dell
CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...)
- TODO: check
+ NOT-FOR-US: Moonlight-common-c
CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...)
- TODO: check
+ NOT-FOR-US: Moonlight-common-c
CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...)
- TODO: check
+ NOT-FOR-US: Moonlight-common-c
CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...)
NOT-FOR-US: OPC UA C++ SDK
CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...)
@@ -336,7 +336,7 @@ CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability
CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...)
NOT-FOR-US: Schneider Electric
CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...)
- TODO: check
+ NOT-FOR-US: Cube
CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...)
NOT-FOR-US: PRIMX
CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...)
@@ -508,9 +508,9 @@ CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an
CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...)
NOT-FOR-US: Repox
CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...)
NOT-FOR-US: Newsletter Software SuperMailer
CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...)
@@ -45514,7 +45514,7 @@ CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 al
CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...)
NOT-FOR-US: quectel
CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.)
- TODO: check
+ NOT-FOR-US: fast-xml-parser
CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
NOT-FOR-US: delight-nashorn-sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
@@ -56011,7 +56011,7 @@ CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulne
CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...)
NOT-FOR-US: Delta Electronics
CVE-2023-0248 (An attacker with physical access to the Kantech Gen1 ioSmart card read ...)
- TODO: check
+ NOT-FOR-US: Kantech
CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...)
NOT-FOR-US: bits-and-blooms/bloom
CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...)
@@ -507822,7 +507822,7 @@ CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1.
NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
CVE-2015-2179 (The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to di ...)
- TODO: check
+ NOT-FOR-US: xaviershay-dm-rails
CVE-2015-2178
REJECTED
CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a d ...)
@@ -551907,7 +551907,7 @@ CVE-2013-2515
CVE-2013-2514
RESERVED
CVE-2013-2513 (The flash_tool gem through 0.6.0 for Ruby allows command execution via ...)
- TODO: check
+ NOT-FOR-US: Ruby flash_tool gem
CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
NOT-FOR-US: Ruby ftpd gem
CVE-2013-2511
@@ -605604,7 +605604,7 @@ CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in stri
- ruby1.8 <not-affected>
NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
CVE-2009-4123 (The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate ...)
- TODO: check
+ NOT-FOR-US: jruby-openssl gem
CVE-2009-4122
RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CM ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8911f33ea584636904f04f899aaf3524a21d74f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8911f33ea584636904f04f899aaf3524a21d74f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231215/00321959/attachment.htm>
More information about the debian-security-tracker-commits
mailing list