[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 2 16:42:10 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6e7b381 by Moritz Muehlenhoff at 2023-02-02T17:41:30+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,11 +12,11 @@ CVE-2023-25017
CVE-2023-25016
RESERVED
CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
- TODO: check
+ NOT-FOR-US: Clockwork Web
CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
@@ -119,9 +119,9 @@ CVE-2023-24978
CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...)
NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress
CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
CVE-2023-0615
@@ -131,15 +131,15 @@ CVE-2023-0615
CVE-2023-0614
RESERVED
CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...)
NOT-FOR-US: Apache InLong
CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...)
@@ -469,7 +469,7 @@ CVE-2023-24834
CVE-2023-0600
RESERVED
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-0598
RESERVED
CVE-2023-0597
@@ -3393,9 +3393,9 @@ CVE-2023-23753
CVE-2023-23752
RESERVED
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & ...)
NOT-FOR-US: Joomla! extension
CVE-2023-23748
@@ -3716,7 +3716,7 @@ CVE-2023-23632
CVE-2023-23631
RESERVED
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...)
- TODO: check
+ NOT-FOR-US: Eta
CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...)
NOT-FOR-US: Metabase
CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...)
@@ -4231,7 +4231,7 @@ CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.
CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
@@ -4247,7 +4247,7 @@ CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8,
CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22287
@@ -5108,27 +5108,27 @@ CVE-2023-23138
CVE-2023-23137
RESERVED
CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file deletion vuln ...)
- TODO: check
+ NOT-FOR-US: lmxcms
CVE-2023-23135 (An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attacker ...)
- TODO: check
+ NOT-FOR-US: ftdms
CVE-2023-23134
RESERVED
CVE-2023-23133
RESERVED
CVE-2023-23132 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclos ...)
- TODO: check
+ NOT-FOR-US: Selfwealth
CVE-2023-23131 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transpor ...)
- TODO: check
+ NOT-FOR-US: Selfwealth
CVE-2023-23130 (Connectwise Automate 2022.11 is vulnerable to Cleartext authentication ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23129
RESERVED
CVE-2023-23128 (Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Reso ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23127 (In Connectwise Control 22.8.10013.8329, the login page does not implem ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23126 (Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23125
RESERVED
CVE-2023-23124
@@ -5275,17 +5275,17 @@ CVE-2023-23080
CVE-2023-23079
RESERVED
CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23077 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23076 (OS Command injection vulnerability in Support Center Plus 11 via Execu ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23075 (Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 vi ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23074 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23073 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23072
RESERVED
CVE-2023-23071
@@ -7151,13 +7151,13 @@ CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been ra
CVE-2023-22576
RESERVED
CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22573 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitiv ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22572 (Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitiv ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-0032
RESERVED
CVE-2023-0031
@@ -7381,7 +7381,7 @@ CVE-2023-22503
CVE-2023-22502
RESERVED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twak ...)
NOT-FOR-US: linagora/Twake
CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot ...)
@@ -7884,9 +7884,9 @@ CVE-2022-48096
CVE-2022-48095
RESERVED
CVE-2022-48094 (lmxcms v1.41 was discovered to contain an arbitrary file read vulnerab ...)
- TODO: check
+ NOT-FOR-US: lmxcms
CVE-2022-48093 (Seacms v12.7 was discovered to contain a remote code execution (RCE) v ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2022-48092
RESERVED
CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site ...)
@@ -9131,7 +9131,7 @@ CVE-2022-47874
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
NOT-FOR-US: Netcad KEOS
CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...)
- TODO: check
+ NOT-FOR-US: maccms10
CVE-2022-47871
RESERVED
CVE-2022-47870
@@ -9441,13 +9441,13 @@ CVE-2022-47719
CVE-2022-47718
RESERVED
CVE-2022-47717 (Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CO ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47716
RESERVED
CVE-2022-47715 (In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted t ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47714 (Last Yard 22.09.8-1 does not enforce HSTS headers ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47713
RESERVED
CVE-2022-47712
@@ -12718,9 +12718,9 @@ CVE-2022-47005
CVE-2022-47004
RESERVED
CVE-2022-47003 (A vulnerability in the Remember Me function of Mura CMS before v10.0.5 ...)
- TODO: check
+ NOT-FOR-US: Mura CMS
CVE-2022-47002 (A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and ...)
- TODO: check
+ NOT-FOR-US: Mura CMS
CVE-2022-47001
RESERVED
CVE-2022-47000
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e7b38122c3123db54cc0e17c6d664f27d66a65
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e7b38122c3123db54cc0e17c6d664f27d66a65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230202/838dd5b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list