[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 4 09:29:08 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51094ed8 by Salvatore Bonaccorso at 2023-07-04T10:28:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8498,7 +8498,7 @@ CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Polluti
CVE-2023-2011
RESERVED
CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...)
@@ -12213,11 +12213,11 @@ CVE-2023-29149
CVE-2023-29148
RESERVED
CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the det ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes EDR
CVE-2023-29146
RESERVED
CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes EDR
CVE-2023-29144
RESERVED
CVE-2023-29143
@@ -12335,7 +12335,7 @@ CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...)
- TODO: check
+ NOT-FOR-US: OrangeScrum
CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...)
- nomad <not-affected> (Vulnerable code not present; Introduced in 1.5.0)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-13-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375
@@ -13278,7 +13278,7 @@ CVE-2023-1627 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It
CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...)
NOT-FOR-US: Jianming Antivirus
CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
{DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
@@ -14394,7 +14394,7 @@ CVE-2023-28543
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.)
TODO: check
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28540
RESERVED
CVE-2023-28539
@@ -14928,7 +14928,7 @@ CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path trav
CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine ...)
NOT-FOR-US: MicroEngine
CVE-2023-27396 (FINS (Factory Interface Network Service) is a message communication pr ...)
- TODO: check
+ NOT-FOR-US: FINS (Factory Interface Network Service)
CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
NOT-FOR-US: CX-Drive All
CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...)
@@ -15271,9 +15271,9 @@ CVE-2022-48403
CVE-2023-28325 (An improper authorization vulnerability exists in Rocket.Chat <6.0 tha ...)
NOT-FOR-US: Rocket.Chat
CVE-2023-28324 (A improper input validation vulnerability exists in Ivanti Endpoint Ma ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and all pri ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0 when do ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
@@ -16162,7 +16162,7 @@ CVE-2023-28037
CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -16300,7 +16300,7 @@ CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an
CVE-2023-28007
RESERVED
CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that is no lo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...)
NOT-FOR-US: Trend Micro
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
@@ -16349,7 +16349,7 @@ CVE-2023-27994
CVE-2023-27993 (A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 ...)
NOT-FOR-US: FortiGuard
CVE-2023-27992 (The pre-authentication command injection vulnerability in the Zyxel NA ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...)
NOT-FOR-US: Zyxel
CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
@@ -16548,7 +16548,7 @@ CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCode
CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1272
RESERVED
CVE-2023-1271
@@ -17475,11 +17475,11 @@ CVE-2023-27633
CVE-2023-27632
RESERVED
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27630
RESERVED
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27628
RESERVED
CVE-2023-27627
@@ -17513,7 +17513,7 @@ CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian H
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27612 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27611
RESERVED
CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...)
@@ -18030,7 +18030,7 @@ CVE-2023-27471
CVE-2023-27470
RESERVED
CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2023-27468
RESERVED
CVE-2023-27467
@@ -18064,11 +18064,11 @@ CVE-2023-27454
CVE-2023-27453
RESERVED
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27451
RESERVED
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27449
RESERVED
CVE-2023-27448
@@ -18082,7 +18082,7 @@ CVE-2023-27445
CVE-2023-27444
RESERVED
CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27442
RESERVED
CVE-2023-27441
@@ -18090,7 +18090,7 @@ CVE-2023-27441
CVE-2023-27440
RESERVED
CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27438
RESERVED
CVE-2023-27437
@@ -18104,17 +18104,17 @@ CVE-2023-27434
CVE-2023-27433
RESERVED
CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27431
RESERVED
CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27428
RESERVED
CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27426
RESERVED
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...)
@@ -18128,7 +18128,7 @@ CVE-2023-27422
CVE-2023-27421
RESERVED
CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
NOT-FOR-US: WordPress theme
CVE-2023-27418
@@ -18140,9 +18140,9 @@ CVE-2023-27416
CVE-2023-27415
RESERVED
CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27412
RESERVED
CVE-2023-27411
@@ -19072,9 +19072,9 @@ CVE-2023-27085
CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allo ...)
NOT-FOR-US: Dreamer CMS
CVE-2023-27083 (An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-d ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2023-27082 (Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4. ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2023-27081
RESERVED
CVE-2023-27080
@@ -20064,15 +20064,15 @@ CVE-2023-26618
CVE-2023-26617
RESERVED
CVE-2023-26616 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-26615 (D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerab ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-26614
RESERVED
CVE-2023-26613 (An OS command injection vulnerability in D-Link DIR-823G firmware vers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-26612 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-26611
RESERVED
CVE-2023-26610
@@ -20320,21 +20320,21 @@ CVE-2023-26543
CVE-2023-26542
RESERVED
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26540
RESERVED
CVE-2023-26539 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nico ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26535
RESERVED
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26533
RESERVED
CVE-2023-26532
@@ -20348,7 +20348,7 @@ CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26526
RESERVED
CVE-2023-26525
@@ -20372,7 +20372,7 @@ CVE-2023-26517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-26516
RESERVED
CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26514
RESERVED
CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
@@ -20448,7 +20448,7 @@ CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel i
CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...)
NOT-FOR-US: Ghost CMS
CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2023-26508
RESERVED
CVE-2023-26507
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51094ed826acc838e2560c4ec44eff58d073dc8c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51094ed826acc838e2560c4ec44eff58d073dc8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230704/34a55bf7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list