[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 7 15:27:29 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3e1c8c4 by Moritz Muehlenhoff at 2023-07-07T16:27:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1268,7 +1268,8 @@ CVE-2023-35172 (NextCloud Server and NextCloud Enterprise Server provide file st
CVE-2023-35171 (NextCloud Server and NextCloud Enterprise Server provide file storage ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-35169 (PHP-IMAP is a wrapper for common IMAP communication without the need t ...)
- TODO: check
+ NOT-FOR-US: PHP-Imap
+ NOTE: src:ldap-account-manager bundles it, but not relevant for it
CVE-2023-35165 (AWS Cloud Development Kit (AWS CDK) is an open-source software develop ...)
NOT-FOR-US: AWS Cloud Development Kit
CVE-2023-35163 (Vega is a decentralized trading platform that allows pseudo-anonymous ...)
@@ -10954,7 +10955,7 @@ CVE-2023-29658
CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in ...)
- extplorer <removed>
CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile app (Andro ...)
- TODO: check
+ NOT-FOR-US: Darktrace
CVE-2023-29655
RESERVED
CVE-2023-29654
@@ -12001,9 +12002,9 @@ CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into
NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an atta ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...)
NOT-FOR-US: Warpinator
CVE-2023-29379
@@ -13268,7 +13269,7 @@ CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packe
CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...)
NOT-FOR-US: Huawei
CVE-2023-1695 (Vulnerability of failures to capture exceptions in the communication f ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...)
NOT-FOR-US: Huawei
CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...)
@@ -13276,7 +13277,7 @@ CVE-2023-1693 (The Settings module has the file privilege escalation vulnerabili
CVE-2023-1692 (The window management module lacks permission verification.Successful ...)
NOT-FOR-US: Huawei
CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...)
- ffmpeg 7:5.1.2-1
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
@@ -16781,7 +16782,7 @@ CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter
- nomad <not-affected> (Vulnerable code not present; Introduced in 1.5.0)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389
CVE-2023-1298 (ServiceNow has released upgrades and patches that address a Reflected ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability exists ...)
NOT-FOR-US: Schneider
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...)
@@ -19226,7 +19227,7 @@ CVE-2023-27227
CVE-2023-27226
RESERVED
CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User Registration & Logi ...)
- TODO: check
+ NOT-FOR-US: Admin Panel v3
CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
NOT-FOR-US: NginxProxyManager
CVE-2023-27223
@@ -19278,11 +19279,11 @@ CVE-2023-27201
CVE-2023-27200
RESERVED
CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows atta ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27196
RESERVED
CVE-2023-27195
@@ -21935,9 +21936,9 @@ CVE-2023-26140
CVE-2023-26139
RESERVED
CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: Drogon
CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...)
- TODO: check
+ NOT-FOR-US: Drogon
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...)
- node-tough-cookie <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
@@ -21964,7 +21965,7 @@ CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Inj
CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...)
NOT-FOR-US: Node keep-module-latest
CVE-2023-26127 (All versions of the package n158 are vulnerable to Command Injection d ...)
- TODO: check
+ NOT-FOR-US: Node n158
CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...)
NOT-FOR-US: m.static
CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...)
@@ -23876,9 +23877,9 @@ CVE-2023-25585
CVE-2023-25584
RESERVED
CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25581
RESERVED
CVE-2023-25580
@@ -24185,7 +24186,7 @@ CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.
CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...)
NOT-FOR-US: Vaadin
CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the urvpn_client ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
{DSA-5345-1}
- chromium 110.0.5481.77-1
@@ -25171,99 +25172,99 @@ CVE-2023-25126
CVE-2023-25125
REJECTED
CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25069 (TXOne StellarOne has an improper access control privilege escalation v ...)
NOT-FOR-US: TXOne StellarOne
CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the libzebra.so. ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus tcpdump ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...)
@@ -26665,17 +26666,17 @@ CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorr
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...)
NOT-FOR-US: NYUCCL psiTurk
CVE-2023-24595 (An OS command injection vulnerability exists in the ys_thirdparty syst ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24583 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24582 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-22365 (An OS command injection vulnerability exists in the ys_thirdparty chec ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus _get_fw ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: YAFNET
CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...)
@@ -27023,9 +27024,9 @@ CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (B
CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...)
NOT-FOR-US: SAP
CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24518
RESERVED
CVE-2023-24517
@@ -27037,7 +27038,7 @@ CVE-2023-24515
CVE-2023-24514
RESERVED
CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-0506
@@ -27105,9 +27106,9 @@ CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's de
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
NOT-FOR-US: Netgear
CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...)
@@ -27306,7 +27307,7 @@ CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vu
CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwo ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-22371 (An os command injection vulnerability exists in the liburvpn.so create ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a propri ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-0456
@@ -27818,7 +27819,7 @@ CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered to contain a SQL injectio
CVE-2023-24257
RESERVED
CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6 Aspen be ...)
- TODO: check
+ NOT-FOR-US: NIO EC6 Aspen
CVE-2023-24255
RESERVED
CVE-2023-24254
@@ -28342,11 +28343,11 @@ CVE-2023-24034
CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...)
NOT-FOR-US: Samsung
CVE-2023-24032 (In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24031 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24030 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...)
@@ -28462,21 +28463,21 @@ CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23970
RESERVED
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-23571 (An access violation vulnerability exists in the eventcore functionalit ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io file-export ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22844 (An authentication bypass vulnerability exists in the requestHandlers.j ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22659 (An os command injection vulnerability exists in the libzebra.so change ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js LoginAu ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22306 (An OS command injection vulnerability exists in the libzebra.so bridge ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...)
{DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.7.1+1-1
@@ -28790,7 +28791,7 @@ CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23550 (An OS command injection vulnerability exists in the ys_thirdparty user ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooComm ...)
@@ -28852,7 +28853,7 @@ CVE-2023-23843
CVE-2023-23842
RESERVED
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23840
RESERVED
CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)
@@ -28946,7 +28947,7 @@ CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dols
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23811 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23810 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mori ...)
@@ -28954,7 +28955,7 @@ CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Serg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23807 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in Davin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23805
@@ -28978,7 +28979,7 @@ CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThe
CVE-2023-23796
RESERVED
CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
@@ -29024,7 +29025,7 @@ CVE-2023-23549
CVE-2023-23548
RESERVED
CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...)
- check-mk <removed>
CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...)
@@ -29413,7 +29414,7 @@ CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23678
RESERVED
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...)
@@ -29963,7 +29964,7 @@ CVE-2023-23541 (A privacy issue was addressed with improved private data redacti
CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-23539 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...)
@@ -30018,7 +30019,7 @@ CVE-2023-23517 (The issue was addressed with improved memory handling. This issu
- wpewebkit 2.38.4-1
NOTE: https://webkitgtk.org/security/WSA-2023-0001.html
CVE-2023-23516 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23515
RESERVED
CVE-2023-23514 (A use after free issue was addressed with improved memory management. ...)
@@ -30531,9 +30532,9 @@ CVE-2023-23346
CVE-2023-23345
RESERVED
CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an ...)
- TODO: check
+ NOT-FOR-US: BigFix
CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...)
- TODO: check
+ NOT-FOR-US: BigFix
CVE-2023-23342
RESERVED
CVE-2023-23341
@@ -31958,7 +31959,7 @@ CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by zero]
CVE-2023-22907
RESERVED
CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with roo ...)
- TODO: check
+ NOT-FOR-US: Hero Qubo
CVE-2023-22905
RESERVED
CVE-2023-22904
@@ -32392,7 +32393,7 @@ CVE-2023-22836
CVE-2023-22835
RESERVED
CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
NOT-FOR-US: Palantir
CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...)
@@ -32428,11 +32429,11 @@ CVE-2023-22818
CVE-2023-22817
RESERVED
CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22815 (Post-authentication remote command injection vulnerabilities in Wester ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22814 (An authentication bypass issue via spoofing was discovered in the toke ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22813 (A device API endpoint was missing access controls on Western Digital M ...)
NOT-FOR-US: Western Digital
CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...)
@@ -32865,7 +32866,7 @@ CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before
CVE-2023-22668
RESERVED
CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22666
RESERVED
CVE-2023-0094
@@ -35195,9 +35196,9 @@ CVE-2021-4275 (A vulnerability, which was classified as problematic, was found i
CVE-2023-22388
RESERVED
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22385
RESERVED
CVE-2023-22384
@@ -35951,7 +35952,7 @@ CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific paramet
CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47614 (Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
@@ -35993,7 +35994,7 @@ CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2022-47594
RESERVED
CVE-2022-47593 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad Ra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperma ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni ...)
@@ -39895,7 +39896,7 @@ CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote
CVE-2023-21673
RESERVED
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21671
RESERVED
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...)
@@ -39957,31 +39958,31 @@ CVE-2023-21643
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
NOT-FOR-US: Qualcomm
CVE-2023-21641 (An app with non-privileged access can change global system brightness ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21640 (Memory corruption in Linux when the file upload API is called with par ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21639 (Memory corruption in Audio while processing sva_model_serializer using ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21638 (Memory corruption in Video while calling APIs with different instance ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21636
RESERVED
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21634
RESERVED
CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.)
NOT-FOR-US: Qualcomm
CVE-2023-21631 (Weak Configuration due to improper input validation in Modem while pro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...)
NOT-FOR-US: Qualcomm
CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the PKCS15 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...)
NOT-FOR-US: Qualcomm
CVE-2023-21627
@@ -39991,7 +39992,7 @@ CVE-2023-21626
CVE-2023-21625
RESERVED
CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-46750
REJECTED
CVE-2022-46749
@@ -40035,13 +40036,13 @@ CVE-2022-46720 (An integer overflow was addressed with improved input validation
CVE-2022-46719
REJECTED
CVE-2022-46718 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2022-46715 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2022-46714
RESERVED
CVE-2022-46713 (A race condition was addressed with additional validation. This issue ...)
@@ -40818,9 +40819,9 @@ CVE-2022-46410 (An issue was discovered in Veritas NetBackup Flex Scale through
CVE-2022-46409
RESERVED
CVE-2022-46408 (Ericsson Network Manager (ENM), versions prior to 22.1, contains a vul ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2022-46407 (Ericsson Network Manager (ENM), versions prior to 22.2, contains a vul ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2022-46406
RESERVED
CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of service ( ...)
@@ -42097,7 +42098,7 @@ CVE-2022-46082
CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...)
NOT-FOR-US: Garmin
CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and comm ...)
- TODO: check
+ NOT-FOR-US: Nexxt Nebula
CVE-2022-46079
RESERVED
CVE-2022-46078
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e1c8c4dd32e7ef6883e9d54dc3439cc453f6b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e1c8c4dd32e7ef6883e9d54dc3439cc453f6b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230707/8d33c4e5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list