[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 12 07:34:52 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cfe46ef by Moritz Muehlenhoff at 2023-07-12T08:34:30+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-37579
+ NOT-FOR-US: Apache Pulsar
CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...)
NOT-FOR-US: SuiteCRM core
CVE-2023-3626 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -5,29 +7,29 @@ CVE-2023-3626 (A vulnerability, which was classified as critical, has been found
CVE-2023-3625 (A vulnerability classified as critical was found in Suncreate Mountain ...)
NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System
CVE-2023-3624 (A vulnerability classified as critical has been found in Nesote Inout ...)
- TODO: check
+ NOT-FOR-US: Nesote Inout Blockchain FiatExchanger
CVE-2023-3623 (A vulnerability was found in Suncreate Mountain Flood Disaster Prevent ...)
NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System
CVE-2023-3621 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...)
NOT-FOR-US: IBOS OA
CVE-2023-3620 (Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarte ...)
- TODO: check
+ NOT-FOR-US: amauric/tarteaucitron.js
CVE-2023-3619 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
NOT-FOR-US: SourceCodester AC Repair and Services System
CVE-2023-3617 (A vulnerability was found in SourceCodester Best POS Management System ...)
NOT-FOR-US: SourceCodester Best POS Management System
CVE-2023-37659 (xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).)
- TODO: check
+ NOT-FOR-US: xalpha
CVE-2023-37658 (fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File ...)
- TODO: check
+ NOT-FOR-US: fast-poster
CVE-2023-37657 (TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).)
NOT-FOR-US: TwoNav
CVE-2023-37656 (WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via ...)
NOT-FOR-US: WebsiteGuide
CVE-2023-37597 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...)
- TODO: check
+ NOT-FOR-US: issabel-pbx
CVE-2023-37596 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...)
- TODO: check
+ NOT-FOR-US: issabel-pbx
CVE-2023-37391 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-37376 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
@@ -59,7 +61,7 @@ CVE-2023-36868 (Azure Service Fabric on Windows Information Disclosure Vulnerabi
CVE-2023-36867 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...)
NOT-FOR-US: Microsoft
CVE-2023-36825 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...)
- redis <unfixed> (bug #1040879)
[bullseye] - redis <not-affected> (Vulnerable code introduced later)
@@ -104,13 +106,13 @@ CVE-2023-36389 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All
CVE-2023-36386 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2023-36293 (SQL injection vulnerability in wmanager v.1.0.7 and before allows a re ...)
- TODO: check
+ NOT-FOR-US: wmanager
CVE-2023-36167 (An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute a ...)
NOT-FOR-US: AVG Anti-Spyware
CVE-2023-36164 (An issue in MiniTool Partition Wizard ShadowMaker v.12.7 allows an att ...)
- TODO: check
+ NOT-FOR-US: MiniTool Partition Wizard ShadowMaker
CVE-2023-36163 (Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 ...)
- TODO: check
+ NOT-FOR-US: BuildaGate
CVE-2023-35921 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...)
NOT-FOR-US: Siemens
CVE-2023-35920 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...)
@@ -124,9 +126,9 @@ CVE-2023-35778 (Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Rec
CVE-2023-35773 (Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - Chu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35374 (Paint 3D Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35373 (Mono Authenticode Validation Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35367 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
NOT-FOR-US: Microsoft
CVE-2023-35366 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
@@ -188,213 +190,213 @@ CVE-2023-35335 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulner
CVE-2023-35333 (MediaWiki PandocUpload Extension Remote Code Execution Vulnerability)
TODO: check
CVE-2023-35332 (Windows Remote Desktop Protocol Security Feature Bypass)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35331 (Windows Local Security Authority (LSA) Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35330 (Windows Extended Negotiation Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35329 (Windows Authentication Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35328 (Windows Transaction Manager Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35326 (Windows CDP User Components Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35325 (Windows Print Spooler Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35324 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35323 (Windows OLE Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35322 (Windows Deployment Services Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35321 (Windows Deployment Services Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35320 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35319 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35318 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35317 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35316 (Remote Procedure Call Runtime Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35315 (Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35314 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35313 (Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35312 (Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35311 (Microsoft Outlook Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35310 (Windows DNS Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35309 (Microsoft Message Queuing Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35308 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35306 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35305 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35304 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35303 (USB Audio Class System Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35302 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35300 (Remote Procedure Call Runtime Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35299 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35298 (HTTP.sys Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35297 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35296 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35091 (Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Man ...)
- TODO: check
+ NOT-FOR-US: WooCommerce addon
CVE-2023-35047 (Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35044 (Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Secur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34561 (A buffer overflow in the level parsing code of RobTop Games AB Geometr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34185 (Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms before version ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-34118 (Improper privilege management in Zoom Rooms before version 5.14.5 may ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-34117 (Relative path traversal in the Zoom Client SDK before version 5.15.0 m ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-34116 (Improper input validation in the Zoom Desktop Client for Windows befor ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-34090 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-34089 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-34029 (Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34015 (Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Cond ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33174 (Windows Cryptographic Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33173 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33172 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33171 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33170 (ASP.NET and Visual Studio Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33169 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33168 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33167 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33166 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33165 (Microsoft SharePoint Server Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33164 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33163 (Windows Network Load Balancing Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33162 (Microsoft Excel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33161 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33160 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33159 (Microsoft SharePoint Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33158 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33157 (Microsoft SharePoint Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33156 (Microsoft Defender Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33155 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33154 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33153 (Microsoft Outlook Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33152 (Microsoft ActiveX Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33151 (Microsoft Outlook Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33150 (Microsoft Office Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33149 (Microsoft Office Graphics Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33148 (Microsoft Office Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33134 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-33127 (.NET and Visual Studio Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32693 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2023-32104 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurato ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32085 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32084 (HTTP.sys Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32083 (Microsoft Failover Cluster Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32057 (Microsoft Message Queuing Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32056 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32055 (Active Template Library Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32052 (Microsoft Power Apps Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32050 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32049 (Windows SmartScreen Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32047 (Paint 3D Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32046 (Windows MSHTML Platform Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32045 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32044 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32043 (Windows Remote Desktop Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32042 (OLE Automation Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32041 (Windows Update Orchestrator Service Information Disclosure Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32040 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32039 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32038 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32037 (Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32035 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32034 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32033 (Microsoft Failover Cluster Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-31818 (An issue found in Marukyu Line v.13.4.1 allows a remote attacker to ga ...)
TODO: check
CVE-2023-31191 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...)
@@ -8081,6 +8083,7 @@ CVE-2023-31008
RESERVED
CVE-2023-31007
RESERVED
+ NOT-FOR-US: Apache Pulsar
CVE-2023-31006
RESERVED
CVE-2023-31005
@@ -10139,8 +10142,10 @@ CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2.
NOT-FOR-US: Turante Sandbox Theme
CVE-2023-30429
RESERVED
+ NOT-FOR-US: Apache Pulsar
CVE-2023-30428
RESERVED
+ NOT-FOR-US: Apache Pulsar
CVE-2023-30427
RESERVED
CVE-2023-30426
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cfe46ef4bc072e8424808bd4903273112ad2f78
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cfe46ef4bc072e8424808bd4903273112ad2f78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230712/2887a393/attachment.htm>
More information about the debian-security-tracker-commits
mailing list