[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 18 21:23:19 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ddb100b by Salvatore Bonaccorso at 2023-07-18T22:22:50+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,81 +1,81 @@
CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote ...)
- TODO: check
+ NOT-FOR-US: Ap Page Builder
CVE-2023-38326
REJECTED
CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insec ...)
- TODO: check
+ NOT-FOR-US: Iagona ScrutisWeb
CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Repla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead to a De ...)
TODO: check
CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...)
- TODO: check
+ NOT-FOR-US: D-LINK
CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...)
TODO: check
CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...)
TODO: check
CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...)
- TODO: check
+ NOT-FOR-US: 1Panel
CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...)
TODO: check
CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36670 (A remotely exploitable command injection vulnerability was found on th ...)
- TODO: check
+ NOT-FOR-US: Kratos NGC-IDU
CVE-2023-36669 (Missing Authentication for a Critical Function within the Kratos NGC I ...)
- TODO: check
+ NOT-FOR-US: Kratos NGC-IDU
CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mag ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36120
REJECTED
CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a crypto ...)
- TODO: check
+ NOT-FOR-US: Iagona ScrutisWeb
CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...)
- TODO: check
+ NOT-FOR-US: Iagona ScrutisWeb
CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may cause a i ...)
- TODO: check
+ NOT-FOR-US: AMI SPx
CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause an auth ...)
- TODO: check
+ NOT-FOR-US: AMI SPx
CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...)
TODO: check
CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...)
- TODO: check
+ NOT-FOR-US: Iagona ScrutisWeb
CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Ea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...)
TODO: check
CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient input valida ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31441 (In NATO Communications and Information Agency anet (aka Advisor Networ ...)
- TODO: check
+ NOT-FOR-US: NATO Communications and Information Agency anet
CVE-2023-2913 (An executable used in Rockwell Automation ThinManager ThinServer can b ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
NOT-FOR-US: YARPP plugin for WordPress
CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin up to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection Instrument up ...)
TODO: check
CVE-2018-25088 (A vulnerability, which was classified as critical, was found in Blue Y ...)
@@ -8860,7 +8860,7 @@ CVE-2023-2265
CVE-2023-2264
RESERVED
CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2262
RESERVED
CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...)
@@ -9472,7 +9472,7 @@ CVE-2023-30908
CVE-2023-30907
RESERVED
CVE-2023-30906 (The vulnerability could be locally exploited to allow escalation of pr ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...)
NOT-FOR-US: HPE
CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...)
@@ -11339,7 +11339,7 @@ CVE-2023-30385
CVE-2023-30384
RESERVED
CVE-2023-30383 (TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Ar ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life up to 543 ...)
NOT-FOR-US: hl.exe of Valve Half-Life
CVE-2023-30381
@@ -11813,7 +11813,7 @@ CVE-2023-30155
CVE-2023-30154
RESERVED
CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-30152
RESERVED
CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddb100ba928b6d911f9d0fa0bbbdaa4f3fce0d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddb100ba928b6d911f9d0fa0bbbdaa4f3fce0d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/da9a4c0d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list