[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 21 20:48:14 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7dafb2a by Salvatore Bonaccorso at 2023-07-21T21:47:44+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2023-3796 (A vulnerability, which was classified as problematic, has been fo
CVE-2023-3795 (A vulnerability classified as critical was found in Bug Finder ChainCi ...)
NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform
CVE-2023-38632 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in t ...)
- TODO: check
+ NOT-FOR-US: async-sockets-cpp
CVE-2023-37645 (eyoucms v1.6.3 was discovered to contain an information disclosure vul ...)
NOT-FOR-US: eyoucms
CVE-2023-37292 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
@@ -250,7 +250,7 @@ CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a loca
CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...)
NOT-FOR-US: Foxit Reader
CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...)
- TODO: check
+ NOT-FOR-US: XBRL data create application
CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -12074,7 +12074,7 @@ CVE-2023-30202
CVE-2023-30201
RESERVED
CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, Alt & More ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...)
NOT-FOR-US: Prestashop
CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...)
@@ -16372,7 +16372,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1)
NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache ShardingSphe ...)
- TODO: check
+ NOT-FOR-US: Apache ShardingSphere-Agent
CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...)
NOT-FOR-US: netconsd
CVE-2023-28752
@@ -16479,11 +16479,11 @@ CVE-2023-1555
CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro versions ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2023-28729 (A type confusion vulnerability in Panasonic Control FPWIN Pro versions ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2023-28728 (A stack-based buffer overflow in Panasonic Control FPWIN Pro versions ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...)
NOT-FOR-US: Panasonic AiSEG2
CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...)
@@ -23986,7 +23986,7 @@ CVE-2023-26219
CVE-2023-26218
RESERVED
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...)
- TODO: check
+ NOT-FOR-US: TIBICO Software
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
NOT-FOR-US: TIBCO
CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
@@ -25115,15 +25115,15 @@ CVE-2023-25841
CVE-2023-25840
RESERVED
CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS
CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS
CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25835 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
NOT-FOR-US: Esri
CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
@@ -35832,13 +35832,13 @@ CVE-2023-22510
CVE-2023-22509
RESERVED
CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22507
RESERVED
CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
NOT-FOR-US: Atlassian
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
@@ -38970,11 +38970,11 @@ CVE-2023-22064
CVE-2023-22063
RESERVED
CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22059
RESERVED
CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -38990,9 +38990,9 @@ CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
TODO: check
CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -39002,7 +39002,7 @@ CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -39016,32 +39016,32 @@ CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The suppo
- openjfx 11+26-1
NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as fixed
CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22032
RESERVED
CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22030
RESERVED
CVE-2023-22029
@@ -39049,7 +39049,7 @@ CVE-2023-22029
CVE-2023-22028
RESERVED
CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22026
RESERVED
CVE-2023-22025
@@ -39057,13 +39057,13 @@ CVE-2023-22025
CVE-2023-22024
RESERVED
CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22019
RESERVED
CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -39075,17 +39075,17 @@ CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2023-22015
RESERVED
CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -39096,7 +39096,7 @@ CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -39116,7 +39116,7 @@ CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21995
RESERVED
CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture product of Or ...)
NOT-FOR-US: Oracle
CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
@@ -39138,7 +39138,7 @@ CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21983 (Vulnerability in the Application Express Administration product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -39154,9 +39154,9 @@ CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin product of O ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -39190,7 +39190,7 @@ CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration Services p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...)
@@ -39218,7 +39218,7 @@ CVE-2023-21951
CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7dafb2ad2f5bcbd22df3b358be160ae12ff6224
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7dafb2ad2f5bcbd22df3b358be160ae12ff6224
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230721/edc1164a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list