[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 1 11:06:17 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d6faff3 by Moritz Muehlenhoff at 2023-06-01T12:05:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,29 +52,29 @@ CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in func
CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier ...)
NOT-FOR-US: Pleasanter
CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 and lat ...)
- TODO: check
+ NOT-FOR-US: Starlette
CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) v ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded cryptogr ...)
- TODO: check
+ NOT-FOR-US: DataSpider
CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS HMI Syst ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System (CHS) v ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI System ( ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-28399 (Incorrect permission assignment for critical resource exists in CONPRO ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has ...)
- TODO: check
+ NOT-FOR-US: sea75300 FanPress CM
CVE-2010-10010 (A vulnerability classified as problematic has been found in Stars Alli ...)
- TODO: check
+ NOT-FOR-US: Stars Alliance PsychoStats
CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...)
- TODO: check
+ NOT-FOR-US: mkucej/i-librarian-free
CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...)
- TODO: check
+ NOT-FOR-US: mkucej/i-librarian-free
CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found Information ...)
NOT-FOR-US: SourceCodester Lost and Found Information System
CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found Information ...)
@@ -146,21 +146,21 @@ CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks
CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...)
NOT-FOR-US: Collabora Online
CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...)
- TODO: check
+ NOT-FOR-US: gpt_academicmkucej/i-librarian-free
CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and ...)
NOT-FOR-US: GLPI plugin
CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...)
- TODO: check
+ NOT-FOR-US: EaseProbe
CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain protocol ...)
- TODO: check
+ NOT-FOR-US: mx-chain-go
CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...)
- TODO: check
+ NOT-FOR-US: Dcat-Admin
CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...)
NOT-FOR-US: D-Link
CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...)
- TODO: check
+ NOT-FOR-US: Microworld
CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...)
NOT-FOR-US: Microworld Technologies eScan Management Console
CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...)
@@ -182,15 +182,15 @@ CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B2023011
CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table ...)
NOT-FOR-US: Atlassian Confluence
CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...)
- TODO: check
+ NOT-FOR-US: IdentityIQ
CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...)
NOT-FOR-US: ChurchCRM
CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...)
- TODO: check
+ NOT-FOR-US: EZ Sync
CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR
CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...)
- linux <unfixed> (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -198,7 +198,7 @@ CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs
NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1)
NOTE: NTFS3 driver not enabled in Debian
CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet Viewer P ...)
- TODO: check
+ NOT-FOR-US: Inline Google Spreadsheet Viewer
CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...)
NOT-FOR-US: JStachio
CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...)
@@ -303,11 +303,11 @@ CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a bu
NOTE: https://github.com/OpenSC/OpenSC/pull/2787
NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a
CVE-2023-2973 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.)
- TODO: check
+ NOT-FOR-US: antfu/utils
CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...)
- TODO: check
+ NOT-FOR-US: JFROG
CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...)
{DSA-5417-1}
- openssl 3.0.9-1
@@ -2839,13 +2839,13 @@ CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbo
CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
NOT-FOR-US: Intel
CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently P ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observ ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow information discl ...)
- TODO: check
+ NOT-FOR-US: ROZCOM
CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials)
- TODO: check
+ NOT-FOR-US: ROZCOM
CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...)
NOT-FOR-US: Cybonet PineApp Mail SecureA
CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...)
@@ -5668,7 +5668,7 @@ CVE-2023-30287
CVE-2023-30286
RESERVED
CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows ...)
- TODO: check
+ NOT-FOR-US: Deviniti Issue Sync Synchronization
CVE-2023-30284
RESERVED
CVE-2023-30283
@@ -5844,7 +5844,7 @@ CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect A
CVE-2023-30198
RESERVED
CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
NOT-FOR-US: Prestashop
CVE-2023-30195
@@ -6791,51 +6791,51 @@ CVE-2023-29750
CVE-2023-29749
RESERVED
CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...)
- TODO: check
+ NOT-FOR-US: Story Saver for Instragram
CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
- TODO: check
+ NOT-FOR-US: Story Saver for Instragram
CVE-2023-29746
RESERVED
CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
- TODO: check
+ NOT-FOR-US: BestWeather
CVE-2023-29744
RESERVED
CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
- TODO: check
+ NOT-FOR-US: BestWeather
CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
- TODO: check
+ NOT-FOR-US: BestWeather
CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
- TODO: check
+ NOT-FOR-US: BestWeather
CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
- TODO: check
+ NOT-FOR-US: Alarm Clock for Heavy Sleepers
CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
- TODO: check
+ NOT-FOR-US: Alarm Clock for Heavy Sleepers
CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
- TODO: check
+ NOT-FOR-US: Wave Animated Keyboard Emoji
CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
- TODO: check
+ NOT-FOR-US: Wave Animated Keyboard Emoji
CVE-2023-29736
RESERVED
CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...)
- TODO: check
+ NOT-FOR-US: edjing Mix
CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...)
- TODO: check
+ NOT-FOR-US: edjing Mix
CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps to modi ...)
- TODO: check
+ NOT-FOR-US: Lock Master
CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the co ...)
- TODO: check
+ NOT-FOR-US: SoLive
CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that pr ...)
- TODO: check
+ NOT-FOR-US: SoLive
CVE-2023-29730
RESERVED
CVE-2023-29729
RESERVED
CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...)
- TODO: check
+ NOT-FOR-US: Call Blocker
CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...)
- TODO: check
+ NOT-FOR-US: Call Blocker
CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...)
- TODO: check
+ NOT-FOR-US: Call Blocker
CVE-2023-29725
RESERVED
CVE-2023-29724
@@ -9025,7 +9025,7 @@ CVE-2023-1713
CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...)
NOT-FOR-US: deepset-ai haystack
CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-29032 (An attacker that has gained access to certain private information can ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
@@ -11273,7 +11273,7 @@ CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.3
CVE-2023-28387
RESERVED
CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
- TODO: check
+ NOT-FOR-US: ESS REC Agent Server Edition
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
NOT-FOR-US: Brother
CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...)
@@ -11447,25 +11447,25 @@ CVE-2023-28355
CVE-2023-28354
RESERVED
CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
- TODO: check
+ NOT-FOR-US: Faronics Insight
CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...)
NOT-FOR-US: Altenergy Power Control Software
CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...)
@@ -12248,7 +12248,7 @@ CVE-2023-1358 (A vulnerability, which was classified as critical, was found in S
CVE-2023-1357 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental Control a ...)
- TODO: check
+ NOT-FOR-US: Kiddoware Kids Place Parental Control
CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...)
NOT-FOR-US: Independentsoft JWord
CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...)
@@ -12459,9 +12459,9 @@ CVE-2023-28082
CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking ...)
- TODO: check
+ NOT-FOR-US: PowerPath
CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File ...)
- TODO: check
+ NOT-FOR-US: PowerPath
CVE-2023-28078
RESERVED
CVE-2023-28077
@@ -15956,7 +15956,7 @@ CVE-2023-26844
CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...)
@@ -17611,9 +17611,9 @@ CVE-2023-26218
CVE-2023-26217
RESERVED
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
NOT-FOR-US: BusinessConnect UI component of TIBCO
CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6faff3a7554915692e6780a1845c794adbd420
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6faff3a7554915692e6780a1845c794adbd420
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230601/f6e26e11/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list