[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 1 11:06:17 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d6faff3 by Moritz Muehlenhoff at 2023-06-01T12:05:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,29 +52,29 @@ CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in func
 CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier  ...)
 	NOT-FOR-US: Pleasanter
 CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 and lat ...)
-	TODO: check
+	NOT-FOR-US: Starlette
 CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) v ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded cryptogr ...)
-	TODO: check
+	NOT-FOR-US: DataSpider
 CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS HMI Syst ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System (CHS) v ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI System ( ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-28399 (Incorrect permission assignment for critical resource exists in CONPRO ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has  ...)
-	TODO: check
+	NOT-FOR-US: sea75300 FanPress CM
 CVE-2010-10010 (A vulnerability classified as problematic has been found in Stars Alli ...)
-	TODO: check
+	NOT-FOR-US: Stars Alliance PsychoStats
 CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...)
-	TODO: check
+	NOT-FOR-US: mkucej/i-librarian-free
 CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...)
-	TODO: check
+	NOT-FOR-US: mkucej/i-librarian-free
 CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found Information ...)
 	NOT-FOR-US: SourceCodester Lost and Found Information System
 CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found Information ...)
@@ -146,21 +146,21 @@ CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks
 CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...)
 	NOT-FOR-US: Collabora Online
 CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...)
-	TODO: check
+	NOT-FOR-US: gpt_academicmkucej/i-librarian-free
 CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and  ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: EaseProbe
 CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain protocol ...)
-	TODO: check
+	NOT-FOR-US: mx-chain-go
 CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...)
-	TODO: check
+	NOT-FOR-US: Dcat-Admin
 CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...)
 	NOT-FOR-US: D-Link
 CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...)
-	TODO: check
+	NOT-FOR-US: Microworld
 CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...)
 	NOT-FOR-US: Microworld Technologies eScan Management Console
 CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...)
@@ -182,15 +182,15 @@ CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B2023011
 CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table  ...)
 	NOT-FOR-US: Atlassian Confluence
 CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...)
-	TODO: check
+	NOT-FOR-US: IdentityIQ
 CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...)
-	TODO: check
+	NOT-FOR-US: EZ Sync
 CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-2749 (Download Center fails to properly validate the file path submitted by  ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR
 CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...)
 	- linux <unfixed> (unimportant)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -198,7 +198,7 @@ CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs
 	NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1)
 	NOTE: NTFS3 driver not enabled in Debian
 CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet Viewer P ...)
-	TODO: check
+	NOT-FOR-US: Inline Google Spreadsheet Viewer
 CVE-2023-33962 (JStachio is a  type-safe Java Mustache templating engine. Prior to ver ...)
 	NOT-FOR-US: JStachio
 CVE-2023-33961 (Leantime is a lean open source project management system. Starting in  ...)
@@ -303,11 +303,11 @@ CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a bu
 	NOTE: https://github.com/OpenSC/OpenSC/pull/2787
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a
 CVE-2023-2973 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.)
-	TODO: check
+	NOT-FOR-US: antfu/utils
 CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...)
-	TODO: check
+	NOT-FOR-US: JFROG
 CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...)
 	{DSA-5417-1}
 	- openssl 3.0.9-1
@@ -2839,13 +2839,13 @@ CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbo
 CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector  ...)
 	NOT-FOR-US: Intel
 CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently P ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observ ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow information discl ...)
-	TODO: check
+	NOT-FOR-US: ROZCOM
 CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials)
-	TODO: check
+	NOT-FOR-US: ROZCOM
 CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...)
 	NOT-FOR-US: Cybonet PineApp Mail SecureA
 CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...)
@@ -5668,7 +5668,7 @@ CVE-2023-30287
 CVE-2023-30286
 	RESERVED
 CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows ...)
-	TODO: check
+	NOT-FOR-US: Deviniti Issue Sync Synchronization
 CVE-2023-30284
 	RESERVED
 CVE-2023-30283
@@ -5844,7 +5844,7 @@ CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect A
 CVE-2023-30198
 	RESERVED
 CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...)
-	TODO: check
+	NOT-FOR-US: Prestashop
 CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
 	NOT-FOR-US: Prestashop
 CVE-2023-30195
@@ -6791,51 +6791,51 @@ CVE-2023-29750
 CVE-2023-29749
 	RESERVED
 CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...)
-	TODO: check
+	NOT-FOR-US: Story Saver for Instragram
 CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
-	TODO: check
+	NOT-FOR-US: Story Saver for Instragram
 CVE-2023-29746
 	RESERVED
 CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: BestWeather
 CVE-2023-29744
 	RESERVED
 CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: BestWeather
 CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: BestWeather
 CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: BestWeather
 CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
-	TODO: check
+	NOT-FOR-US: Alarm Clock for Heavy Sleepers
 CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
-	TODO: check
+	NOT-FOR-US: Alarm Clock for Heavy Sleepers
 CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
-	TODO: check
+	NOT-FOR-US: Wave Animated Keyboard Emoji
 CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
-	TODO: check
+	NOT-FOR-US: Wave Animated Keyboard Emoji
 CVE-2023-29736
 	RESERVED
 CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...)
-	TODO: check
+	NOT-FOR-US: edjing Mix
 CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...)
-	TODO: check
+	NOT-FOR-US: edjing Mix
 CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps to modi ...)
-	TODO: check
+	NOT-FOR-US: Lock Master
 CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the co ...)
-	TODO: check
+	NOT-FOR-US: SoLive
 CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that pr ...)
-	TODO: check
+	NOT-FOR-US: SoLive
 CVE-2023-29730
 	RESERVED
 CVE-2023-29729
 	RESERVED
 CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...)
-	TODO: check
+	NOT-FOR-US: Call Blocker
 CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...)
-	TODO: check
+	NOT-FOR-US: Call Blocker
 CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...)
-	TODO: check
+	NOT-FOR-US: Call Blocker
 CVE-2023-29725
 	RESERVED
 CVE-2023-29724
@@ -9025,7 +9025,7 @@ CVE-2023-1713
 CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...)
 	NOT-FOR-US: deepset-ai haystack
 CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-29032 (An attacker that has gained access to certain private information can  ...)
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
@@ -11273,7 +11273,7 @@ CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.3
 CVE-2023-28387
 	RESERVED
 CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
-	TODO: check
+	NOT-FOR-US: ESS REC Agent Server Edition
 CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
 	NOT-FOR-US: Brother
 CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...)
@@ -11447,25 +11447,25 @@ CVE-2023-28355
 CVE-2023-28354
 	RESERVED
 CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An  ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By  ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It  ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It  ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It  ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
-	TODO: check
+	NOT-FOR-US: Faronics Insight
 CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...)
 	NOT-FOR-US: Altenergy Power Control Software
 CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly  ...)
@@ -12248,7 +12248,7 @@ CVE-2023-1358 (A vulnerability, which was classified as critical, was found in S
 CVE-2023-1357 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
 CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental Control a ...)
-	TODO: check
+	NOT-FOR-US: Kiddoware Kids Place Parental Control
 CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...)
 	NOT-FOR-US: Independentsoft JWord
 CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...)
@@ -12459,9 +12459,9 @@ CVE-2023-28082
 CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...)
 	NOT-FOR-US: Facebook Hermes
 CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking  ...)
-	TODO: check
+	NOT-FOR-US: PowerPath
 CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File  ...)
-	TODO: check
+	NOT-FOR-US: PowerPath
 CVE-2023-28078
 	RESERVED
 CVE-2023-28077
@@ -15956,7 +15956,7 @@ CVE-2023-26844
 CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
@@ -17611,9 +17611,9 @@ CVE-2023-26218
 CVE-2023-26217
 	RESERVED
 CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
 	NOT-FOR-US: BusinessConnect UI component of TIBCO
 CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6faff3a7554915692e6780a1845c794adbd420

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d6faff3a7554915692e6780a1845c794adbd420
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230601/f6e26e11/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list