[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 7 21:03:56 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d58b8d75 by Salvatore Bonaccorso at 2023-06-07T22:03:33+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -288,11 +288,11 @@ CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with t
- matrix-synapse <unfixed> (bug #1037207)
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
CVE-2023-32551 (Landscape allowed URLs which caused open redirection.)
- TODO: check
+ NOT-FOR-US: Landscape
CVE-2023-32550 (Landscape's server-status page exposed sensitive system information. T ...)
- TODO: check
+ NOT-FOR-US: Landscape
CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...)
- TODO: check
+ NOT-FOR-US: Landscape
CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...)
NOT-FOR-US: Horner Automation
CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...)
@@ -349,11 +349,11 @@ CVE-2023-34103 (Avo is an open source ruby on rails admin panel creation framewo
CVE-2023-34102 (Avo is an open source ruby on rails admin panel creation framework. Th ...)
TODO: check
CVE-2023-33410 (Minical 1.0.0 and earlier contains a CSV injection vulnerability which ...)
- TODO: check
+ NOT-FOR-US: Minical
CVE-2023-33409 (Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via m ...)
- TODO: check
+ NOT-FOR-US: Minical
CVE-2023-33408 (Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnera ...)
- TODO: check
+ NOT-FOR-US: Minical
CVE-2023-32628 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...)
NOT-FOR-US: Advantech WebAccss/SCADA
CVE-2023-32540 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...)
@@ -363,7 +363,7 @@ CVE-2023-2546 (The WP User Switch plugin for WordPress is vulnerable to authenti
CVE-2023-22450 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...)
NOT-FOR-US: Advantech WebAccss/SCADA
CVE-2018-25087 (A vulnerability classified as problematic was found in Arborator Serve ...)
- TODO: check
+ NOT-FOR-US: Arborator
CVE-2017-20185 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWM ...)
TODO: check
CVE-2015-10117 (A vulnerability, which was classified as problematic, was found in Gra ...)
@@ -543,7 +543,7 @@ CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos
CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...)
NOT-FOR-US: Campcodes Retro Cellphone Online Store
CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...)
NOT-FOR-US: Agro-School Management System
CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...)
@@ -617,7 +617,7 @@ CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy
CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...)
TODO: check
CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...)
NOT-FOR-US: eMedia Consulting simpleRedak
CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...)
@@ -640,7 +640,7 @@ CVE-2023-33546 (janino 3.1.9 and earlier are subject to denial of service (DOS)
[bullseye] - janino <no-dsa> (Minor issue)
NOTE: https://github.com/janino-compiler/janino/issues/201
CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...)
- TODO: check
+ NOT-FOR-US: hawtio
CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...)
NOT-FOR-US: Splunk Enterprise
CVE-2023-32716 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...)
@@ -4260,9 +4260,9 @@ CVE-2023-30917
CVE-2023-30916
RESERVED
CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30913
RESERVED
CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
@@ -4478,19 +4478,19 @@ CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jo
CVE-2023-30867
RESERVED
CVE-2023-30866 (In telephony service, there is a missing permission check. This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30865 (In dialer service, there is a missing permission check. This could lea ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30864 (In Connectivity Service, there is a possible missing permission check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30863 (In Connectivity Service, there is a possible missing permission check. ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30862
RESERVED
CVE-2023-2187 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...)
- TODO: check
+ NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway
CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...)
- TODO: check
+ NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway
CVE-2023-2185
REJECTED
CVE-2023-2184
@@ -5612,27 +5612,27 @@ CVE-2022-48450
CVE-2022-48449
RESERVED
CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48447 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48446 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48445 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48444 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48443 (In telephony service, there is a possible missing permission check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48442 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48441 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48440 (In dialer service, there is a possible missing permission check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48439 (In cp_dump driver, there is a possible out of bounds write due to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48438 (In cp_dump driver, there is a possible out of bounds write due to a mi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service (responder S ...)
- libreswan 4.11-1 (bug #1035542)
[bookworm] - libreswan <no-dsa> (Minor issue; can be fixed via point release)
@@ -6178,7 +6178,7 @@ CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the fu
CVE-2023-30401
RESERVED
CVE-2023-30400 (An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. ...)
- TODO: check
+ NOT-FOR-US: Anyka Microelectronics AK3918EV300 MCU
CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC ...)
NOT-FOR-US: GARO Wallbox GLB/GTB/GTC
CVE-2023-30398
@@ -6684,7 +6684,7 @@ CVE-2023-30151
CVE-2023-30150
RESERVED
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-30148
RESERVED
CVE-2023-30147
@@ -7539,7 +7539,7 @@ CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android
CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
NOT-FOR-US: Story Saver for Instragram
CVE-2023-29746 (An issue found in The Thaiger v.1.2 for Android allows unauthorized ap ...)
- TODO: check
+ NOT-FOR-US: Thaiger
CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
NOT-FOR-US: BestWeather
CVE-2023-29744
@@ -7559,7 +7559,7 @@ CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Andr
CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
NOT-FOR-US: Wave Animated Keyboard Emoji
CVE-2023-29736 (Keyboard Themes 1.275.1.164 for Android contains a dictionary traversa ...)
- TODO: check
+ NOT-FOR-US: Keyboard Themes for Android
CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...)
NOT-FOR-US: edjing Mix
CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...)
@@ -7581,13 +7581,13 @@ CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthoriz
CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...)
NOT-FOR-US: Call Blocker
CVE-2023-29725 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applic ...)
- TODO: check
+ NOT-FOR-US: BT21 x BTS Wallpaper app for Android
CVE-2023-29724 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps t ...)
- TODO: check
+ NOT-FOR-US: BT21 x BTS Wallpaper app for Android
CVE-2023-29723 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...)
- TODO: check
+ NOT-FOR-US: Glitter Unicorn Wallpaper app
CVE-2023-29722 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...)
- TODO: check
+ NOT-FOR-US: Glitter Unicorn Wallpaper app
CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...)
NOT-FOR-US: SofaWiki
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
@@ -7772,13 +7772,13 @@ CVE-2023-29634
CVE-2023-29633
RESERVED
CVE-2023-29632 (PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_ ...)
- TODO: check
+ NOT-FOR-US: PrestaShop jmspagebuilder
CVE-2023-29631 (PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control v ...)
- TODO: check
+ NOT-FOR-US: PrestaShop jmsslider
CVE-2023-29630 (PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: PrestaShop jmsmegamenu
CVE-2023-29629 (PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via aja ...)
- TODO: check
+ NOT-FOR-US: PrestaShop jmsthemelayout
CVE-2023-29628
RESERVED
CVE-2023-29627 (Online Pizza Ordering v1.0 was discovered to contain an arbitrary file ...)
@@ -8824,7 +8824,7 @@ CVE-2023-29346
CVE-2023-29345
RESERVED
CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29342
@@ -9550,7 +9550,7 @@ CVE-2023-1781
CVE-2023-1780
RESERVED
CVE-2023-1779 (Exposure of Sensitive Information to an unauthorized actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: MB Connect Lines
CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...)
NOT-FOR-US: GajShield Data Security Firewall firmware
CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58b8d75b1b83bd77c5b17bed02c97d88d7a461a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58b8d75b1b83bd77c5b17bed02c97d88d7a461a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230607/6d622510/attachment.htm>
More information about the debian-security-tracker-commits
mailing list