[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 13 19:34:46 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed9146bc by Salvatore Bonaccorso at 2023-06-13T20:32:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,27 +11,27 @@ CVE-2023-33985 (SAP NetWeaver Enterprise Portal - version 7.50, does not suffici
CVE-2023-33984 (SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfa ...)
NOT-FOR-US: SAP
CVE-2023-32674 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-32673 (Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assis ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-32221 (EaseUS Todo Backup version 20220111.390 - An omission during installat ...)
- TODO: check
+ NOT-FOR-US: EaseUS Todo Backup
CVE-2023-32220 (Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass ...)
- TODO: check
+ NOT-FOR-US: Milesight NCR/camera
CVE-2023-32219 (A Mazda model (2015-2016) can be unlocked via an unspecified method.)
- TODO: check
+ NOT-FOR-US: Mazda
CVE-2023-32115 (An attacker can exploit MDS COMPARE TOOL and use specially crafted inp ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-32114 (SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, ...)
NOT-FOR-US: SAP
CVE-2023-2876 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 P ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-2827 (SAP Plant Connectivity - version 15.5 (PCo) or the Production Connecto ...)
NOT-FOR-US: SAP
CVE-2023-2729 (Use of insufficiently random values vulnerability in User Management F ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-2673 (Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUAR ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT
CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress Contact Forms by Cimatti plugin for WordPress
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
@@ -57,7 +57,7 @@ CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to
CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
NOT-FOR-US: Asus
CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
NOT-FOR-US: Asus
CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...)
@@ -3833,7 +3833,7 @@ CVE-2023-31238
CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31235
RESERVED
CVE-2023-31234
@@ -5465,7 +5465,7 @@ CVE-2023-30755
CVE-2023-30754
RESERVED
CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30752
RESERVED
CVE-2023-30751
@@ -5481,7 +5481,7 @@ CVE-2023-30747
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
NOT-FOR-US: SAP
CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...)
@@ -7032,7 +7032,7 @@ CVE-2023-30200
CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...)
NOT-FOR-US: Prestashop
CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...)
- TODO: check
+ NOT-FOR-US: Prestashop winbizpayment
CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...)
NOT-FOR-US: Prestashop
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
@@ -9050,11 +9050,11 @@ CVE-2023-1901
CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...)
NOT-FOR-US: Norton
CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure connection by ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1898 (Atlas Copco Power Focus 6000 web server uses a small amount of session ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1897 (Atlas Copco Power Focus 6000 web server does not sanitize the login in ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1896
RESERVED
CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
@@ -9095,7 +9095,7 @@ CVE-2023-29387
CVE-2023-29386
RESERVED
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29384
RESERVED
CVE-2023-1893
@@ -10615,7 +10615,7 @@ CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of So
CVE-2023-28934
RESERVED
CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28931
@@ -12310,7 +12310,7 @@ CVE-2023-28480
CVE-2023-28479
RESERVED
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
@@ -14910,7 +14910,7 @@ CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow
CVE-2023-27717
RESERVED
CVE-2023-27716 (An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows att ...)
- TODO: check
+ NOT-FOR-US: freakchicken kafkaUI-lite
CVE-2023-27715
RESERVED
CVE-2023-27714
@@ -18650,15 +18650,15 @@ CVE-2023-26300
CVE-2023-26299
RESERVED
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26296 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26295 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress prior to 1 ...)
NOT-FOR-US: flatpressblog
CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Management S ...)
@@ -19760,9 +19760,9 @@ CVE-2023-25914
CVE-2023-25913
RESERVED
CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910
RESERVED
CVE-2023-0872
@@ -25975,15 +25975,15 @@ CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 vers
CVE-2023-23823
RESERVED
CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rola ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23818 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Avip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...)
@@ -29064,7 +29064,7 @@ CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce Word
CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup Management Fu ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
{DSA-5317-1}
- chromium 109.0.5414.74-1
@@ -30305,15 +30305,15 @@ CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...)
NOT-FOR-US: IBM
CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22585 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22584 (The Danfoss AK-EM100 stores login credentials in cleartext.)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22583 (The Danfoss AK-EM100 web forms allow for SQL injection in the login fo ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22582 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...)
NOT-FOR-US: White Rabbit Switch
CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
@@ -30894,7 +30894,7 @@ CVE-2022-48190
CVE-2022-48189
RESERVED
CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-48187
REJECTED
CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying Android a ...)
@@ -35732,7 +35732,7 @@ CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft M
CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47140 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...)
@@ -39395,7 +39395,7 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via
[buster] - xemacs21 <no-dsa> (Minor issue)
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies microeisbss th ...)
- TODO: check
+ NOT-FOR-US: Comcast Defined Technologies microeisbss
CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
NOT-FOR-US: Siemens
CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...)
@@ -39702,7 +39702,7 @@ CVE-2022-45829 (Auth. Path Traversal vulnerability inEasy WP SMTP plugin <= 1.5.
CVE-2022-45828
RESERVED
CVE-2022-45827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gall ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45826
RESERVED
CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...)
@@ -48203,9 +48203,9 @@ CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerab
CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
NOT-FOR-US: HP
CVE-2022-43778 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-43777 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-43776 (The url parameter of the /api/geojson endpoint in Metabase versions <4 ...)
NOT-FOR-US: Metabase
CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL ...)
@@ -68602,7 +68602,7 @@ CVE-2022-36333
CVE-2022-36332
RESERVED
CVE-2022-36331 (Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDis ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9146bcb1d5abebd3e89b0f06d4377d1be83f4f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9146bcb1d5abebd3e89b0f06d4377d1be83f4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230613/9233e79d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list