[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 15 10:22:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06149314 by Salvatore Bonaccorso at 2023-06-15T11:22:09+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,11 +23,11 @@ CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Sc
CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router ...)
NOT-FOR-US: adslr VW2100 router
CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in Proofpo ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...)
NOT-FOR-US: OTCMS
CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...)
@@ -4219,7 +4219,7 @@ CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file pa
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2023-005
CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
@@ -4509,7 +4509,7 @@ CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
NOT-FOR-US: mage-ai
CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software. Starting with ...)
@@ -4585,7 +4585,7 @@ CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality t
CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
NOT-FOR-US: Vuforia
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
@@ -5221,7 +5221,7 @@ CVE-2023-30903
CVE-2023-30902
RESERVED
CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30900
RESERVED
CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
@@ -5242,7 +5242,7 @@ CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kerne
CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-2192
RESERVED
CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...)
@@ -5847,7 +5847,7 @@ CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) co
- dogecoin <unfixed> (bug #1034806)
NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks
CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30756
RESERVED
CVE-2023-30755
@@ -7464,7 +7464,7 @@ CVE-2023-30181
CVE-2023-30180
RESERVED
CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-30178
RESERVED
CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...)
@@ -7522,7 +7522,7 @@ CVE-2023-30152
CVE-2023-30151
RESERVED
CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
NOT-FOR-US: PrestaShop module
CVE-2023-30148
@@ -8764,7 +8764,7 @@ CVE-2023-29564
CVE-2023-29563
RESERVED
CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-29561
RESERVED
CVE-2023-29560
@@ -9614,51 +9614,51 @@ CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.
CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...)
NOT-FOR-US: LangChain
CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29366 (Windows Geolocation Service Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29360 (Windows TPM Device Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29359 (GDI Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29356
RESERVED
CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29349
@@ -9668,7 +9668,7 @@ CVE-2023-29348
CVE-2023-29347
RESERVED
CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
@@ -9698,7 +9698,7 @@ CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
CVE-2023-29332
RESERVED
CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29330
RESERVED
CVE-2023-29329
@@ -9708,7 +9708,7 @@ CVE-2023-29328
CVE-2023-29327
RESERVED
CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
@@ -10171,7 +10171,7 @@ CVE-2023-29177
CVE-2023-29176
RESERVED
CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-29174
RESERVED
CVE-2023-29173
@@ -10314,7 +10314,7 @@ CVE-2023-29131
CVE-2023-29130
RESERVED
CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
NOT-FOR-US: Siemens
CVE-2023-29127
@@ -10838,7 +10838,7 @@ CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerab
CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...)
- gitlab 15.10.8+ds1-2
CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1706
REJECTED
CVE-2023-1705
@@ -11403,7 +11403,7 @@ CVE-2023-28831
CVE-2023-28830
RESERVED
CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
NOT-FOR-US: Siemens
CVE-2023-28827
@@ -12132,7 +12132,7 @@ CVE-2023-28622
CVE-2023-28621
RESERVED
CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28619
RESERVED
CVE-2023-28618
@@ -12314,17 +12314,17 @@ CVE-2023-1480 (A vulnerability classified as critical was found in SourceCodeste
CVE-2023-1479 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Simple Music Player
CVE-2023-28603 (Zoom VDI client installer prior to 5.14.0 contains an improper access ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper verificat ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper restricti ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper access contr ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28598 (Zoom for Linux clients prior to 5.13.10 contain an HTML injection vul ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...)
NOT-FOR-US: Zoom
CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...)
@@ -13359,7 +13359,7 @@ CVE-2023-28312 (Azure Machine Learning Information Disclosure Vulnerability)
CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability)
@@ -13373,7 +13373,7 @@ CVE-2023-28305 (Windows DNS Server Remote Code Execution Vulnerability)
CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
@@ -14247,7 +14247,7 @@ CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF
CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1329 (A potential security vulnerability has been identified for certain HP ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...)
NOT-FOR-US: Guizhou 115cms
CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...)
@@ -14364,13 +14364,13 @@ CVE-2023-28002
CVE-2023-28001
RESERVED
CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
CVE-2023-27998
RESERVED
CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-27996
RESERVED
CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...)
@@ -15047,9 +15047,9 @@ CVE-2023-27839
CVE-2023-27838
RESERVED
CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-27835
RESERVED
CVE-2023-27834
@@ -15513,7 +15513,7 @@ CVE-2023-27626
CVE-2023-27625
RESERVED
CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27623
RESERVED
CVE-2023-27622
@@ -16062,7 +16062,7 @@ CVE-2023-27467
CVE-2023-27466
RESERVED
CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All versions >= ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...)
NOT-FOR-US: Siemens
CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06149314f9fc6746f5693a6fba9f746d547d8c56
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06149314f9fc6746f5693a6fba9f746d547d8c56
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/35ba4860/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list