[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 16 08:41:35 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9717e0c6 by Moritz Muehlenhoff at 2023-06-16T09:39:42+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9785,9 +9785,9 @@ CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 an
[buster] - opensmtpd <no-dsa> (Minor issue)
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig
CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29320
RESERVED
CVE-2023-29319
@@ -9815,17 +9815,17 @@ CVE-2023-29309
CVE-2023-29308
RESERVED
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29306
RESERVED
CVE-2023-29305
RESERVED
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29303
RESERVED
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29301
RESERVED
CVE-2023-29300
@@ -9835,27 +9835,27 @@ CVE-2023-29299
CVE-2023-29298
RESERVED
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29295 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29294 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29293 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29292 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29291 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29290 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29289 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29288 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29287 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
NOT-FOR-US: Adobe
CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...)
@@ -10230,7 +10230,7 @@ CVE-2023-29180
CVE-2023-29179
RESERVED
CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-29177
RESERVED
CVE-2023-29176
@@ -11541,7 +11541,7 @@ CVE-2023-28811
CVE-2023-28810
RESERVED
CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...)
- TODO: check
+ NOT-FOR-US: hikvision
CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...)
NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products
CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...)
@@ -13780,7 +13780,7 @@ CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176
CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-28174
RESERVED
CVE-2023-28173
@@ -15397,7 +15397,7 @@ CVE-2023-27708
CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...)
NOT-FOR-US: DedeCMS
CVE-2023-27706 (Bitwarden Desktop v1.20.0 and above stores the biometric key in plaint ...)
- TODO: check
+ NOT-FOR-US: Bitwarden
CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...)
NOT-FOR-US: APNG Optimizer
CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
@@ -15560,7 +15560,7 @@ CVE-2023-1179 (A vulnerability, which was classified as problematic, was found i
CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...)
NOT-FOR-US: Email Registration
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Shingo Intrepidity
CVE-2023-27633
RESERVED
CVE-2023-27632
@@ -16772,7 +16772,7 @@ CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cro
CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Web Report System
CVE-2023-1049 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-XXXX [RUSTSEC-2023-0015]
- rust-ascii 0.9.3-1
[bullseye] - rust-ascii <no-dsa> (Minor issue)
@@ -18405,7 +18405,7 @@ CVE-2023-26540
CVE-2023-26539
RESERVED
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26537
RESERVED
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
@@ -18425,7 +18425,7 @@ CVE-2023-26530
CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26527
RESERVED
CVE-2023-26526
@@ -19409,19 +19409,19 @@ CVE-2023-26212
CVE-2023-26211
RESERVED
CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...)
NOT-FOR-US: FortiGuard
CVE-2023-26208 (A improper restriction of excessive authentication attempts vulnerabil ...)
NOT-FOR-US: FortiGuard
CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-26206
RESERVED
CVE-2023-26205
RESERVED
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...)
NOT-FOR-US: FortiGuard
CVE-2023-26202
@@ -19567,7 +19567,7 @@ CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Pro
CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...)
TODO: check
CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...)
- TODO: check
+ NOT-FOR-US: github.com/xyproto/algernon/engine
CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
- cpp-httplib <unfixed> (bug #1037100)
NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194
@@ -19752,7 +19752,7 @@ CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds
CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...)
NOT-FOR-US: Lexmark
CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web Element ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...)
NOT-FOR-US: Nokia
CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...)
@@ -20049,7 +20049,7 @@ CVE-2023-25980
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
@@ -20061,7 +20061,7 @@ CVE-2023-25974
CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25970
@@ -20077,7 +20077,7 @@ CVE-2023-25966
CVE-2023-25965
RESERVED
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25963
RESERVED
CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...)
@@ -20233,7 +20233,7 @@ CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows
CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-0872
RESERVED
CVE-2023-0871
@@ -20602,7 +20602,7 @@ CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals
CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...)
- gitlab 15.10.8+ds1-2
CVE-2023-0837 (An improper authorization check of local device settings in TeamViewe ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...)
NOT-FOR-US: Intel
CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
@@ -21376,7 +21376,7 @@ CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vuln
CVE-2023-25610
RESERVED
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25608
RESERVED
CVE-2023-25607
@@ -21903,9 +21903,9 @@ CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25450 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u201 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25449 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bast ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...)
@@ -22065,11 +22065,11 @@ CVE-2023-25371
CVE-2023-25370
RESERVED
CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial o ...)
- TODO: check
+ NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrec ...)
- TODO: check
+ NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...)
- TODO: check
+ NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25366
RESERVED
CVE-2023-25365
@@ -22861,7 +22861,7 @@ CVE-2023-25057
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25054
RESERVED
CVE-2023-25053
@@ -24385,7 +24385,7 @@ CVE-2023-24548
CVE-2023-24547
RESERVED
CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...)
NOT-FOR-US: Arista
CVE-2023-0517
@@ -24814,9 +24814,9 @@ CVE-2022-4896
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...)
- TODO: check
+ NOT-FOR-US: ArcSight
CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior to 7. ...)
- TODO: check
+ NOT-FOR-US: ArcSight
CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
NOT-FOR-US: NetIQ
CVE-2023-24467
@@ -24921,7 +24921,7 @@ CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jen
CVE-2023-24421
RESERVED
CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -26429,7 +26429,7 @@ CVE-2023-23833
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23829
@@ -26487,7 +26487,7 @@ CVE-2023-23804
CVE-2023-23803
RESERVED
CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23800
@@ -26850,7 +26850,7 @@ CVE-2023-23700
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...)
- TODO: check
+ NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
- editorconfig-core 0.12.6-0.1
[bullseye] - editorconfig-core <no-dsa> (Minor issue)
@@ -29914,7 +29914,7 @@ CVE-2023-22835
CVE-2023-22834
RESERVED
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...)
NOT-FOR-US: Apache NiFi
CVE-2023-22831
@@ -30459,7 +30459,7 @@ CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortine
CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...)
NOT-FOR-US: FortiGuard
CVE-2023-22639 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...)
NOT-FOR-US: FortiGuard
CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...)
@@ -30471,7 +30471,7 @@ CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-49
CVE-2023-22634
RESERVED
CVE-2023-22633 (An improper permissions, privileges, and access controls vulnerability ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within ...)
NOT-FOR-US: OpenHarmony
CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...)
@@ -33606,7 +33606,7 @@ CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and
CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
NOT-FOR-US: Adobe
CVE-2023-22248 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
NOT-FOR-US: Adobe
CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
@@ -35513,7 +35513,7 @@ CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a im
CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 w ...)
NOT-FOR-US: SICK SIM2000ST Partnumber 2086502
CVE-2022-47376 (The Alaris Infusion Central software, versions 1.1 to 1.3.2, may conta ...)
- TODO: check
+ NOT-FOR-US: Alaris Infusion Central
CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...)
NOT-FOR-US: Squirrel.Windows
CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...)
@@ -38463,7 +38463,7 @@ CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are a
CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...)
NOT-FOR-US: FrameMaker
CVE-2023-21618 (Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21617
RESERVED
CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
@@ -38565,7 +38565,7 @@ CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulner
CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-21569 (Azure DevOps Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...)
NOT-FOR-US: Microsoft
CVE-2023-21567 (Visual Studio Denial of Service Vulnerability)
@@ -38573,7 +38573,7 @@ CVE-2023-21567 (Visual Studio Denial of Service Vulnerability)
CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21565 (Azure DevOps Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability)
@@ -39458,7 +39458,7 @@ CVE-2022-4151 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gal
CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as NT AUTHO ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
@@ -44081,7 +44081,7 @@ CVE-2023-21122 (In various functions of various files, there is a possible way t
CVE-2023-21121 (In onResume of AppManagementFragment.java, there is a possible way to ...)
NOT-FOR-US: Android
CVE-2023-21120 (In multiple functions of cdm_engine.cpp, there is a possible use-after ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21119
RESERVED
CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...)
@@ -44127,7 +44127,7 @@ CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible
NOTE: https://git.kernel.org/linus/ff7a167961d1b97e0e205f245f806e564d3505e7 (6.2-rc1)
NOTE: https://git.kernel.org/linus/18bba1843fc7f264f58c9345d00827d082f9c558 (6.2-rc4)
CVE-2023-21101 (In multiple functions of WVDrmPlugin.cpp, there is a possible use afte ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...)
@@ -44941,7 +44941,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta
CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...)
NOT-FOR-US: VMware
CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
NOT-FOR-US: Spring Session
CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...)
@@ -48213,9 +48213,9 @@ CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software cou
CVE-2023-20001
RESERVED
CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
@@ -48243,7 +48243,7 @@ CVE-2022-43955 (An improper neutralization of input during web page generation [
CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
NOT-FOR-US: Fortinet
CVE-2022-43953 (A use of externally-controlled format string in Fortinet FortiOS versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
@@ -48251,7 +48251,7 @@ CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vu
CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...)
NOT-FOR-US: FortiGuard
CVE-2022-43949 (A use of a broken or risky cryptographic algorithm [CWE-327] in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-43947 (Animproper restriction of excessive authentication attempts vulnerabil ...)
@@ -48922,7 +48922,7 @@ CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.
CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...)
NOT-FOR-US: CKAN
CVE-2022-43684 (ServiceNow has released patches and an upgrade that address an Access ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2022-43683
RESERVED
CVE-2022-43682
@@ -49532,7 +49532,7 @@ CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Qui
CVE-2022-42882
RESERVED
CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...)
@@ -52463,7 +52463,7 @@ CVE-2022-42482
CVE-2022-42481
RESERVED
CVE-2022-42478 (An Improper Restriction of Excessive Authentication Attempts [CWE-307] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...)
NOT-FOR-US: Fortinet
CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
@@ -52471,7 +52471,7 @@ CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet For
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122]in FortiOS SSL-VPN ...)
NOT-FOR-US: FortiOS SSL-VPN
CVE-2022-42474 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
NOT-FOR-US: FortiGuard
CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...)
@@ -53353,7 +53353,7 @@ CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjs
CVE-2022-42226
RESERVED
CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vu ...)
- TODO: check
+ NOT-FOR-US: Jumpserver
CVE-2022-42224
RESERVED
CVE-2022-42223
@@ -55705,7 +55705,7 @@ CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vu
CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2022-41327 (A cleartext transmission of sensitive information vulnerability [CWE-3 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
@@ -59155,7 +59155,7 @@ CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in Fo
CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-39946 (An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 an ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...)
NOT-FOR-US: FortiGuard
CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deser ...)
@@ -64358,7 +64358,7 @@ CVE-2022-38158
CVE-2022-38157
RESERVED
CVE-2022-38156 (A remote command injection issues exists in the web server of the Krat ...)
- TODO: check
+ NOT-FOR-US: Kratos SpectralNet
CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...)
NOT-FOR-US: Samsung mTower
CVE-2022-38154
@@ -76209,7 +76209,7 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regex
CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: FortiGuard
CVE-2022-33877 (An incorrect default permission [CWE-276] vulnerability in FortiClient ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command ...)
@@ -81977,29 +81977,29 @@ CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-
CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...)
NOT-FOR-US: Docker Desktop
CVE-2022-31646 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31645 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31644 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...)
NOT-FOR-US: HP
CVE-2022-31642 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31641 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31640 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31637 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31636 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31635 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31634
RESERVED
CVE-2022-31633
@@ -86894,7 +86894,7 @@ CVE-2022-30027
CVE-2022-30026
RESERVED
CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence ...)
- TODO: check
+ NOT-FOR-US: tCredence Analytics iDEAL Wealth and Funds
CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...)
NOT-FOR-US: TP-Link
CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...)
@@ -94287,11 +94287,11 @@ CVE-2022-27543
CVE-2022-27542
RESERVED
CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-27540
RESERVED
CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
NOT-FOR-US: HP
CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...)
@@ -103043,17 +103043,17 @@ CVE-2022-24634
CVE-2022-24633 (All versions of FileCloud prior to 21.3 are vulnerable to user enumera ...)
NOT-FOR-US: FileCloud
CVE-2022-24632 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24631 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24630 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24629 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24628 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24627 (An issue was discovered in AudioCodes Device Manager Express through 7 ...)
- TODO: check
+ NOT-FOR-US: AudioCodes Device Manager Express
CVE-2022-24626
RESERVED
CVE-2022-24625
@@ -113960,7 +113960,7 @@ CVE-2022-22078 (Denial of service in BOOT when partition size for a particular p
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
NOT-FOR-US: Snapdragon
CVE-2022-22076 (information disclosure due to cryptographic issue in Core during RPMB ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch.)
NOT-FOR-US: Qualcomm
CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in ...)
@@ -113992,7 +113992,7 @@ CVE-2022-22062 (An out-of-bounds read can occur while parsing a server certifica
CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs due to im ...)
NOT-FOR-US: Snapdragon
CVE-2022-22060 (Assertion occurs while processing Reconfiguration message due to impro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file ...)
NOT-FOR-US: Snapdragon
CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...)
@@ -115693,7 +115693,7 @@ CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in
CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...)
NOT-FOR-US: spatie/laravel-medialibrary
CVE-2021-45039 (Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10. ...)
- TODO: check
+ NOT-FOR-US: Uniview IP Camera
CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1}
- mediawiki 1:1.35.5-1
@@ -150048,7 +150048,7 @@ CVE-2021-33225
CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthentica ...)
NOT-FOR-US: Umbraco Forms
CVE-2021-33223 (An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate p ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2021-33222
RESERVED
CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
@@ -155337,7 +155337,7 @@ CVE-2021-31282
CVE-2021-31281
RESERVED
CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...)
- TODO: check
+ NOT-FOR-US: tp5cms
CVE-2021-31279
RESERVED
CVE-2021-31278
@@ -155476,7 +155476,7 @@ CVE-2021-31235
CVE-2021-31234
RESERVED
CVE-2021-31233 (SQL Injection vulnerability found in Fighting Cock Information System ...)
- TODO: check
+ NOT-FOR-US: Fighting Cock Information System
CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...)
NOT-FOR-US: CNCF Cortex
CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9717e0c6b6ec0565ee137c6c3e32c663a39bcfc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9717e0c6b6ec0565ee137c6c3e32c663a39bcfc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/44d9f49b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list