[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 22 07:57:04 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3155b0c9 by Moritz Muehlenhoff at 2023-06-22T08:56:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2023-33591 (User Registration & Login and User Management System v1.0 was di
CVE-2023-33584 (Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Inj ...)
NOT-FOR-US: Sourcecodester Enrollment System Project
CVE-2023-33289 (The urlnorm crate through 0.1.4 for Rust allows Regular Expression Den ...)
- TODO: check
+ NOT-FOR-US: Rust crate urlnorm
CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recursive ...)
TODO: check
CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...)
@@ -236,7 +236,7 @@ CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as
CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...)
TODO: check
CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...)
- TODO: check
+ NOT-FOR-US: libcoap
CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active even af ...)
NOT-FOR-US: Siren Investigate
CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...)
@@ -604,13 +604,11 @@ CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to caus
CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...)
NOT-FOR-US: hjson
CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...)
- TODO: check
+ NOT-FOR-US: genson
CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: jbjson
CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...)
- TODO: check
-CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: JSONUtil
CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...)
TODO: check
CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...)
@@ -810,7 +808,7 @@ CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could ca
CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.)
NOT-FOR-US: Nuxt
CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...)
- TODO: check
+ NOT-FOR-US: openitcockpit
CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...)
NOT-FOR-US: TMT Lockcell
CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...)
@@ -822,7 +820,7 @@ CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Satos Satos Mobile
CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...)
- TODO: check
+ NOT-FOR-US: SSPanel-Uim
CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...)
NOT-FOR-US: benjjvi/PyBB
CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...)
@@ -868,7 +866,7 @@ CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version
CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...)
NOT-FOR-US: Chatwork Desktop Application
CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...)
- TODO: check
+ NOT-FOR-US: Redmine plugin
CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...)
TODO: check
CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...)
@@ -876,17 +874,17 @@ CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate
CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...)
TODO: check
CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT
CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...)
- TODO: check
+ NOT-FOR-US: Wi-Fi AP UNIT
CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...)
NOT-FOR-US: ASUS Router RT-AX3000 Firmware
CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...)
- TODO: check
+ NOT-FOR-US: KB-AHR/KB-IRIP
CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...)
- TODO: check
+ NOT-FOR-US: KB-AHR/KB-IRIP
CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...)
- TODO: check
+ NOT-FOR-US: KB-AHR/KB-IRIP
CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...)
NOT-FOR-US: Pandora FMS
CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...)
@@ -1005,7 +1003,7 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Pri
CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...)
NOT-FOR-US: Apache NiFi
CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...)
- TODO: check
+ NOT-FOR-US: SRS video server
CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...)
@@ -1021,9 +1019,9 @@ CVE-2023-33622
CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).)
NOT-FOR-US: EyouCMS
CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...)
- TODO: check
+ NOT-FOR-US: git-url-parse Rust crate
CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...)
- TODO: check
+ NOT-FOR-US: LabCollector
CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...)
@@ -1049,7 +1047,7 @@ CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 an
CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...)
NOT-FOR-US: Unify
CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...)
- TODO: check
+ NOT-FOR-US: Node crypto-js
CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...)
@@ -1080,7 +1078,7 @@ CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstic
CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...)
NOT-FOR-US: D-Link
CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...)
- TODO: check
+ NOT-FOR-US: @udecode/plate-link
CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...)
NOT-FOR-US: Contiki-NG
CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...)
@@ -1093,7 +1091,7 @@ CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it sk
NOTE: https://github.com/grpc/grpc/pull/32309
NOTE: https://github.com/grpc/grpc/pull/33005
CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...)
- TODO: check
+ NOT-FOR-US: UmbracoIdentityExtensions
CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...)
NOT-FOR-US: SourceCodester
CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -5788,11 +5786,11 @@ CVE-2023-30907
CVE-2023-30906
RESERVED
CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30902
RESERVED
CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
@@ -6178,15 +6176,15 @@ CVE-2022-48475
CVE-2022-48474
RESERVED
CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48470
RESERVED
CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...)
NOT-FOR-US: I Recommend This Plugin
CVE-2023-30794
@@ -6403,7 +6401,7 @@ CVE-2023-2082
CVE-2023-2081
RESERVED
CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2023-2079
RESERVED
CVE-2023-2078
@@ -6697,7 +6695,7 @@ CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software med
CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...)
- jellyfin <itp> (bug #994189)
CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...)
- TODO: check
+ NOT-FOR-US: rudder-server
CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...)
NOT-FOR-US: wasmtime
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...)
@@ -7477,7 +7475,7 @@ CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service
CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...)
NOT-FOR-US: ebankIT
CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...)
- TODO: check
+ NOT-FOR-US: Jira plugin
CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...)
NOT-FOR-US: MoroSystems EasyMind
CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...)
@@ -7971,9 +7969,9 @@ CVE-2023-30225
CVE-2023-30224
RESERVED
CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...)
- TODO: check
+ NOT-FOR-US: 4D SAS 4D Server
CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...)
- TODO: check
+ NOT-FOR-US: 4D SAS 4D Server
CVE-2023-30221
RESERVED
CVE-2023-30220
@@ -8261,7 +8259,7 @@ CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8
- ming <removed>
NOTE: https://github.com/libming/libming/issues/266
CVE-2023-30082 (A denial of service attack might be launched against the server if an ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2023-30081
RESERVED
CVE-2023-30080
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3155b0c96353f08940e54c499aa111c73d885839
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3155b0c96353f08940e54c499aa111c73d885839
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230622/a2c7f0a0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list