[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 30 20:34:35 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99c64d45 by Salvatore Bonaccorso at 2023-06-30T21:34:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5940,7 +5940,7 @@ CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to
CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...)
NOT-FOR-US: WP Activity Log Premium plugin for WordPress
CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...)
- TODO: check
+ NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima
CVE-2023-31221
RESERVED
CVE-2023-31220
@@ -10077,15 +10077,15 @@ CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway
CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...)
NOT-FOR-US: Vade Secure Gateway
CVE-2023-29711 (An incorrect access control issue was discovered in Interlink PSG-5124 ...)
- TODO: check
+ NOT-FOR-US: Interlink PSG-5124
CVE-2023-29710
RESERVED
CVE-2023-29709 (An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE ve ...)
- TODO: check
+ NOT-FOR-US: Wildix WSG24POE
CVE-2023-29708 (An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter versi ...)
- TODO: check
+ NOT-FOR-US: WavLink WavRouter
CVE-2023-29707 (Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Cent ...)
- TODO: check
+ NOT-FOR-US: GBCOM LAC WEB Control Center
CVE-2023-29706
RESERVED
CVE-2023-29705
@@ -11206,7 +11206,7 @@ CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulner
CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Eskom Computer Water Metering Software
CVE-2023-1862 (Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a mal ...)
- TODO: check
+ NOT-FOR-US: Cloudflare WARP client for Windows
CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...)
@@ -12017,7 +12017,7 @@ CVE-2023-29102
CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
NOT-FOR-US: Muffingroup
CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29099
RESERVED
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
@@ -12031,7 +12031,7 @@ CVE-2023-29095
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...)
TODO: check
CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...)
@@ -12120,7 +12120,7 @@ CVE-2023-29070
CVE-2023-29069
RESERVED
CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...)
NOT-FOR-US: Autodesk
CVE-2023-29066
@@ -12277,13 +12277,13 @@ CVE-2023-1726 (Improper Neutralization of Input During Web Page Generation ('Cro
CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Project M ...)
NOT-FOR-US: Infoline Project Management System
CVE-2023-1724 (Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent ...)
- TODO: check
+ NOT-FOR-US: Faveo Helpdesk Enterprise
CVE-2023-1723 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Veragroup Mobile Assistant
CVE-2023-1722 (Yoga Class Registration System version 1.0 allows an administrator to ...)
- TODO: check
+ NOT-FOR-US: Yoga Class Registration System
CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an administrator to ...)
- TODO: check
+ NOT-FOR-US: Yoga Class Registration System
CVE-2023-1720
RESERVED
CVE-2023-1719
@@ -12413,15 +12413,15 @@ CVE-2023-28994
CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28990
RESERVED
CVE-2023-28989
RESERVED
CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28987
RESERVED
CVE-2023-28986
@@ -13085,9 +13085,9 @@ CVE-2023-1622
CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
NOT-FOR-US: Mitsubishi
CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
@@ -14106,7 +14106,7 @@ CVE-2023-28536
CVE-2023-28535
RESERVED
CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28533
RESERVED
CVE-2023-28532
@@ -14185,7 +14185,7 @@ CVE-2023-28498
CVE-2023-28497
RESERVED
CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28495
RESERVED
CVE-2023-28494
@@ -14352,7 +14352,7 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log mes
[buster] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...)
{DSA-5391-1 DLA-3405-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
@@ -14550,7 +14550,7 @@ CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting i
CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...)
NOT-FOR-US: Soko
CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pris ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...)
NOT-FOR-US: WooCommerce plugin
CVE-2023-28421
@@ -14560,7 +14560,7 @@ CVE-2023-28420
CVE-2023-28419
RESERVED
CVE-2023-28418 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-28417
RESERVED
CVE-2023-28416
@@ -14582,7 +14582,7 @@ CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.0
CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...)
NOT-FOR-US: SR-7100V
CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks ...)
- TODO: check
+ NOT-FOR-US: "NewsPicks" App
CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
NOT-FOR-US: ESS REC Agent Server Edition
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
@@ -15049,7 +15049,7 @@ CVE-2023-28297 (Windows Remote Procedure Call Service (RPCSS) Elevation of Privi
CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28294
RESERVED
CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -15065,7 +15065,7 @@ CVE-2023-28289
CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
@@ -15375,13 +15375,13 @@ CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...)
NOT-FOR-US: Bosch
CVE-2023-28174 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28173
RESERVED
CVE-2023-28172
RESERVED
CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-28170
RESERVED
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
@@ -15391,7 +15391,7 @@ CVE-2023-28168
CVE-2023-28167
RESERVED
CVE-2023-28166 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Ka ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28165
RESERVED
CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the ...)
@@ -15742,7 +15742,7 @@ CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementat
CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
NOT-FOR-US: OpenSIPS
CVE-2023-28094 (Pega platform clients who are using versions 6.1 through 8.8.3 and hav ...)
- TODO: check
+ NOT-FOR-US: Pega
CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...)
NOT-FOR-US: Pegasystems
CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...)
@@ -15784,11 +15784,11 @@ CVE-2023-28075
CVE-2023-28074
RESERVED
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28072
RESERVED
CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...)
NOT-FOR-US: Alienware
CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
@@ -15800,37 +15800,37 @@ CVE-2023-28067
CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...)
NOT-FOR-US: Dell
CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update versions 4.8. ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28063
RESERVED
CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...)
NOT-FOR-US: Dell
CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28060 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28059 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28058 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28057
RESERVED
CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28055
RESERVED
CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28053
RESERVED
CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...)
NOT-FOR-US: Dell
CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28049
RESERVED
CVE-2023-28048
@@ -15842,43 +15842,43 @@ CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbi
CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...)
NOT-FOR-US: Dell
CVE-2023-28044 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during ...)
NOT-FOR-US: Dell
CVE-2023-28042 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28041 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28040 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28039 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28038
RESERVED
CVE-2023-28037
RESERVED
CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...)
TODO: check
CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28032 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...)
TODO: check
CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28026 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
@@ -15978,7 +15978,7 @@ CVE-2023-28018
CVE-2023-28017
RESERVED
CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...)
NOT-FOR-US: HCL
CVE-2023-28014
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c64d452ce05cebde3c827b3d58937273ab8adf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c64d452ce05cebde3c827b3d58937273ab8adf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230630/2f6d4a09/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list