[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Mar 14 16:29:23 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2836c442 by Moritz Muehlenhoff at 2023-03-14T17:28:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -451,7 +451,7 @@ CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It
CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...)
NOT-FOR-US: XHCMS
CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...)
- TODO: check
+ NOT-FOR-US: alextselegidis/easyappointments
CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
NOT-FOR-US: SourceCodester Yoga Class Registration System
CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
@@ -2192,7 +2192,7 @@ CVE-2023-27589
CVE-2023-27588
RESERVED
CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...)
- TODO: check
+ NOT-FOR-US: ReadtoMyShoe
CVE-2023-27586
RESERVED
CVE-2023-27585
@@ -2200,13 +2200,13 @@ CVE-2023-27585
CVE-2023-27584
RESERVED
CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
- TODO: check
+ NOT-FOR-US: PanIndex
CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...)
- TODO: check
+ NOT-FOR-US: maddy
CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of GitHub e ...)
- TODO: check
+ NOT-FOR-US: github-slug-action
CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2023-27579
RESERVED
CVE-2023-27578
@@ -3645,7 +3645,7 @@ CVE-2023-27054
CVE-2023-27053
RESERVED
CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: E-Commerce System
CVE-2023-27051
RESERVED
CVE-2023-27050
@@ -5348,7 +5348,7 @@ CVE-2023-26315
CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: MedData Informatics MedDataPACS
CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-0977
RESERVED
CVE-2023-0976
@@ -5358,7 +5358,7 @@ CVE-2023-0975
CVE-2023-0974
RESERVED
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
- TODO: check
+ NOT-FOR-US: STEPTools ifcmesh library
CVE-2023-0972
RESERVED
CVE-2023-0971
@@ -6403,7 +6403,7 @@ CVE-2023-0890
CVE-2023-0889
RESERVED
CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
- TODO: check
+ NOT-FOR-US: Space Battery Pack SP with Wi-Fi
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
NOT-FOR-US: phjounin TFTPD64-SE
CVE-2023-0886
@@ -6809,9 +6809,9 @@ CVE-2023-25805 (versionn, software for changing version information across multi
CVE-2023-25804
RESERVED
CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2023-25801
RESERVED
CVE-2023-25800
@@ -8509,7 +8509,7 @@ CVE-2023-25285
CVE-2023-25284
RESERVED
CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25282
RESERVED
CVE-2023-25281
@@ -8517,7 +8517,7 @@ CVE-2023-25281
CVE-2023-25280
RESERVED
CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25278
RESERVED
CVE-2023-25277
@@ -8664,7 +8664,7 @@ CVE-2023-25209
CVE-2023-25208
RESERVED
CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdf ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-25206
RESERVED
CVE-2023-25205
@@ -8832,7 +8832,7 @@ CVE-2023-25172
CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...)
NOT-FOR-US: Discourse plugin
CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...)
@@ -9909,7 +9909,7 @@ CVE-2023-24764
CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...)
NOT-FOR-US: PrestaShop module
CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-24761
RESERVED
CVE-2023-24760
@@ -10457,11 +10457,11 @@ CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Djang
NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24543
RESERVED
CVE-2023-23908
@@ -11150,7 +11150,7 @@ CVE-2023-24370
CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...)
NOT-FOR-US: UJCMS
CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Temenos
CVE-2023-24367
RESERVED
CVE-2023-24366
@@ -11338,7 +11338,7 @@ CVE-2023-24281
CVE-2023-24280
RESERVED
CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...)
- TODO: check
+ NOT-FOR-US: Open Networking Foundation ONOS
CVE-2023-24278
RESERVED
CVE-2023-24277
@@ -11906,7 +11906,7 @@ CVE-2023-24035
CVE-2023-24034
RESERVED
CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-24032
RESERVED
CVE-2023-24031
@@ -12744,27 +12744,27 @@ CVE-2023-0357
CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...)
NOT-FOR-US: SOCOMEC MODULYS GP Netvision
CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user authenticat ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored passwords and u ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed without authe ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0351 (The Akuvox E11 web server backend library allows command injection in ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated with th ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access to the ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is enforced by t ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary identifie ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP connec ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0344
RESERVED
CVE-2023-0343
@@ -12856,7 +12856,7 @@ CVE-2023-23713
CVE-2023-23712
RESERVED
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
- TODO: check
+ NOT-FOR-US: A2 Hosting
CVE-2023-23710
RESERVED
CVE-2023-23709
@@ -16061,7 +16061,7 @@ CVE-2023-22702
CVE-2023-22701
RESERVED
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
- TODO: check
+ NOT-FOR-US: PixelYourSite
CVE-2023-22699
RESERVED
CVE-2023-22698
@@ -19233,7 +19233,7 @@ CVE-2022-47597
CVE-2022-47596
RESERVED
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47594
RESERVED
CVE-2022-47593
@@ -20934,7 +20934,7 @@ CVE-2022-47442
CVE-2022-47441
RESERVED
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47439
RESERVED
CVE-2022-47438
@@ -21854,7 +21854,7 @@ CVE-2022-47173
CVE-2022-47172
RESERVED
CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47170
RESERVED
CVE-2022-47169
@@ -21864,7 +21864,7 @@ CVE-2022-47168
CVE-2022-47167
RESERVED
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47165
RESERVED
CVE-2022-47164
@@ -21872,7 +21872,7 @@ CVE-2022-47164
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47161
RESERVED
CVE-2022-47160
@@ -21886,7 +21886,7 @@ CVE-2022-47157
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47154
RESERVED
CVE-2022-47153
@@ -42871,7 +42871,7 @@ CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, def
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424
@@ -50097,7 +50097,7 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...)
@@ -50353,27 +50353,27 @@ CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gatewa
CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...)
NOT-FOR-US: iHistorian Data Display of WorkstationST
CVE-2022-37951 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37950 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37949 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37948 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37947 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37946 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37945 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37944 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37943 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37942 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37941 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37940
RESERVED
CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230314/273a1a84/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list