[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 22 16:18:50 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd42a2f2 by Moritz Muehlenhoff at 2023-03-22T17:18:21+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2092,7 +2092,7 @@ CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to versio
CVE-2023-28106 (Pimcore is an open source data and experience management platform. Pri ...)
NOT-FOR-US: Pimcore
CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...)
- TODO: check
+ NOT-FOR-US: go-used-util
CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...)
NOT-FOR-US: silverstripe/graphql
CVE-2023-28103
@@ -2140,7 +2140,7 @@ CVE-2023-28085
CVE-2023-28084
RESERVED
CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28082
RESERVED
CVE-2023-28081
@@ -2380,11 +2380,11 @@ CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Enc
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
- froxlor <itp> (bug #581792)
CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db() access ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1305 (An authenticated attacker can leverage an exposed “box” ob ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr() method via ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...)
NOT-FOR-US: UCMS
CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -2695,9 +2695,9 @@ CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
CVE-2023-1263 (The CMP – Coming Soon & Maintenance plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1262 (Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router ...)
- TODO: check
+ NOT-FOR-US: WI-SUN
CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earli ...)
- TODO: check
+ NOT-FOR-US: WI-SUN
CVE-2023-1260
RESERVED
CVE-2023-1259
@@ -2828,11 +2828,11 @@ CVE-2023-27859
CVE-2023-27858
RESERVED
CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27854
RESERVED
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
@@ -3057,7 +3057,7 @@ CVE-2023-27844
CVE-2023-27843
RESERVED
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...)
- TODO: check
+ - extplorer <removed>
CVE-2023-27841
RESERVED
CVE-2023-27840
@@ -3675,9 +3675,9 @@ CVE-2023-27572
CVE-2023-27571
RESERVED
CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-27568
RESERVED
CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...)
@@ -3730,7 +3730,7 @@ CVE-2023-1169
CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...)
NOT-FOR-US: flame.js
CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the AOS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-1167
RESERVED
CVE-2023-1166
@@ -3911,9 +3911,9 @@ CVE-2023-23567
CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: Cost Calculator plugin for WordPress
CVE-2023-1154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pacsrapor
CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Pacsrapor
CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Persolus
CVE-2023-27520
@@ -5069,7 +5069,7 @@ CVE-2023-27089
CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
NOT-FOR-US: feiqu-opensource Background Vertical
CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...)
- TODO: check
+ NOT-FOR-US: Xuxueli
CVE-2023-27086
RESERVED
CVE-2023-27085
@@ -6324,7 +6324,7 @@ CVE-2023-26515
CVE-2023-26514
RESERVED
CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2023-26512
RESERVED
CVE-2023-1025
@@ -6420,7 +6420,7 @@ CVE-2023-26499
CVE-2023-26498
RESERVED
CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-26496
RESERVED
CVE-2023-26495
@@ -8340,9 +8340,9 @@ CVE-2023-25797
CVE-2023-25796
RESERVED
CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25793
RESERVED
CVE-2023-25792
@@ -8366,7 +8366,7 @@ CVE-2023-25784
CVE-2023-25783
RESERVED
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25781
RESERVED
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
@@ -10218,7 +10218,7 @@ CVE-2023-0683
CVE-2023-0682
RESERVED
CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-0680
REJECTED
CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management System ...)
@@ -10453,7 +10453,7 @@ CVE-2023-25137
CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker t ...)
NOT-FOR-US: vBulletin
CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-25133
RESERVED
CVE-2023-25132
@@ -10599,7 +10599,7 @@ CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision F
CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25063
RESERVED
CVE-2023-25062
@@ -11218,7 +11218,7 @@ CVE-2023-0600
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
NOT-FOR-US: Rapid7
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
@@ -11559,7 +11559,7 @@ CVE-2023-24711
CVE-2023-24710
RESERVED
CVE-2023-24709 (An issue found in Paradox Security Systems IPR512 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Paradox Security Systems IPR512
CVE-2023-24708
RESERVED
CVE-2023-24707
@@ -11621,7 +11621,7 @@ CVE-2023-24680
CVE-2023-24679
RESERVED
CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attac ...)
- TODO: check
+ NOT-FOR-US: Centralite Pearl Thermostat
CVE-2023-24677
RESERVED
CVE-2023-24676
@@ -11635,7 +11635,7 @@ CVE-2023-24673
CVE-2023-24672
RESERVED
CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an unquoted servic ...)
- TODO: check
+ NOT-FOR-US: VX Search
CVE-2023-24670
RESERVED
CVE-2023-24669
@@ -12041,7 +12041,7 @@ CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitra
CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...)
NOT-FOR-US: Dell
CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-24570
RESERVED
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...)
@@ -12606,7 +12606,7 @@ CVE-2023-24383
CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24380
RESERVED
CVE-2023-24379
@@ -13702,7 +13702,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1)
CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
{DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
@@ -13962,7 +13962,7 @@ CVE-2023-0393
CVE-2023-0392
RESERVED
CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...)
- TODO: check
+ NOT-FOR-US: MGT-COMMERCE
CVE-2022-48278
RESERVED
CVE-2022-48277
@@ -14367,7 +14367,7 @@ CVE-2023-23723
CVE-2023-23722
RESERVED
CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
- TODO: check
+ NOT-FOR-US: David Gwyer Admin Log
CVE-2023-23720
RESERVED
CVE-2023-23719
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230322/9e720441/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list