[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 28 21:29:48 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34a2bd3b by Salvatore Bonaccorso at 2023-03-28T22:29:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -152,7 +152,7 @@ CVE-2023-1650
CVE-2023-1649
RESERVED
CVE-2023-1648 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
- TODO: check
+ NOT-FOR-US: GitLab DAST API scanner
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...)
@@ -180,7 +180,7 @@ CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Moto
CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in ...)
NOT-FOR-US: MISP
CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2023-28882
RESERVED
CVE-2023-28881
@@ -230,7 +230,7 @@ CVE-2023-28861
CVE-2023-28860
RESERVED
CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...)
- TODO: check
+ NOT-FOR-US: calcom cal.com
CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
@@ -938,11 +938,11 @@ CVE-2023-1525
CVE-2023-1524
RESERVED
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...)
- TODO: check
+ NOT-FOR-US: SAUTER
CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...)
- TODO: check
+ NOT-FOR-US: SAUTER
CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...)
- TODO: check
+ NOT-FOR-US: SAUTER
CVE-2023-28647
RESERVED
CVE-2023-28646
@@ -978,9 +978,9 @@ CVE-2023-28632
CVE-2023-28631
RESERVED
CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...)
TODO: check
CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...)
@@ -1006,9 +1006,9 @@ CVE-2023-28618
CVE-2023-28391
RESERVED
CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...)
- TODO: check
+ NOT-FOR-US: SAUTER
CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
- TODO: check
+ NOT-FOR-US: SAUTER
CVE-2023-1523
RESERVED
CVE-2023-1522
@@ -3807,7 +3807,7 @@ CVE-2023-27823
CVE-2023-27822
RESERVED
CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...)
- TODO: check
+ NOT-FOR-US: Databasir
CVE-2023-27820
RESERVED
CVE-2023-27819
@@ -4067,7 +4067,7 @@ CVE-2023-27703
CVE-2023-27702
RESERVED
CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
- TODO: check
+ NOT-FOR-US: MuYuCMS
CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
NOT-FOR-US: MuYuCMS
CVE-2023-27699
@@ -5434,9 +5434,9 @@ CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow
CVE-2023-27248
RESERVED
CVE-2023-27247 (An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Admin ...)
- TODO: check
+ NOT-FOR-US: Cynet Client Agent
CVE-2023-27246 (An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth ...)
- TODO: check
+ NOT-FOR-US: Virtual Disk of MK-Auth
CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project ...)
NOT-FOR-US: File Management Project
CVE-2023-27244
@@ -5755,7 +5755,7 @@ CVE-2023-27098
CVE-2023-27097
RESERVED
CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...)
- TODO: check
+ NOT-FOR-US: Hippo4j
CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...)
NOT-FOR-US: Hippo4j
CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...)
@@ -5931,7 +5931,7 @@ CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permi
CVE-2023-27009
RESERVED
CVE-2023-27008 (A Cross-site scripting (XSS) vulnerability in the function encrypt_pas ...)
- TODO: check
+ NOT-FOR-US: ATutor
CVE-2023-27007
RESERVED
CVE-2023-27006
@@ -6343,7 +6343,7 @@ CVE-2023-26804
CVE-2023-26803
RESERVED
CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...)
- TODO: check
+ NOT-FOR-US: DCN (Digital China Networks) DCBI-Netlog-LAB
CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...)
NOT-FOR-US: LB-LINK
CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...)
@@ -8252,7 +8252,7 @@ CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband M
CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
NOT-FOR-US: Samsung
CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...)
- TODO: check
+ NOT-FOR-US: MCUBO ICT
CVE-2023-26070
RESERVED
CVE-2023-26069
@@ -8800,9 +8800,9 @@ CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.3
CVE-2021-46874
RESERVED
CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...)
- TODO: check
+ NOT-FOR-US: HGiga OAKlouds
CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25907
RESERVED
CVE-2023-25906
@@ -8862,37 +8862,37 @@ CVE-2023-25880
CVE-2023-25879
RESERVED
CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
@@ -8970,7 +8970,7 @@ CVE-2023-25830
CVE-2023-25829
RESERVED
CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2023-25827
RESERVED
CVE-2023-25826
@@ -9444,7 +9444,7 @@ CVE-2023-25706
CVE-2023-25705
RESERVED
CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25703
RESERVED
CVE-2023-25702
@@ -10780,13 +10780,13 @@ CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversa
CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft Designer
CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft Designer
CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft
CVE-2023-25260 (Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusi ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft Designer
CVE-2023-25259
RESERVED
CVE-2023-25258
@@ -12532,7 +12532,7 @@ CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploi
CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...)
NOT-FOR-US: Huawei
CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...)
NOT-FOR-US: Huawei
CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...)
@@ -13398,7 +13398,7 @@ CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 2
CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...)
NOT-FOR-US: Tenemos
CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2023-24365
RESERVED
CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...)
@@ -13956,7 +13956,7 @@ CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrad
CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
NOT-FOR-US: TrendNet
CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows ...)
- TODO: check
+ NOT-FOR-US: MikroTik RouterOS
CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...)
NOT-FOR-US: H3C A210-G A210-GV100R005
CVE-2023-24092
@@ -15476,7 +15476,7 @@ CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate p
CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...)
NOT-FOR-US: saemorris TheRadSystem
CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
- TODO: check
+ NOT-FOR-US: GitLab DAST API scanner
CVE-2023-0325
RESERVED
CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
@@ -16372,7 +16372,7 @@ CVE-2023-23332
CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Amano Xoffice
CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...)
- TODO: check
+ NOT-FOR-US: amano Xparc parking solutions
CVE-2023-23329
RESERVED
CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...)
@@ -18298,7 +18298,7 @@ CVE-2023-22709
CVE-2023-22708
RESERVED
CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22706
RESERVED
CVE-2023-22705
@@ -21594,15 +21594,15 @@ CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected
CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
NOT-FOR-US: Adobe
CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22248
RESERVED
CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2023-22245
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a2bd3bb15f241137500beacc1de83f22adf979
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a2bd3bb15f241137500beacc1de83f22adf979
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230328/1ca652d1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list