[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 1 21:21:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9101184b by Salvatore Bonaccorso at 2023-05-01T22:21:00+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ Management Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online DJ Management System
CVE-2018-25085 (A vulnerability classified as problematic was found in Responsive Menu ...)
NOT-FOR-US: Responsive Menus on Drupal
CVE-2015-10105 (A vulnerability, which was classified as critical, was found in IP Bla ...)
@@ -1262,7 +1262,7 @@ CVE-2023-30899
CVE-2023-30898
RESERVED
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2023-2196
RESERVED
CVE-2023-2195
@@ -1412,7 +1412,7 @@ CVE-2023-30861
CVE-2023-30860
RESERVED
CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that helps you ...)
- TODO: check
+ NOT-FOR-US: Triton Minecraft plugin
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs. Starting in ...)
NOT-FOR-US: Denosaurs emoji package
CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for JavaScr ...)
@@ -3673,11 +3673,11 @@ CVE-2023-30065
CVE-2023-30064
RESERVED
CVE-2023-30063 (D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-30062
RESERVED
CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcg ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-30060
RESERVED
CVE-2023-30059
@@ -4514,23 +4514,23 @@ CVE-2023-29645
CVE-2023-29644
RESERVED
CVE-2023-29643 (Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows a ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2023-29642
RESERVED
CVE-2023-29641 (Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5. ...)
- TODO: check
+ NOT-FOR-US: pandao editor.md
CVE-2023-29640
RESERVED
CVE-2023-29639 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...)
- TODO: check
+ NOT-FOR-US: ZHENFENG13 My-Blog
CVE-2023-29638 (Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before ...)
- TODO: check
+ NOT-FOR-US: WinterChenS my-site
CVE-2023-29637 (Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows ...)
TODO: check
CVE-2023-29636 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...)
- TODO: check
+ NOT-FOR-US: ZHENFENG13 My-Blog
CVE-2023-29635 (File upload vulnerability in Antabot White-Jotter v0.2.2, allows remot ...)
- TODO: check
+ NOT-FOR-US: Antabot White-Jotter
CVE-2023-29634
RESERVED
CVE-2023-29633
@@ -9801,7 +9801,7 @@ CVE-2023-28094
CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...)
NOT-FOR-US: Pegasystems
CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...)
NOT-FOR-US: HPE
CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials)
@@ -15715,7 +15715,7 @@ CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Setting
CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product ...)
NOT-FOR-US: EC-CUBE
CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential with A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0894
@@ -17436,7 +17436,7 @@ CVE-2023-25494
CVE-2023-25493
RESERVED
CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of service ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25491
RESERVED
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
@@ -18053,7 +18053,7 @@ CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Si
CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0683 (A valid, authenticated XCC user with read only access may gain elevate ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-0682
RESERVED
CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...)
@@ -24905,17 +24905,17 @@ CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been d
CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It has been ...)
NOT-FOR-US: backdrop-contrib Basic Cart
CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22923 (A format string vulnerability in a binary of the Zyxel NBG-418N v2 fir ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22922 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22921 (A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 fi ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel LTE3316- ...)
NOT-FOR-US: Zyxel
CVE-2023-22919 (The post-authentication command injection vulnerability in the Zyxel N ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22918 (A post-authentication information exposure vulnerability in the CGI pr ...)
NOT-FOR-US: Zyxel
CVE-2023-22917 (A buffer overflow vulnerability in the \u201csdwan_iface_ipc\u201d bin ...)
@@ -26585,7 +26585,7 @@ CVE-2023-22505
CVE-2023-22504
RESERVED
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22502
RESERVED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...)
@@ -26883,7 +26883,7 @@ CVE-2022-48188
CVE-2022-48187
RESERVED
CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying Android a ...)
- TODO: check
+ NOT-FOR-US: Baiying Android application
CVE-2022-48185
RESERVED
CVE-2022-48184
@@ -30383,7 +30383,7 @@ CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and es
CVE-2022-4569
RESERVED
CVE-2022-4568 (A directory permissions management vulnerability in Lenovo System Upda ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
NOT-FOR-US: OpenEMR
CVE-2021-46866
@@ -65644,7 +65644,7 @@ CVE-2022-35900 (An issue was discovered in Bentley MicroStation before 10.17.0.x
CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game SDK servi ...)
NOT-FOR-US: ASUSTeK
CVE-2022-35898 (OpenText BizManager before 16.6.0.1 does not perform proper validation ...)
- TODO: check
+ NOT-FOR-US: OpenText BizManager
CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code executi ...)
NOT-FOR-US: Insyde
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9101184bcec0e42dcbba9a5130bd253ebf2c71a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9101184bcec0e42dcbba9a5130bd253ebf2c71a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230501/85f82edd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list