[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 9 21:48:11 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a195c8a1 by Salvatore Bonaccorso at 2023-05-09T22:47:40+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54,19 +54,19 @@ CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacke
- frr <unfixed>
NOTE: https://github.com/FRRouting/frr/issues/13098
CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...)
- TODO: check
+ NOT-FOR-US: GL.iNet devices
CVE-2023-31474 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...)
- TODO: check
+ NOT-FOR-US: GL.iNet devices
CVE-2023-31472 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...)
- TODO: check
+ NOT-FOR-US: GL.iNet devices
CVE-2023-2609 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.153 ...)
TODO: check
CVE-2023-2596 (A vulnerability was found in SourceCodester Online Reviewer System 1.0 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Reviewer System
CVE-2023-2595 (A vulnerability has been found in SourceCodester Billing Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Billing Management System
CVE-2023-2594 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Food Ordering Management System
CVE-2023-2591 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...)
TODO: check
CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...)
@@ -825,7 +825,7 @@ CVE-2023-31146
CVE-2023-31145
RESERVED
CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
TODO: check
CVE-2023-31142
@@ -1257,9 +1257,9 @@ CVE-2023-30988
CVE-2023-30987
RESERVED
CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30984
RESERVED
CVE-2023-30983
@@ -1527,9 +1527,9 @@ CVE-2023-30901
CVE-2023-30900
RESERVED
CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2196
@@ -3919,9 +3919,9 @@ CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file upl
CVE-2023-30089
RESERVED
CVE-2023-30088 (An issue found in Cesanta MJS v.1.26 allows a local attacker to cause ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2023-30087 (Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a loc ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local ...)
TODO: check
CVE-2023-30085 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...)
@@ -5448,11 +5448,11 @@ CVE-2023-29464
CVE-2023-29463
RESERVED
CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-29459
RESERVED
CVE-2023-29458
@@ -5882,27 +5882,27 @@ CVE-2023-29345
CVE-2023-29344
RESERVED
CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29342
RESERVED
CVE-2023-29341 (AV1 Video Extension Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29340 (AV1 Video Extension Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29339
RESERVED
CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29337
RESERVED
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29332
RESERVED
CVE-2023-29331
@@ -5918,9 +5918,9 @@ CVE-2023-29327
CVE-2023-29326
RESERVED
CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...)
- opensmtpd <unfixed> (bug #1034178)
[bookworm] - opensmtpd <no-dsa> (Minor issue)
@@ -6524,7 +6524,7 @@ CVE-2023-29130
CVE-2023-29129
RESERVED
CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29127
RESERVED
CVE-2023-29126
@@ -6566,15 +6566,15 @@ CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - ve
CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...)
NOT-FOR-US: SAP
CVE-2023-29107 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29106 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29105 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29102
RESERVED
CVE-2023-29101
@@ -7592,7 +7592,7 @@ CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcl
CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In affec ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-28831
RESERVED
CVE-2023-28830
@@ -9502,7 +9502,7 @@ CVE-2023-28292 (Raw Image Extension Remote Code Execution Vulnerability)
CVE-2023-28291 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28290 (Microsoft Remote Desktop app for Windows Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28289
RESERVED
CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
@@ -9516,7 +9516,7 @@ CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28283 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28282
RESERVED
CVE-2023-28281
@@ -9580,7 +9580,7 @@ CVE-2023-28253 (Windows Kernel Information Disclosure Vulnerability)
CVE-2023-28252 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2023-28251 (Windows Driver Revocation List Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28250 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2023-28249 (Windows Boot Manager Security Feature Bypass Vulnerability)
@@ -12271,11 +12271,11 @@ CVE-2023-27411
CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
TODO: check
CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27408 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27407 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-27406 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
NOT-FOR-US: Siemens
CVE-2023-27405 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
@@ -16448,7 +16448,7 @@ CVE-2023-25836
CVE-2023-25835
RESERVED
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25833
RESERVED
CVE-2023-25832
@@ -16456,9 +16456,9 @@ CVE-2023-25832
CVE-2023-25831
RESERVED
CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...)
NOT-FOR-US: Pluck CMS
CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...)
@@ -19172,39 +19172,39 @@ CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 1
CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Forget Heart Message Box
CVE-2023-24955 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24954 (Microsoft SharePoint Server Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24953 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24952
RESERVED
CVE-2023-24951
RESERVED
CVE-2023-24950 (Microsoft SharePoint Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24949 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24948 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24947 (Windows Bluetooth Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24946 (Windows Backup Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24945 (Windows iSCSI Target Service Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24944 (Windows Bluetooth Driver Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24943 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24942 (Remote Procedure Call Runtime Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24941 (Windows Network File System Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24940 (Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24939 (Server for NFS Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24938
RESERVED
CVE-2023-24937
@@ -19218,7 +19218,7 @@ CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability)
CVE-2023-24933
RESERVED
CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24931 (Windows Secure Channel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability)
@@ -19272,21 +19272,21 @@ CVE-2023-24907 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code E
CVE-2023-24906 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...)
NOT-FOR-US: Microsoft
CVE-2023-24905 (Remote Desktop Client Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24904 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24903 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24902 (Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24901 (Windows NFS Portmapper Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24900 (Windows NTLM Security Support Provider Information Disclosure Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24897
RESERVED
CVE-2023-24896
@@ -20988,7 +20988,7 @@ CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-24373
RESERVED
CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
@@ -22226,7 +22226,7 @@ CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23882
RESERVED
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
@@ -22268,7 +22268,7 @@ CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23550
@@ -22464,7 +22464,7 @@ CVE-2023-23795
CVE-2023-23794
RESERVED
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23792
RESERVED
CVE-2023-23791
@@ -22736,11 +22736,11 @@ CVE-2023-23736
CVE-2023-23735
RESERVED
CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23731
RESERVED
CVE-2023-23730
@@ -22957,7 +22957,7 @@ CVE-2023-23649
CVE-2023-23648
RESERVED
CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23646
RESERVED
CVE-2023-23645
@@ -32900,7 +32900,7 @@ CVE-2022-46866
CVE-2022-46865
RESERVED
CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
@@ -32912,7 +32912,7 @@ CVE-2022-46860
CVE-2022-46859
RESERVED
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46857
RESERVED
CVE-2022-46856
@@ -32940,7 +32940,7 @@ CVE-2022-46846
CVE-2022-46845
RESERVED
CVE-2022-46844 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...)
@@ -33047,7 +33047,7 @@ CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in
CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 compatibl ...)
NOT-FOR-US: Siemens
CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46821
RESERVED
CVE-2022-46820
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a195c8a1b7b0741b5b404bb9214f90720d41bf89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a195c8a1b7b0741b5b404bb9214f90720d41bf89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230509/72700037/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list