[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 17 15:48:04 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae8a32d2 by Moritz Muehlenhoff at 2023-05-17T16:47:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-31848 (davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).)
- TODO: check
+ NOT-FOR-US: davinci
CVE-2023-31847 (In davinci 0.3.0-rc after logging in, the user can connect to the mysq ...)
- TODO: check
+ NOT-FOR-US: davinci
CVE-2023-31679 (Incorrect access control in Videogo v6.8.1 allows attackers to access ...)
- TODO: check
+ NOT-FOR-US: Videogo
CVE-2023-31678 (Incorrect access control in Videogo v6.8.1 allows attackers to bind sh ...)
- TODO: check
+ NOT-FOR-US: Videogo
CVE-2023-31677 (Insecure permissions in luowice 3.5.18 allow attackers to view informa ...)
- TODO: check
+ NOT-FOR-US: luowice
CVE-2023-31544 (A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v ...)
NOT-FOR-US: alkacon-OpenCMS
CVE-2023-2753 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -21,11 +21,11 @@ CVE-2023-2608 (The Multiple Page Generator Plugin for WordPress is vulnerable to
CVE-2023-2528 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...)
NOT-FOR-US: Contact Form by Supsystic plugin for WordPress
CVE-2023-2509 (A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR
CVE-2023-2469
REJECTED
CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0 allows an ...)
- TODO: check
+ NOT-FOR-US: glazedlists
CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricte ...)
NOT-FOR-US: Sourcecodester Online Computer and Laptop Store
CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in the fun ...)
@@ -33,7 +33,7 @@ CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in t
CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a remote code ...)
NOT-FOR-US: Tenda
CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows ...)
- TODO: check
+ - serendipity <removed>
CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change ...)
NOT-FOR-US: Bludit
CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
@@ -43,7 +43,7 @@ CVE-2023-2740 (A vulnerability, which was classified as problematic, has been fo
CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeServer ...)
NOT-FOR-US: Gira HomeServer
CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2023-2731 [null pointer deference in LZWDecode() in libtiff/tif_lzw.c]
- tiff <unfixed>
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -146,7 +146,7 @@ CVE-2023-32956 (Improper neutralization of special elements used in an OS comman
CVE-2023-32955 (Improper neutralization of special elements used in an OS command ('OS ...)
NOT-FOR-US: Synology
CVE-2023-32309 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
- TODO: check
+ NOT-FOR-US: PyMdown Extensions
CVE-2023-32308 (anuko timetracker is an open source time tracking system. Boolean-base ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -271,9 +271,9 @@ CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-ope
- virtuoso-opensource <unfixed>
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120
CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSO ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleartext ma ...)
- keepass2 <unfixed>
NOTE: https://github.com/vdohney/keepass-password-dumper
@@ -308,15 +308,15 @@ CVE-2023-2690 (A vulnerability, which was classified as critical, has been found
CVE-2023-2689 (A vulnerability classified as critical was found in SourceCodester Bil ...)
NOT-FOR-US: SourceCodester Billing Management System
CVE-2023-32303 (Planet is software that provides satellite data. The secret file store ...)
- TODO: check
+ NOT-FOR-US: Planet
CVE-2023-32306 (Time Tracker is an open source time tracking system. A time-based blin ...)
NOT-FOR-US: Time Tracker
CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contai ...)
- TODO: check
+ NOT-FOR-US: aiven-extras
CVE-2023-32081 (Vert.x STOMP is a vert.x implementation of the STOMP specification tha ...)
NOT-FOR-US: Vert.x STOMP
CVE-2023-32073 (WWBN AVideo is an open source video platform. In versions 12.4 and pri ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-31985 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...)
NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4
CVE-2023-31983 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...)
@@ -373,11 +373,11 @@ CVE-2023-2515 (Mattermost fails to restrict a user with permissions to edit othe
CVE-2023-2514 (Mattermost Sever fails to redact the DB username and password before e ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-2512 (Prior to version v1.20230419.0, the FormData API implementation was su ...)
- TODO: check
+ NOT-FOR-US: Cloudflare workerd
CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior t ...)
- TODO: check
+ NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...)
- TODO: check
+ NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential Addons ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
@@ -1528,7 +1528,7 @@ CVE-2023-31147
CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
NOT-FOR-US: Vyper
CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...)
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
@@ -1558,7 +1558,7 @@ CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a web
CVE-2023-31132
RESERVED
CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
- TODO: check
+ NOT-FOR-US: Greenplum Database
CVE-2023-31130
RESERVED
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
@@ -2550,7 +2550,7 @@ CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...)
NOT-FOR-US: modoboa
CVE-2023-2159
@@ -3658,25 +3658,25 @@ CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege e
CVE-2023-30511
RESERVED
CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb manageme ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
@@ -3880,7 +3880,7 @@ CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Mod
CVE-2023-30453
RESERVED
CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...)
- TODO: check
+ NOT-FOR-US: MoroSystems EasyMind
CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...)
NOT-FOR-US: PHPGurukul Bank Locker Management System
CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management System ...)
@@ -4256,7 +4256,7 @@ CVE-2023-30283
CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...)
NOT-FOR-US: PrestaShop scexportcustomers
CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop scquickacc ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...)
NOT-FOR-US: Netgear
CVE-2023-30279
@@ -4328,7 +4328,7 @@ CVE-2023-30247 (File Upload vulnerability found in Oretnom23 Storage Unit Rental
CVE-2023-30246 (SQL injection vulnerability found in Judging Management System v.1.0 a ...)
NOT-FOR-US: Judging Management System
CVE-2023-30245 (SQL injection vulnerability found in Judging Management System v.1.0 a ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-30244
RESERVED
CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable ...)
@@ -4440,7 +4440,7 @@ CVE-2023-30191
CVE-2023-30190
RESERVED
CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30188
RESERVED
CVE-2023-30187
@@ -4903,7 +4903,7 @@ CVE-2023-29963 (S-CMS v5.0 was discovered to contain an authenticated remote cod
CVE-2023-29962
RESERVED
CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack o ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-29960
RESERVED
CVE-2023-29959
@@ -5004,7 +5004,7 @@ CVE-2023-29929
CVE-2023-29928
RESERVED
CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...)
NOT-FOR-US: PowerJob
CVE-2023-29925
@@ -5134,9 +5134,9 @@ CVE-2023-29864
CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to ...)
NOT-FOR-US: Medical Systems Co. Medisys Weblab Products
CVE-2023-29862 (An issue found in Agasio-Camera device version not specified allows a ...)
- TODO: check
+ NOT-FOR-US: Agasio-Camera
CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a remote att ...)
- TODO: check
+ NOT-FOR-US: FLIR-DVTEL
CVE-2023-29860
RESERVED
CVE-2023-29859
@@ -6226,7 +6226,7 @@ CVE-2023-29441
CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
- TODO: check
+ NOT-FOR-US: FooGallery
CVE-2023-29438
RESERVED
CVE-2023-29437
@@ -7071,7 +7071,7 @@ CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation i
CVE-2023-29196 (Discourse is an open source platform for community discussion. This vu ...)
NOT-FOR-US: Discourse
CVE-2023-29195 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
- TODO: check
+ NOT-FOR-US: Vitess
CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
NOT-FOR-US: Vitess
CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
@@ -7432,9 +7432,9 @@ CVE-2023-29061
CVE-2023-29060
RESERVED
CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2023-1763 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1761 (Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3 ...)
@@ -7791,7 +7791,7 @@ CVE-2023-1700
CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsin ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packet For ...)
NOT-FOR-US: Juniper
CVE-2023-1696
@@ -9952,7 +9952,7 @@ CVE-2023-28358 (A vulnerability has been discovered in Rocket.Chat where a markd
CVE-2023-28357 (A vulnerability has been identified in Rocket.Chat, where the ACL chec ...)
NOT-FOR-US: Rocket.Chat
CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted messag ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2023-28355
RESERVED
CVE-2023-28354
@@ -10944,7 +10944,7 @@ CVE-2023-28078
CVE-2023-28077
RESERVED
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28075
RESERVED
CVE-2023-28074
@@ -12091,7 +12091,7 @@ CVE-2023-27744
CVE-2023-27743
RESERVED
CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: IDURAR
CVE-2023-27741
RESERVED
CVE-2023-27740
@@ -16988,9 +16988,9 @@ CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0864 (Cleartext Transmission of Sensitive Information vulnerability in ABB T ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0863 (Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80 ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable to path ...)
NOT-FOR-US: NetModule NSRW web administration interface
CVE-2023-0861 (NetModule NSRW web administration interface executes an OS command con ...)
@@ -18762,7 +18762,7 @@ CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon
CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection ...)
NOT-FOR-US: TOTOLINK
CVE-2023-25394 (Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Update ...)
- TODO: check
+ NOT-FOR-US: Videostream macOS app
CVE-2023-25393
RESERVED
CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Val ...)
@@ -29138,7 +29138,7 @@ CVE-2022-4712
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...)
NOT-FOR-US: JT Open
CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8a32d2347bbf1cef1c19248b53c5bc8b9a153a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8a32d2347bbf1cef1c19248b53c5bc8b9a153a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230517/be845fac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list