[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 22 22:08:37 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9cd4a6e by Salvatore Bonaccorso at 2023-05-22T23:07:43+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2023-32347 (Teltonika\u2019s Remote Management System versions prior to 4.10
CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
NOT-FOR-US: Teltonika
CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A v ...)
- TODO: check
+ NOT-FOR-US: Suprema BioStar
CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). A ...)
TODO: check
CVE-2023-31742 (There is a command injection vulnerability in the Linksys WRT54GL rout ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vulnerabl ...)
- TODO: check
+ NOT-FOR-US: Wcms
CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...)
TODO: check
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
@@ -31,15 +31,15 @@ CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
TODO: check
CVE-2023-2832 (SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.)
- TODO: check
+ NOT-FOR-US: unilogies/bumsys
CVE-2023-2597 (In Eclipse Openj9 before version 0.38.0, in the implementation of the ...)
- TODO: check
+ NOT-FOR-US: Eclipse Openj9
CVE-2023-2588 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 hav ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2023-32067
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed>
@@ -54,7 +54,7 @@ CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-
CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...)
TODO: check
CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...)
- TODO: check
+ NOT-FOR-US: Nissan Sylphy Classic 2021
CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...)
TODO: check
CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deployment ...)
@@ -62,15 +62,15 @@ CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deplo
CVE-2023-33252 (iden3 snarkjs through 0.6.11 allows double spending because there is n ...)
TODO: check
CVE-2023-33251 (When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDi ...)
- TODO: check
+ NOT-FOR-US: Akka
CVE-2023-33250 (The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in ...)
- linux <unfixed>
NOTE: https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
NOTE: https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
CVE-2023-33236 (MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerabi ...)
- TODO: check
+ NOT-FOR-US: MXsecurity
CVE-2023-33235 (MXsecurity version 1.0 is vulnearble to command injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: MXsecurity
CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is affected by a remote code ex ...)
NOT-FOR-US: IBM
CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel before 5.10. ...)
@@ -1540,19 +1540,19 @@ CVE-2023-31280
CVE-2023-31279
RESERVED
CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-31240 (Snap One OvrC Pro versions prior to 7.2 have their own locally running ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-31193 (Snap One OvrC Pro versions prior to 7.3 use HTTP connections when down ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-28649 (The Hub in the Snap One OvrC cloud platform is a device used to centra ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud servers w ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-25183
RESERVED
CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
@@ -5559,7 +5559,7 @@ CVE-2023-29839 (A Stored Cross Site Scripting (XSS) vulnerability exists in mult
NOTE: https://github.com/jichngan/CVE-2023-29839
NOTE: Fixed upstream in 3.0.5
CVE-2023-29838 (Insecure Permission vulnerability found in Botkind/Siber Systems SyncA ...)
- TODO: check
+ NOT-FOR-US: Botkind/Siber Systems SyncApp
CVE-2023-29837 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...)
NOT-FOR-US: Exelysis Unified Communication Solution (EUCS)
CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...)
@@ -9987,7 +9987,7 @@ CVE-2023-28469
CVE-2023-28468
RESERVED
CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2023-28465
RESERVED
CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...)
@@ -14357,9 +14357,9 @@ CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS Ope
CVE-2023-27068
RESERVED
CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...)
- TODO: check
+ NOT-FOR-US: Sitecore
CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
NOT-FOR-US: Tenda
CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
@@ -18755,7 +18755,7 @@ CVE-2023-25539
CVE-2023-25538
RESERVED
CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...)
NOT-FOR-US: Dell
CVE-2023-25535
@@ -19062,9 +19062,9 @@ CVE-2023-25450
CVE-2023-25449
RESERVED
CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-25446
RESERVED
CVE-2023-25445
@@ -23576,7 +23576,7 @@ CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23814
RESERVED
CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23811
@@ -23608,7 +23608,7 @@ CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
CVE-2023-23798
RESERVED
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23796
RESERVED
CVE-2023-23795
@@ -23933,7 +23933,7 @@ CVE-2023-23714
CVE-2023-23713
RESERVED
CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
NOT-FOR-US: A2 Hosting
CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
@@ -24044,7 +24044,7 @@ CVE-2023-23682 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23679
RESERVED
CVE-2023-23678
@@ -27352,7 +27352,7 @@ CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOP
CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaM ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22714 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming So ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -27362,7 +27362,7 @@ CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22708
RESERVED
CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...)
@@ -27396,7 +27396,7 @@ CVE-2023-22694
CVE-2023-22693
RESERVED
CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
@@ -27404,7 +27404,7 @@ CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...)
NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...)
@@ -30576,11 +30576,11 @@ CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47611 (Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr D ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47609 (Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
@@ -33219,7 +33219,7 @@ CVE-2022-47185
CVE-2022-47184
RESERVED
CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47182
RESERVED
CVE-2022-47181
@@ -33251,7 +33251,7 @@ CVE-2022-47169
CVE-2022-47168
RESERVED
CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Cray ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47165
@@ -33301,7 +33301,7 @@ CVE-2022-47144
CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47140
@@ -34710,7 +34710,7 @@ CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XM
CVE-2022-46681
REJECTED
CVE-2022-46680 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
NOT-FOR-US: Dell
CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper access contr ...)
@@ -38811,7 +38811,7 @@ CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet
CVE-2022-45377
RESERVED
CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45374
@@ -39610,13 +39610,13 @@ CVE-2022-45081
CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2022-45078
RESERVED
CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45075
RESERVED
CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...)
@@ -51940,7 +51940,7 @@ CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
- nomad <unfixed> (bug #1021670)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
@@ -112719,7 +112719,7 @@ CVE-2021-4109
CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in ABB ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...)
NOT-FOR-US: spatie/laravel-medialibrary
CVE-2021-45039
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9cd4a6ea8ec0fe0ca77631c8bc316d9d88847d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9cd4a6ea8ec0fe0ca77631c8bc316d9d88847d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/d0e72df7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list