[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 23 10:14:56 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7376c9e1 by Moritz Mühlenhoff at 2023-05-23T11:14:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection ...)
- TODO: check
+ NOT-FOR-US: Hanwha
CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Script ...)
- TODO: check
+ NOT-FOR-US: Hanwha
CVE-2023-31994 (Certain Hanwha products are vulnerable to Denial of Service (DoS). ck ...)
- TODO: check
+ NOT-FOR-US: Hanwha
CVE-2023-31826 (Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security ch ...)
- TODO: check
+ NOT-FOR-US: Skyscreamer Open Source Nevado JMS
CVE-2023-31816 (IT Sourcecode Content Management System Project In PHP and MySQL With ...)
- TODO: check
+ NOT-FOR-US: IT Sourcecode Content Management System Project
CVE-2023-31814 (D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to Fil ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-31741 (There is a command injection vulnerability in the Linksys E2000 router ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000 router ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...)
TODO: check
CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...)
- TODO: check
+ NOT-FOR-US: Cloudexplorer
CVE-2023-2844 (Missing Authorization in GitHub repository cloudexplorer-dev/cloudexpl ...)
- TODO: check
+ NOT-FOR-US: Cloudexplorer
CVE-2023-2505 (The affected products have a CSRF vulnerability that could allow an at ...)
- TODO: check
+ NOT-FOR-US: Birddog
CVE-2023-2504 (Files present on firmware images could allow an attacker to gain unaut ...)
- TODO: check
+ NOT-FOR-US: Birddog
CVE-2023-27388 (Improper authentication vulnerability in T&D Corporation and ESPEC MIC ...)
- TODO: check
+ NOT-FOR-US: T&D Corporation
CVE-2023-27387 (Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC COR ...)
- TODO: check
+ NOT-FOR-US: T&D Corporation
CVE-2023-23545 (Missing authentication for critical function exists in T&D Corporation ...)
- TODO: check
+ NOT-FOR-US: T&D Corporation
CVE-2023-22654 (Client-side enforcement of server-side security issue exists in T&D Co ...)
- TODO: check
+ NOT-FOR-US: T&D Corporation
CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwe ...)
NOT-FOR-US: KaiOS
CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...)
@@ -53,13 +53,13 @@ CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to 4.10
CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A v ...)
NOT-FOR-US: Suprema BioStar
CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). A ...)
- TODO: check
+ NOT-FOR-US: Wekan
CVE-2023-31742 (There is a command injection vulnerability in the Linksys WRT54GL rout ...)
NOT-FOR-US: Linksys
CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vulnerabl ...)
NOT-FOR-US: Wcms
CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: cu/silicon
CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
- gpac <unfixed>
NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/
@@ -102,13 +102,13 @@ CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2
CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...)
NOT-FOR-US: Nissan Sylphy Classic 2021
CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...)
- TODO: check
+ NOT-FOR-US: Kazelcast
CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deployment ...)
- TODO: check
+ NOT-FOR-US: KACE
CVE-2023-33252 (iden3 snarkjs through 0.6.11 allows double spending because there is n ...)
- TODO: check
+ NOT-FOR-US: iden3 snarkjs
CVE-2023-33251 (When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDi ...)
- NOT-FOR-US: Akka
+ NOT-FOR-US: Akka HTTP
CVE-2023-33250 (The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in ...)
- linux <unfixed>
NOTE: https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
@@ -181,7 +181,7 @@ CVE-2023-2815 (A vulnerability classified as critical was found in SourceCodeste
CVE-2023-2814 (A vulnerability classified as problematic has been found in SourceCode ...)
NOT-FOR-US: SourceCodester Class Scheduling System
CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...)
- TODO: check
+ NOT-FOR-US: Weaver e-cology
CVE-2023-2804
- libjpeg-turbo <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675
@@ -1600,7 +1600,7 @@ CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud ser
CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...)
NOT-FOR-US: Snap One
CVE-2023-25183 (In Snap One OvrC Pro versions prior to 7.2, when logged into the super ...)
- TODO: check
+ NOT-FOR-US: Snap One
CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154
CVE-2023-2318
@@ -1723,7 +1723,7 @@ CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms
CVE-2023-2296
RESERVED
CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
- TODO: check
+ NOT-FOR-US: Dataprobe
CVE-2022-48480
RESERVED
CVE-2022-48479
@@ -4241,7 +4241,7 @@ CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repos
CVE-2023-1974 (Exposure of Sensitive Information Through Metadata in GitHub repositor ...)
NOT-FOR-US: answer
CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hit ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-30468
RESERVED
CVE-2023-1973
@@ -5439,7 +5439,7 @@ CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via th
CVE-2023-29920
RESERVED
CVE-2023-29919 (SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any fi ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...)
NOT-FOR-US: RosarioSIS
CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
@@ -10200,17 +10200,17 @@ CVE-2023-28415
CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28409 (Unrestricted upload of file with dangerous type exists in MW WP Form v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28408 (Directory traversal vulnerability in MW WP Form versions v4.4.2 and ea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Beekeeper Studio
CVE-2023-28392 (Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B ...)
- TODO: check
+ NOT-FOR-US: AC-WAPU-300
CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...)
- TODO: check
+ NOT-FOR-US: SR-7100V
CVE-2023-28387
RESERVED
CVE-2023-28382
@@ -10218,19 +10218,19 @@ CVE-2023-28382
CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
NOT-FOR-US: Brother
CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2023-27926 (Cross-site scripting vulnerability in Profile setting function of VK A ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2023-27925 (Cross-site scripting vulnerability in Post function of VK Blocks 1.53. ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2023-27923 (Cross-site scripting vulnerability in Tag edit function of VK Blocks 1 ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2023-27922 (Cross-site scripting vulnerability in Newsletter versions prior to 7.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27921 (JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cr ...)
- TODO: check
+ NOT-FOR-US: JINS MEME
CVE-2023-27920 (Improper access control vulnerability in the system date/time setting ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin ...)
NOT-FOR-US: NEXT ENGINE Integration Plugin
CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...)
@@ -10242,29 +10242,29 @@ CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and ea
CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...)
NOT-FOR-US: Shinseiyo Sogo Soft
CVE-2023-27521 (OS command injection vulnerability in the mail setting page of SolarVi ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-27518 (Buffer overflow vulnerability in the multiple setting pages of SolarVi ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-27514 (OS command injection vulnerability in the download page of SolarView C ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-27512 (Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 ...)
- TODO: check
+ NOT-FOR-US: SolarView
CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...)
NOT-FOR-US: JB Inquiry form
CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal ...)
- TODO: check
+ NOT-FOR-US: MicroEngine
CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine ...)
- TODO: check
+ NOT-FOR-US: MicroEngine
CVE-2023-27396
RESERVED
CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
NOT-FOR-US: CX-Drive All
CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2023-27304 (Operation restriction bypass vulnerability in Message and Bulletin of ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2023-26595 (Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...)
NOT-FOR-US: Yokogawa
CVE-2023-25955 (National land numerical information data conversion tool all versions ...)
@@ -10272,7 +10272,7 @@ CVE-2023-25955 (National land numerical information data conversion tool all ver
CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...)
NOT-FOR-US: KYOCERA
CVE-2023-25953 (Code injection vulnerability in Drive Explorer for macOS versions 3.5. ...)
- TODO: check
+ NOT-FOR-US: Drive Explorer for macOS
CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...)
- haproxy 2.6.8-1
[bullseye] - haproxy <not-affected> (Vulnerable code not present)
@@ -10280,7 +10280,7 @@ CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version
NOTE: https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 (v2.7.1)
NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=22b44d5f2c7ce1ed0e4b62c639991d5abbd42a50 (v2.6.8)
CVE-2023-25946 (Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware vers ...)
- TODO: check
+ NOT-FOR-US: Qrio Lock
CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
NOT-FOR-US: Screen Creator Advance
CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7376c9e13257622c1da1b09cf2435b7d89f05f1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7376c9e13257622c1da1b09cf2435b7d89f05f1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/01545162/attachment.htm>
More information about the debian-security-tracker-commits
mailing list