[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 24 21:32:48 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c00947f by Salvatore Bonaccorso at 2023-05-24T22:32:09+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,33 +7,33 @@ CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users' messa
CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows a ...)
- briar <itp> (bug #1019932)
CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Lif ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier t ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Lifera ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL Server in L ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in Liferay P ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module in Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content Display wi ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet widget ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder module's c ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget configu ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM ...)
TODO: check
CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the Create Region ...)
@@ -69,13 +69,13 @@ CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the Create
CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the Create Rack R ...)
TODO: check
CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function in Zyxel ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-33009 (A buffer overflow vulnerability in the notification function in Zyxel ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to escala ...)
- TODO: check
+ NOT-FOR-US: MobileTrans
CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
- TODO: check
+ NOT-FOR-US: IC Realtime ICIP-P2012T
CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...)
TODO: check
CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
@@ -83,29 +83,29 @@ CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mite
CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice ...)
TODO: check
CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...)
- TODO: check
+ NOT-FOR-US: eScan Antivirus
CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Twister Antivirus
CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antivirus ...)
- TODO: check
+ NOT-FOR-US: Twister Antivirus
CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...)
- TODO: check
+ NOT-FOR-US: FlexiHub
CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...)
TODO: check
CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...)
- TODO: check
+ NOT-FOR-US: EnTech Monitor Asset Manager
CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...)
- TODO: check
+ NOT-FOR-US: Barracuda
CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park Ticketing Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Theme Park Ticketing System
CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry Store 1.0 a ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Jewelry Store
CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 1.012.GP ...)
- TODO: check
+ NOT-FOR-US: Simple Design Daily Journal
CVE-2023-2862 (A vulnerability, which was classified as problematic, was found in Sit ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Cityboss E-municipality
CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions, there ...)
NOT-FOR-US: Apache RocketMQ
CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...)
@@ -3938,9 +3938,9 @@ CVE-2023-2067
CVE-2023-2066
RESERVED
CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...)
- TODO: check
+ NOT-FOR-US: Armoli Technology Cargo Tracking System
CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Minova Technology eTrace
CVE-2023-2063
RESERVED
CVE-2023-2062
@@ -3978,7 +3978,7 @@ CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting Sys
CVE-2023-2046
RESERVED
CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Ipekyolu Software Auto Damage Tracking Software
CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...)
@@ -20375,7 +20375,7 @@ CVE-2023-25030
CVE-2023-25029
RESERVED
CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25026
@@ -32646,11 +32646,11 @@ CVE-2021-4245 (A vulnerability classified as problematic has been found in chbro
CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47445
RESERVED
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
@@ -33564,7 +33564,7 @@ CVE-2022-47182
CVE-2022-47181
RESERVED
CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47178
@@ -33620,7 +33620,7 @@ CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolutio
CVE-2022-47153
RESERVED
CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47151
RESERVED
CVE-2022-47150
@@ -34578,7 +34578,7 @@ CVE-2022-46818
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
CVE-2022-46814
@@ -34622,7 +34622,7 @@ CVE-2022-46796
CVE-2022-46795
RESERVED
CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
@@ -39174,7 +39174,7 @@ CVE-2022-45366
CVE-2022-45365
RESERVED
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45362
@@ -102859,7 +102859,7 @@ CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
CVE-2022-0357 (Unquoted Search Path or Element vulnerability in the Vulnerability Sca ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2022-0356
RESERVED
CVE-2021-4215
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c00947fc77a53ac98e0c71a6fd03f3e9485c647
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c00947fc77a53ac98e0c71a6fd03f3e9485c647
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/d8b94824/attachment.htm>
More information about the debian-security-tracker-commits
mailing list