[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 30 21:25:49 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8e7b40f by Salvatore Bonaccorso at 2023-05-30T22:25:24+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...)
TODO: check
CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...)
@@ -13,9 +13,9 @@ CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vuln
CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal vulnerabil ...)
TODO: check
CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Version 2.9 ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running ...)
@@ -5532,7 +5532,7 @@ CVE-2023-30198
CVE-2023-30197
RESERVED
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30195
RESERVED
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...)
@@ -12428,7 +12428,7 @@ CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32
CVE-2023-27989
RESERVED
CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...)
NOT-FOR-US: Apache Linkis
CVE-2023-1297
@@ -13575,7 +13575,7 @@ CVE-2023-27615
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27612
RESERVED
CVE-2023-27611
@@ -21502,9 +21502,9 @@ CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In ver
CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...)
NOT-FOR-US: syft
CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed> (bug #1034171)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -21537,7 +21537,7 @@ CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things de
CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
NOT-FOR-US: RIOT-OS
CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...)
- ipython <not-affected> (Windows-specific)
NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7
@@ -22113,23 +22113,23 @@ CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string
CVE-2023-24606
RESERVED
CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP header le ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size limits wh ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the T ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app dee ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information leak in th ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading (without ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- froxlor <itp> (bug #581792)
CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...)
@@ -22315,7 +22315,7 @@ CVE-2023-24570
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...)
NOT-FOR-US: Dell
CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate with Ho ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version di ...)
NOT-FOR-US: Dell
CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
@@ -24640,9 +24640,9 @@ CVE-2023-23757
CVE-2023-23756
RESERVED
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
@@ -24812,7 +24812,7 @@ CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23700
RESERVED
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0342
RESERVED
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
@@ -25428,7 +25428,7 @@ CVE-2023-23563
CVE-2023-23562
RESERVED
CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Stormshield Endpoint Security
CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
NOT-FOR-US: Lexmark
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8e7b40f807e4e46a43fcd4c062b38b23b1baa1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8e7b40f807e4e46a43fcd4c062b38b23b1baa1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/49c4127c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list