[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 13 21:21:23 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9f7be40 by Moritz Muehlenhoff at 2023-10-13T22:20:50+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,95 +1,95 @@
CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- TODO: check
+ NOT-FOR-US: Vrite
CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...)
- TODO: check
+ NOT-FOR-US: Vrite
CVE-2023-5571 (Improper Input Validation in GitHub repository vriteio/vrite prior to ...)
- TODO: check
+ NOT-FOR-US: Vrite
CVE-2023-5449 (A potential security vulnerability has been identified in certain HP D ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-5409 (HP is aware of a potential security vulnerability in HP t430 and t638 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-5240 (Improper access control in PAM propagation scripts in Devolutions Serv ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2023-4995 (The Embed Calendly plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4829 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...)
- TODO: check
+ - froxlor <itp> (bug #581792)
CVE-2023-4517 (Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hest ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2023-4499 (A potential security vulnerability has been identified in the HP ThinU ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-45468 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45467 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45466 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45465 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45464 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45463 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-45393 (An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Bu ...)
- TODO: check
+ NOT-FOR-US: GRANDING UTime Master
CVE-2023-45391 (A stored cross-site scripting (XSS) vulnerability in the Create A New ...)
- TODO: check
+ NOT-FOR-US: GRANDING UTime Master
CVE-2023-45276 (Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45270 (Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45269 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45268 (Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45267 (Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45162 (Affected 1E Platform versions have a Blind SQL Injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: 1T Platform
CVE-2023-45130 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
- TODO: check
+ NOT-FOR-US: Frontier
CVE-2023-45109 (Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45108 (Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45107 (Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43079 (Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, con ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-41843 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-41836 (An improper neutralization of input during web page generation ('cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-41682 (A improper limitation of a pathname to a restricted directory ('path t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-41681 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-41680 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...)
- TODO: check
+ NOT-FOR-US: OVM
CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
TODO: check
CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...)
TODO: check
CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34976 (A SQL injection vulnerability has been reported to affect Video Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34975 (A SQL injection vulnerability has been reported to affect Video Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 5.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-32976 (An OS command injection vulnerability has been reported to affect Cont ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32974 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32973 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-42663
- airflow <itp> (bug #819700)
CVE-2023-42792
@@ -23128,7 +23128,7 @@ CVE-2023-27880
CVE-2023-27513
RESERVED
CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN
CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Campcodes Online Traffic Offense Management System
CVE-2023-2076 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
@@ -26104,7 +26104,7 @@ CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross
CVE-2022-48436
RESERVED
CVE-2023-29464 (FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is exposed to ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
@@ -26970,7 +26970,7 @@ CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintena
CVE-2023-29234
RESERVED
CVE-2023-23581 (A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHe ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN
CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...)
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
@@ -28468,11 +28468,11 @@ CVE-2023-28827
CVE-2023-28379
RESERVED
CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN
CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN
CVE-2023-22308 (An integer underflow vulnerability exists in the vpnserver OvsProcessD ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN
CVE-2023-1625 (An information leak was discovered in OpenStack heat. This issue could ...)
[experimental] - heat 1:20.0.0~rc1-1
- heat 1:19.0.0-2 (bug #1034186)
@@ -33565,15 +33565,15 @@ CVE-2023-27318
CVE-2023-27317
RESERVED
CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2023-27314 (ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12 ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2023-27313 (SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vul ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2023-27312 (SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are su ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose information v ...)
NOT-FOR-US: NetApp Blue XP Connector
CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
@@ -35964,9 +35964,9 @@ CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516
CVE-2023-26368
RESERVED
CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26365
RESERVED
CVE-2023-26364
@@ -44068,7 +44068,7 @@ CVE-2023-23739
CVE-2023-23738
RESERVED
CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23736
RESERVED
CVE-2023-23735
@@ -44287,7 +44287,7 @@ CVE-2023-23653
CVE-2023-23652
RESERVED
CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Googl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23649
@@ -44362,7 +44362,7 @@ CVE-2023-23634
CVE-2023-23633
RESERVED
CVE-2023-23632 (BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x a ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privileged Remote Access
CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...)
NOT-FOR-US: github.com/ipfs/go-unixfsnode
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9f7be402a332bc634fd142a7e432484ff0509d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9f7be402a332bc634fd142a7e432484ff0509d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/5ce35f83/attachment.htm>
More information about the debian-security-tracker-commits
mailing list