[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 18 11:20:43 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5dbb59b2 by Salvatore Bonaccorso at 2023-10-18T12:20:10+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in
CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__p ...)
TODO: check
CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...)
TODO: check
CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...)
@@ -25,45 +25,45 @@ CVE-2023-42506 (Improper restriction of operations within the bounds of a memory
CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...)
TODO: check
CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyT ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...)
NOT-FOR-US: Widgets for Google Reviews plugin for WordPress
CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...)
TODO: check
CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...)
TODO: check
CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to Stack-Base ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...)
TODO: check
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discove ...)
TODO: check
CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...)
NOT-FOR-US: Mattermost Mobile
CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...)
@@ -91,45 +91,45 @@ CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Reques
CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...)
TODO: check
CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in real ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local attacker to ...)
- TODO: check
+ NOT-FOR-US: Expense Management System
CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the P ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal plugin
CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree menu Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in the frag ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged ...)
- TODO: check
+ NOT-FOR-US: YeaLinkSIP-T19P-E2
CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected versions of no ...)
- TODO: check
+ NOT-FOR-US: nocodb
CVE-2023-43777 (Eaton easySoft software is used to program easy controllers and displa ...)
- TODO: check
+ NOT-FOR-US: Eaton easySoft software
CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection functionality to ...)
- TODO: check
+ NOT-FOR-US: Eaton easyE4 PLC
CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage vocabula ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widget in ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...)
TODO: check
CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...)
@@ -34678,9 +34678,9 @@ CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain
CVE-2023-27134
RESERVED
CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .h ...)
- TODO: check
+ NOT-FOR-US: TSplus Remote Work
CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pa ...)
- TODO: check
+ NOT-FOR-US: TSplus Remote Work
CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
NOT-FOR-US: Typecho
CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
@@ -39680,7 +39680,7 @@ CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet W
CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic Am ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...)
@@ -42884,7 +42884,7 @@ CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Dav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -51980,33 +51980,33 @@ CVE-2023-22132
CVE-2023-22131
RESERVED
CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of Oracle Syste ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22120
RESERVED
CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22116
RESERVED
CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -52022,15 +52022,15 @@ CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -52038,7 +52038,7 @@ CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
TODO: check
CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
TODO: check
CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -52054,55 +52054,55 @@ CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...)
TODO: check
CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...)
TODO: check
CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...)
TODO: check
CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA). Supported version ...)
@@ -52194,7 +52194,7 @@ CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-22030
RESERVED
CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
TODO: check
CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -52214,7 +52214,7 @@ CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dbb59b22ef0cbb4979d7182fe4d14d85f7db03a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dbb59b22ef0cbb4979d7182fe4d14d85f7db03a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231018/f18a897c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list