[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 19 21:26:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c50697f4 by Salvatore Bonaccorso at 2023-10-19T22:26:13+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,91 +1,91 @@
CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...)
- TODO: check
+ NOT-FOR-US: React Developer Tools extension
CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of user-supplied d ...)
- TODO: check
+ NOT-FOR-US: Santesoft Sante FFT Imaging
CVE-2023-46227 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...)
- TODO: check
+ NOT-FOR-US: Apache InLong
CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-45992 (Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruck ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Multicast ...)
- TODO: check
+ NOT-FOR-US: Qumu Multicast Extension
CVE-2023-45826 (Leantime is an open source project management system. A 'userId' varia ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the YDB pla ...)
TODO: check
CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2023-45809 (Wagtail is an open source content management system built on Django. A ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2023-45665
REJECTED
CVE-2023-45384 (KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestrict ...)
- TODO: check
+ NOT-FOR-US: KnowBand supercheckout
CVE-2023-45381 (In the module "Creative Popup" (creativepopup) up to version 1.6.9 fro ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45379 (In the module "Rotator Img" (posrotatorimg) in versions at least up to ...)
- TODO: check
+ NOT-FOR-US: PosThemes for PrestaShop
CVE-2023-45376 (In the module "Carousels Pack - Instagram, Products, Brands, Supplier" ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45281 (An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2023-45278 (Directory Traversal vulnerability in the storage functionality of the ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2023-45277 (Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The v ...)
- TODO: check
+ NOT-FOR-US: Yamcs
CVE-2023-43986 (DM Concept configurator before v4.9.4 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: DM Concept configurator (PrestaShop module)
CVE-2023-43492 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi conta ...)
- TODO: check
+ NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device
CVE-2023-43252 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted i ...)
- TODO: check
+ NOT-FOR-US: XNSoft Nconvert
CVE-2023-43251 (XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a c ...)
- TODO: check
+ NOT-FOR-US: XNSoft Nconvert
CVE-2023-42666 (The affected product is vulnerable to an exposure of sensitive informa ...)
- TODO: check
+ NOT-FOR-US: DEXMA
CVE-2023-42435 (The affected product is vulnerable to a cross-site request forgery vul ...)
- TODO: check
+ NOT-FOR-US: DEXMA
CVE-2023-41089 (The affected product is vulnerable to an improper authentication vulne ...)
- TODO: check
+ NOT-FOR-US: DEXMA
CVE-2023-41088 (The affected product is vulnerable to a cleartext transmission of sens ...)
- TODO: check
+ NOT-FOR-US: DEXMA
CVE-2023-40153 (The affected product is vulnerable to a cross-site scripting vulnerabi ...)
- TODO: check
+ NOT-FOR-US: DEXMA
CVE-2023-40145 (In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can exe ...)
- TODO: check
+ NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device
CVE-2023-39431 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...)
- TODO: check
+ NOT-FOR-US: Sante DICOM Viewer Pro
CVE-2023-38584 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi co ...)
- TODO: check
+ NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device
CVE-2023-38128 (An out-of-bounds write vulnerability exists in the "HyperLinkFrame" st ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-38127 (An integer overflow exists in the "HyperLinkFrame" stream parser of Ic ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-35986 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...)
- TODO: check
+ NOT-FOR-US: Sante DICOM Viewer Pro
CVE-2023-35187 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35186 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35185 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35184 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35183 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35182 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35181 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35180 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers for bot ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2023-45024
- request-tracker5 <unfixed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -126,13 +126,13 @@ CVE-2023-45958 (Thirty Bees Core v1.4.0 was discovered to contain a reflected cr
CVE-2023-45909 (zzzcms v2.2.0 was discovered to contain an open redirect vulnerability ...)
NOT-FOR-US: zzzcms
CVE-2023-45814 (Bunkum is an open-source protocol-agnostic request server for custom g ...)
- TODO: check
+ NOT-FOR-US: Bunkum
CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In affected ve ...)
- TODO: check
+ NOT-FOR-US: Torbot
CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph router wri ...)
TODO: check
CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...)
- TODO: check
+ NOT-FOR-US: XXL-RPC
CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
- redis 5:7.0.14-1 (bug #1054225)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
@@ -232,7 +232,7 @@ CVE-2023-45056 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME ...)
NOT-FOR-US: WordPress plugin
CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a Use ...)
- TODO: check
+ NOT-FOR-US: XNSoft Nconvert
CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
NOT-FOR-US: Android
CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a possible ...)
@@ -22503,7 +22503,7 @@ CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.
NOTE: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965 (3.2.19)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/03/1
CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and ...)
- TODO: check
+ NOT-FOR-US: PaperCut
CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and Formats ...)
- backdrop <itp> (bug #914257)
CVE-2023-31044
@@ -23798,7 +23798,7 @@ CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to cause a denial of service
CVE-2023-30634
RESERVED
CVE-2023-30633 (An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with k ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-30632
RESERVED
CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...)
@@ -33095,7 +33095,7 @@ CVE-2023-27793
CVE-2023-27792
RESERVED
CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: IXP Data Easy Install
CVE-2023-27790
RESERVED
CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50697f440800122bae808d52615f451ff327a2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50697f440800122bae808d52615f451ff327a2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231019/a2040a66/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list