[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 27 20:31:41 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abd7bbe3 by Salvatore Bonaccorso at 2023-10-27T21:31:10+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -523,7 +523,7 @@ CVE-2023-34447 (iTop is an open source, web-based IT service management platform
CVE-2023-34446 (iTop is an open source, web-based IT service management platform. Prio ...)
NOT-FOR-US: iTop
CVE-2023-32359 (This issue was addressed with improved redaction of sensitive informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time compari ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac ...)
@@ -803,7 +803,7 @@ CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Stan
CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a ...)
- TODO: check
+ NOT-FOR-US: Node Email Check module
CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...)
NOT-FOR-US: PingFederate
CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
@@ -24290,11 +24290,11 @@ CVE-2023-30971
CVE-2023-30970
RESERVED
CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an API wide ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30968
RESERVED
CVE-2023-30967 (Gotham Orbital-Simulator service prior to 0.692.0 was found to be vuln ...)
- TODO: check
+ NOT-FOR-US: Gotham Orbital-Simulator service
CVE-2023-30966
RESERVED
CVE-2023-30965
@@ -26086,7 +26086,7 @@ CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Im
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30492 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30490
@@ -33471,7 +33471,7 @@ CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default con
NOTE: Opt-In to allow privilege escalation (and disable by default):
NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c
CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component in IDAtt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...)
- vim 2:9.0.1658-1 (unimportant)
NOTE: https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
@@ -35857,11 +35857,11 @@ CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as cri
CVE-2023-27381
RESERVED
CVE-2023-27377 (Missing authentication in the StudentPopupDetails_EmergencyContactDeta ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27376 (Missing authentication in the StudentPopupDetails_StudentDetails ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27375 (Missing authentication in the StudentPopupDetails_ContactDetails ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27374
RESERVED
CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -36302,23 +36302,23 @@ CVE-2023-XXXX [RUSTSEC-2023-0015]
NOTE: https://github.com/tomprogrammer/rust-ascii/commit/dc7e07397ce362487162cb86f92c0bec4645d867 (v0.9.3)
NOTE: https://github.com/tomprogrammer/rust-ascii/issues/64
CVE-2023-27262 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27261 (Missing authentication in the DeleteAssignments method in IDAt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27260 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27259 (Missing authentication in the GetAssignmentsDue method in IDAtten ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27258 (Missing authentication in the GetStudentGroupStudents method in ID ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27257 (Missing authentication in the GetActiveToiletPasses method in IDAtt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27256 (Missing authentication in the GetLogFiles method in IDAttend\u2019s ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27255 (Unauthenticated SQL injection in the DeleteRoomChanges method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27254 (Unauthenticated SQL injection in the GetRoomChanges method in IDA ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27253 (A command injection vulnerability in the function restore_rrddata() of ...)
NOT-FOR-US: pfSense
CVE-2023-27252
@@ -36488,7 +36488,7 @@ CVE-2023-27172
CVE-2023-27171
RESERVED
CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...)
- TODO: check
+ NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168
@@ -37734,39 +37734,39 @@ CVE-2023-26598
CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
NOT-FOR-US: Buffalo network devices
CVE-2023-26584 (Unauthenticated SQL injection in the GetStudentInconsistencies met ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26583 (Unauthenticated SQL injection in the GetCurrentPeriod method in IDA ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26582 (Unauthenticated SQL injection in the GetExcursionDetails method in I ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26581 (Unauthenticated SQL injection in the GetVisitors method in IDAttend\u ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26580 (Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb appli ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26579 (Missing authentication in the DeleteStaff method in IDAttend\u2019s ID ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26578 (Arbitrary file upload to web root in the IDAttend\u2019s IDWeb applica ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26577 (Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3 ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26576 (Missing authentication in the SearchStudentsRFID method in IDAttend\ ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26575 (Missing authentication in the SearchStudentsStaff method in IDAttend\ ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26574 (Missing authentication in the SearchStudents method in IDAttend\u2019s ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26573 (Missing authentication in the SetDB method in IDAttend\u2019s IDWeb ap ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26572 (Unauthenticated SQL injection in the GetExcursionList method in IDAtte ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26571 (Missing authentication in the SetStudentNotes method in IDAttend\u201 ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26570 (Missing authentication in the StudentPopupDetails_Timetable method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26569 (Unauthenticated SQL injection in the StudentPopupDetails_Timetable met ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...)
NOT-FOR-US: Sangoma
CVE-2023-26566
@@ -39505,7 +39505,7 @@ CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2
CVE-2023-0898
RESERVED
CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due ...)
- TODO: check
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-26030
RESERVED
CVE-2023-26029
@@ -240187,7 +240187,7 @@ CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly
CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
- libcrypt-perl-perl <itp> (bug #907353)
CVE-2020-17477 (Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS at school befor ...)
- TODO: check
+ NOT-FOR-US: ucs-school-ldap-acls-master in UCS at school
CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name.)
NOT-FOR-US: Mibew Messenger
CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...)
@@ -348630,9 +348630,9 @@ CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17879 (An issue was discovered on certain ABUS TVIP cameras. The CGI scripts ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17878 (Buffer Overflow vulnerability in certain ABUS TVIP cameras allows atta ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ga ...)
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
@@ -349339,9 +349339,9 @@ CVE-2018-17561
CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
NOT-FOR-US: Grouptime Teamwire Client
CVE-2018-17559 (Due to incorrect access control, unauthenticated remote attackers can ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17558 (Hardcoded manufacturer credentials and an OS command injection vulnera ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2018-17557
REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
@@ -351633,7 +351633,7 @@ CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In fax/faxq-help
CVE-2018-16740
RESERVED
CVE-2018-16739 (An issue was discovered on certain ABUS TVIP devices. Due to a path tr ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, altho ...)
{DSA-4312-1}
- tinc 1.0.35-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd7bbe339bc07403c1cfc785c7442731945f4af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd7bbe339bc07403c1cfc785c7442731945f4af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231027/c56172c6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list