[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 1 09:40:59 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49d298b8 by Moritz Muehlenhoff at 2023-09-01T10:40:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14620,23 +14620,23 @@ CVE-2023-31177
CVE-2023-31176
RESERVED
CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer Engineering ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in the Schwe ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL Command ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the Schweitz ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
@@ -15324,7 +15324,7 @@ CVE-2023-2231 (A vulnerability, which was classified as critical, was found in M
CVE-2023-2230
REJECTED
CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...)
@@ -15444,7 +15444,7 @@ CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30896
RESERVED
CVE-2023-30895
@@ -21867,7 +21867,7 @@ CVE-2023-28803
CVE-2023-28802
RESERVED
CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...)
NOT-FOR-US: Zscaler
CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. An atta ...)
@@ -22265,7 +22265,7 @@ CVE-2023-28694
CVE-2023-28693 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasahe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28691
RESERVED
CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
@@ -23270,7 +23270,7 @@ CVE-2023-28417
CVE-2023-28416
RESERVED
CVE-2023-28415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xoot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 ...)
@@ -25912,7 +25912,7 @@ CVE-2023-27623
CVE-2023-27622
RESERVED
CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
@@ -26533,7 +26533,7 @@ CVE-2023-27428
CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27426 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shr ...)
@@ -32292,7 +32292,7 @@ CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulne
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...)
NOT-FOR-US: HashiCorp Boundary
CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...)
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...)
@@ -32352,7 +32352,7 @@ CVE-2023-25473 (Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino
CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25469
@@ -32362,7 +32362,7 @@ CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.S
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25465
RESERVED
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
@@ -32370,7 +32370,7 @@ CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25463
RESERVED
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
@@ -32388,7 +32388,7 @@ CVE-2023-25455
CVE-2023-25454
RESERVED
CVE-2023-25453 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sado ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...)
@@ -33453,7 +33453,7 @@ CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0657
RESERVED
CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...)
@@ -33461,7 +33461,7 @@ CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...)
NOT-FOR-US: SonicWall
CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0653
RESERVED
CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the repair ...)
@@ -34909,7 +34909,7 @@ CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All ve
CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN configured, malfor ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2023-24547
RESERVED
CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...)
@@ -35508,7 +35508,7 @@ CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24401 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24400 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-ma ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -35516,7 +35516,7 @@ CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rese ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...)
@@ -37189,15 +37189,15 @@ CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise-
CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Th ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update authentic ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password. The Mot ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor password. Th ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23769
RESERVED
CVE-2023-23768
@@ -37207,7 +37207,7 @@ CVE-2023-23767
CVE-2023-23766
RESERVED
CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763
@@ -38334,7 +38334,7 @@ CVE-2023-0240 (There is a logic error in io_uring's implementation which can be
CVE-2023-0239
RESERVED
CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client (<=6.29) for ...)
- TODO: check
+ NOT-FOR-US: WARP Mobile Client
CVE-2023-0237
REJECTED
CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...)
@@ -47622,9 +47622,9 @@ CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities th
CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
NOT-FOR-US: Apache Zeppelin
CVE-2022-46869 (Local privilege escalation during installation due to improper soft li ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-46868 (Local privilege escalation during recovery due to improper soft link h ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...)
@@ -51903,7 +51903,7 @@ CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are a
CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis
CVE-2022-45451 (Local privilege escalation due to insecure driver communication port p ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...)
NOT-FOR-US: Acronis
CVE-2022-45449
@@ -55644,7 +55644,7 @@ CVE-2023-20892 (The vCenter Server contains a heap overflow vulnerability due to
CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation Segment con ...)
NOT-FOR-US: VMware
CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write vulnerab ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20889 (Aria Operations for Networks contains an information disclosure vulner ...)
NOT-FOR-US: VMware
CVE-2023-20888 (Aria Operations for Networks contains an authenticated deserialization ...)
@@ -58462,7 +58462,7 @@ CVE-2023-20268
CVE-2023-20267
RESERVED
CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20265
RESERVED
CVE-2023-20264
@@ -180457,7 +180457,7 @@ CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter
CVE-2021-3263
RESERVED
CVE-2021-3262 (TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2. ...)
- TODO: check
+ NOT-FOR-US: TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084
CVE-2021-3261
RESERVED
CVE-2021-3260
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d298b8ee8efb99b9a96d41d9229f0ebd7e4caf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d298b8ee8efb99b9a96d41d9229f0ebd7e4caf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/c6a5d198/attachment.htm>
More information about the debian-security-tracker-commits
mailing list