[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 15 10:13:13 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
71736432 by Salvatore Bonaccorso at 2023-09-15T11:12:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2023-4766 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
NOT-FOR-US: Yepas Digital Yepas
CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Yordam MedasPro
CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability in Exaga ...)
NOT-FOR-US: Exagate SYSGuard 3001
CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
@@ -23,7 +23,7 @@ CVE-2023-42180 (An arbitrary file upload vulnerability in the /user/upload compo
CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query mo ...)
NOT-FOR-US: lenosp
CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.1 ...)
- TODO: check
+ NOT-FOR-US: Time to SLA plugin
CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications China M ...)
NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway
CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communicat ...)
@@ -39,11 +39,11 @@ CVE-2023-38558 (A vulnerability has been identified in SIMATIC PCS neo (Administ
CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ weak passw ...)
- TODO: check
+ NOT-FOR-US: I-doit pro
CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configured wi ...)
- TODO: check
+ NOT-FOR-US: I-doit pro
CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...)
- TODO: check
+ NOT-FOR-US: I-doit pro
CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...)
TODO: check
CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...)
@@ -700,7 +700,7 @@ CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Ca
CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. ...)
NOT-FOR-US: ARRIS TG852G, TG862G, and TG1672G devices
CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certifica ...)
- TODO: check
+ NOT-FOR-US: Anaconda Python
CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
NOT-FOR-US: icms2
CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...)
@@ -28441,7 +28441,7 @@ CVE-2023-27472 (quickentity-editor-next is an open source, system local, video g
CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 ...)
- TODO: check
+ NOT-FOR-US: N-able Take Control Agent
CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...)
NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2023-27468
@@ -29298,7 +29298,7 @@ CVE-2023-27171
CVE-2023-27170
RESERVED
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
- TODO: check
+ NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168
RESERVED
CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...)
@@ -31251,7 +31251,7 @@ CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an ou
CVE-2023-26370
RESERVED
CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26368
RESERVED
CVE-2023-26367
@@ -33831,7 +33831,7 @@ CVE-2023-25610
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-25607
RESERVED
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...)
@@ -38937,7 +38937,7 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Je
CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...)
NOT-FOR-US: Open5GS
CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
NOT-FOR-US: SolarWinds
CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
@@ -38947,7 +38947,7 @@ CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
NOT-FOR-US: SolarWinds
CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)
NOT-FOR-US: SolarWinds
CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)
@@ -53847,13 +53847,13 @@ CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not
CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...)
NOT-FOR-US: WordPress plugin
CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the Management Co ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the Management ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2023-21521 (An SQL Injection vulnerability in the Management Console(Operator Audi ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self Service(Credenti ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2023-21519
RESERVED
CVE-2022-45467
@@ -60555,13 +60555,13 @@ CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Ci
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
NOT-FOR-US: Cisco
CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20235
RESERVED
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco FXOS Software
CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
NOT-FOR-US: Cisco
CVE-2023-20231
@@ -60653,9 +60653,9 @@ CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco IS
CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
NOT-FOR-US: Cisco
CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on MPLS in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20190 (A vulnerability in the classic access control list (ACL) compression f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -60765,7 +60765,7 @@ CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface o
CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could allow an ...)
NOT-FOR-US: Cisco
CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification checks cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
@@ -83373,7 +83373,7 @@ CVE-2022-35851 (An improper neutralization of input during web page generation v
CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...)
NOT-FOR-US: Fortinet
CVE-2022-35849 (An improper neutralization of special elements used in an OS command v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35848
RESERVED
CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
@@ -88039,7 +88039,7 @@ CVE-2022-34240
CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -88061,13 +88061,13 @@ CVE-2022-34229 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -103433,17 +103433,17 @@ CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.00
CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...)
NOT-FOR-US: Adobe
CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...)
@@ -117811,7 +117811,7 @@ CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and
CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
NOT-FOR-US: Adobe
CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
@@ -120574,7 +120574,7 @@ CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in
CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...)
NOT-FOR-US: YzmCMS
CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170 ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Hichip Vision Technology IP Camera Firmware
CVE-2022-23381
RESERVED
CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...)
@@ -131633,7 +131633,7 @@ CVE-2021-44174
CVE-2021-44173
RESERVED
CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
@@ -176000,7 +176000,7 @@ CVE-2021-28487
CVE-2021-28486
RESERVED
CVE-2021-28485 (Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 rele ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...)
NOT-FOR-US: yubihsm-connector
CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230915/0e6e2df0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list