[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 18 15:17:40 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a160dc6 by Moritz Muehlenhoff at 2023-09-18T16:07:51+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...)
- TODO: check
+ NOT-FOR-US: Memos
CVE-2023-5034 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester My Food Recipe
CVE-2023-5033 (A vulnerability classified as critical has been found in OpenRapid Rap ...)
@@ -11,7 +11,7 @@ CVE-2023-5031 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has bee
CVE-2023-5030 (A vulnerability has been found in Tongda OA up to 11.10 and classified ...)
NOT-FOR-US: Tongda OA
CVE-2023-5029 (A vulnerability, which was classified as critical, was found in mccms ...)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-43115 (In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead ...)
TODO: check
CVE-2023-43114 (An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6 ...)
@@ -546,7 +546,7 @@ CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGi
CVE-2023-4501 (User authentication with username and password credentials is ineffect ...)
NOT-FOR-US: Micro Focus
CVE-2023-41885 (Piccolo is an ORM and query builder which supports asyncio. In version ...)
- TODO: check
+ NOT-FOR-US: Piccolo
CVE-2023-41846 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
NOT-FOR-US: Siemens
CVE-2023-41764 (Microsoft Office Spoofing Vulnerability)
@@ -690,7 +690,7 @@ CVE-2023-36793 (Visual Studio Remote Code Execution Vulnerability)
CVE-2023-36792 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36788 (.NET Framework Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft .NET
CVE-2023-36777 (Microsoft Exchange Server Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36773 (3D Builder Remote Code Execution Vulnerability)
@@ -861,7 +861,7 @@ CVE-2023-3039 (SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Acc
CVE-2023-39069 (An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 al ...)
NOT-FOR-US: StrangeBee TheHive
CVE-2023-38878 (A reflected cross-site scripting (XSS) vulnerability in DevCode OpenST ...)
- TODO: check
+ NOT-FOR-US: DevCode OpenSTAManager
CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business Intelligen ...)
NOT-FOR-US: SAP
CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible memory corru ...)
@@ -928,7 +928,7 @@ CVE-2023-41609 (An open redirect vulnerability in the sanitize_url() parameter o
CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop ...)
NOT-FOR-US: Dairy Farm Shop Management System
CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for Symfony ...)
- TODO: check
+ NOT-FOR-US: ux-autocomplete
CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in ...)
@@ -973,7 +973,7 @@ CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute
- cppcheck <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/
CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...)
- TODO: check
+ NOT-FOR-US: NBD80S09S-KLC
CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allo ...)
NOT-FOR-US: ZLMediaKiet
CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local at ...)
@@ -985,7 +985,7 @@ CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows admin
CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balanc ...)
- TODO: check
+ NOT-FOR-US: Ethereum Blockchain
CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_ ...)
@@ -1107,7 +1107,7 @@ CVE-2023-41575 (Multiple stored cross-site scripting (XSS) vulnerabilities in /b
CVE-2023-41338 (Fiber is an Express inspired web framework built in the go language. V ...)
NOT-FOR-US: Fiber
CVE-2023-41318 (matrix-media-repo is a highly customizable multi-domain media reposito ...)
- TODO: check
+ NOT-FOR-US: matrix-media-repo
CVE-2023-40924 (SolarView Compact < 6.00 is vulnerable to Directory Traversal.)
NOT-FOR-US: SolarView Compact
CVE-2023-39712 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
@@ -17443,7 +17443,7 @@ CVE-2023-30964
CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...)
NOT-FOR-US: Palantir
CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Gotham Cerberus
CVE-2023-30961
RESERVED
CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
@@ -17648,7 +17648,7 @@ CVE-2023-30911
CVE-2023-30910
RESERVED
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView APIs.)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
NOT-FOR-US: HPE
CVE-2023-30907
@@ -18047,9 +18047,9 @@ CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Ap
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
CVE-2022-48475 (Buffer Overflow vulnerability in Control de Ciber version 1.650, in th ...)
- TODO: check
+ NOT-FOR-US: Control de Ciber
CVE-2022-48474 (Control de Ciber, in its 1.650 version, is affected by a Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: Control de Ciber
CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
NOT-FOR-US: Huawei
CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...)
@@ -20232,7 +20232,7 @@ CVE-2023-30060
CVE-2023-30059
RESERVED
CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.)
- TODO: check
+ NOT-FOR-US: novel-plus
CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...)
NOT-FOR-US: FICO
CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...)
@@ -24902,7 +24902,7 @@ CVE-2023-28616
CVE-2023-28615
RESERVED
CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Freewill iFIS
CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and Baseban ...)
NOT-FOR-US: Samsung
CVE-2023-28612
@@ -34479,7 +34479,7 @@ CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
NOT-FOR-US: NVIDIA
CVE-2023-25519 (NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
NOT-FOR-US: NVIDIA
CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -37698,7 +37698,7 @@ CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Ker
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
NOT-FOR-US: Mitsubishi
CVE-2022-4896 (Cyber Control, in its 1.650 version, is affected by a vulnerabilityin ...)
- TODO: check
+ NOT-FOR-US: Cyber Control
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...)
@@ -45848,7 +45848,7 @@ CVE-2022-47850
CVE-2022-47849
RESERVED
CVE-2022-47848 (An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09. ...)
- TODO: check
+ NOT-FOR-US: Bezeq Vtech
CVE-2022-47847
RESERVED
CVE-2022-47846
@@ -46338,7 +46338,7 @@ CVE-2022-47639
CVE-2022-47638
RESERVED
CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to write to t ...)
- TODO: check
+ NOT-FOR-US: XAMPP installer
CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...)
NOT-FOR-US: OutSystems Service Studio
CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
@@ -46350,7 +46350,7 @@ CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.
CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...)
NOT-FOR-US: Razer
CVE-2022-47631 (Razer Synapse through 3.7.1209.121307 allows privilege escalation due ...)
- TODO: check
+ NOT-FOR-US: Razer
CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 ...)
- arm-trusted-firmware <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/16/8
@@ -136306,7 +136306,7 @@ CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial
CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...)
NOT-FOR-US: Cisco
CVE-2022-20917 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
NOT-FOR-US: Cisco
CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...)
@@ -219052,7 +219052,7 @@ CVE-2020-24090
CVE-2020-24089
RESERVED
CVE-2020-24088 (An issue was discovered in MmMapIoSpace routine in Foxconn Live Update ...)
- TODO: check
+ NOT-FOR-US: Foxconn
CVE-2020-24087
RESERVED
CVE-2020-24086
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a160dc6747dde7430c953a4c023837154a6404f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a160dc6747dde7430c953a4c023837154a6404f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230918/24330086/attachment.htm>
More information about the debian-security-tracker-commits
mailing list