[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 24 16:18:02 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2be57dc by Salvatore Bonaccorso at 2023-09-24T17:17:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library for
NOTE: https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940
NOTE: https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2
CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: Galaxy
CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting in vers ...)
TODO: check
CVE-2023-42798 (AutomataCI is a template git repository equipped with a native built-i ...)
@@ -147,7 +147,7 @@ CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free
CVE-2023-42458 (Zope is an open-source web application server. Prior to versions 4.8.1 ...)
NOT-FOR-US: Zope
CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELE ...)
- TODO: check
+ NOT-FOR-US: plone.rest
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to ...)
TODO: check
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...)
@@ -161,9 +161,9 @@ CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in i ...)
TODO: check
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...)
- TODO: check
+ NOT-FOR-US: plone.namedfile
CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and ...)
NOT-FOR-US: Prestashop opartplannedpopup
CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop opartfaq th ...)
@@ -196,7 +196,7 @@ CVE-2023-38876 (A reflected cross-site scripting (XSS) vulnerability in msaad199
CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...)
NOT-FOR-US: msaad1999's PHP-Login-System
CVE-2023-37279 (Faktory is a language-agnostic persistent background job server. Prior ...)
- TODO: check
+ NOT-FOR-US: Faktory
CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attac ...)
- netbox <itp> (bug #1017079)
CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, allows remot ...)
@@ -204,15 +204,15 @@ CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, allows
CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 ...)
NOT-FOR-US: PrestaShop opartsavecart
CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...)
NOT-FOR-US: D-Link
CVE-2023-5042 (Sensitive information disclosure due to insecure folder permissions. T ...)
NOT-FOR-US: Acronis
CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromi ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot solution imple ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201 ...)
TODO: check
CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...)
@@ -234,9 +234,9 @@ CVE-2023-43495 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not esca
CVE-2023-43494 (Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414. ...)
- jenkins <removed>
CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), fi ...)
- TODO: check
+ NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra ...)
- TODO: check
+ NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_c ...)
- hoteldruid <unfixed>
CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php ...)
@@ -276,7 +276,7 @@ CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a comman
CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...)
NOT-FOR-US: TP-Link
CVE-2023-43134 (There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
@@ -294,17 +294,17 @@ CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater bef
CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...)
TODO: check
CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...)
- TODO: check
+ NOT-FOR-US: KostacKostac PLC Programming Software
CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...)
- TODO: check
+ NOT-FOR-US: Kostac PLC Programming Software
CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: Skyworth
CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...)
- phppgadmin <unfixed>
NOTE: https://github.com/phppgadmin/phppgadmin/issues/174
NOTE: https://github.com/hestiacp/phppgadmin/pull/4
CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...)
- TODO: check
+ NOT-FOR-US: OpenKnowledgeMaps Head Start
CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged ...)
NOT-FOR-US: IBM
CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
@@ -353,7 +353,7 @@ CVE-2023-5063 (The Widget Responsive for Youtube plugin for WordPress is vulnera
CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete fix to a ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared secret, loca ...)
- croc <itp> (bug #1017956)
CVE-2023-43620 (An issue was discovered in Croc through 9.6.5. A sender may place ANSI ...)
@@ -435,7 +435,7 @@ CVE-2023-38351 (MiniTool Partition Wizard 12.8 contains an insecure installation
CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian an ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
- TODO: check
+ NOT-FOR-US: SUSE RKE2
CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link Following') vulne ...)
TODO: check
CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard ...)
@@ -539,7 +539,7 @@ CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe in
CVE-2023-33831 (A remote command execution (RCE) vulnerability in the /api/runscript e ...)
NOT-FOR-US: FUXA
CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: SUSE k3s
CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...)
- linux 5.8.7-1
[buster] - linux 4.19.146-1
@@ -17628,7 +17628,7 @@ CVE-2023-2264
CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell Automation sele ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...)
NOT-FOR-US: WP Activity Log plugin for WordPress
CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
@@ -17933,21 +17933,21 @@ CVE-2023-31017
CVE-2023-31016
RESERVED
CVE-2023-31015 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31014 (NVIDIA GeForce Now for Android contains a vulnerability in the game la ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce Now for Android
CVE-2023-31013 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31012 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31011 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31010 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31009 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31008 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31007 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-31006
@@ -33948,7 +33948,7 @@ CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to Cros
CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...)
NOT-FOR-US: EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2023-0828
RESERVED
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -34537,7 +34537,7 @@ CVE-2023-0775 (An invalid \u2018prepare write request\u2019 command can cause th
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
NOT-FOR-US: SourceCodester Medical Certificate Generator App
CVE-2023-0773 (The vulnerability exists in Uniview IP Camera due to identification an ...)
- TODO: check
+ NOT-FOR-US: Uniview IP Camera
CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25676 (TensorFlow is an open source machine learning platform. When running v ...)
@@ -35045,25 +35045,25 @@ CVE-2023-XXXX [RUSTSEC-2023-0005]
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0005.html
NOTE: https://github.com/tokio-rs/tokio/issues/5372
CVE-2023-25534 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25533 (NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25532 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25531 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25529 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains a vulne ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25527 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25526 (NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Cumulus Linux
CVE-2023-25525 (NVIDIA Cumulus Linux contains a vulnerability in forwarding where a Vx ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Cumulus Linux
CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a ...)
NOT-FOR-US: NVIDIA
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
@@ -39562,7 +39562,7 @@ CVE-2023-23959
CVE-2023-23958
RESERVED
CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...)
- TODO: check
+ NOT-FOR-US: Symantec Identity Portal
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
NOT-FOR-US: Symantec
CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
@@ -41480,11 +41480,11 @@ CVE-2023-23366
CVE-2023-23365
RESERVED
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23362 (An OS command injection vulnerability has been reported to affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23361
RESERVED
CVE-2023-23360
@@ -47207,21 +47207,21 @@ CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port (111),
CVE-2022-47561 (The web application stores credentials in clear text in the "admin.xml ...)
TODO: check
CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices allows ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47558 (Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP se ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47557 (Vulnerability in ekorCCP and ekorRCI that could allow an attacker with ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47556 (Uncontrolled resource consumption in ekorRCI, allowing an attacker wit ...)
- TODO: check
+ NOT-FOR-US: ekorRCI devices
CVE-2022-47555 (Operating system command injection in ekorCCP and ekorRCI, which could ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47554 (Exposure of sensitive information in ekorCCP and ekorRCI, potentially ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47553 (Incorrect authorisation in ekorCCP and ekorRCI, which could allow a re ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47552
RESERVED
CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read perm ...)
@@ -54858,9 +54858,9 @@ CVE-2022-45450 (Sensitive information disclosure and manipulation due to imprope
CVE-2022-45449
RESERVED
CVE-2022-45448 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...)
- TODO: check
+ NOT-FOR-US: M4 PDF plugin for Prestashop sites
CVE-2022-45447 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...)
- TODO: check
+ NOT-FOR-US: M4 PDF plugin for Prestashop sites
CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...)
@@ -219635,7 +219635,7 @@ CVE-2020-24091
CVE-2020-24090
RESERVED
CVE-2020-24089 (An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter ...)
- TODO: check
+ NOT-FOR-US: IOBit Malware Fighter
CVE-2020-24088 (An issue was discovered in MmMapIoSpace routine in Foxconn Live Update ...)
NOT-FOR-US: Foxconn
CVE-2020-24087
@@ -376536,7 +376536,7 @@ CVE-2018-5480
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...)
NOT-FOR-US: FoxSash ImgHosting
CVE-2018-5478 (Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web Appl ...)
NOT-FOR-US: ABB netCADOPS Web Application
CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2be57dc34894b76a6ee2fc288e52d775a36a6ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2be57dc34894b76a6ee2fc288e52d775a36a6ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230924/c6d8736f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list