Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6e7b381 by Moritz Muehlenhoff at 2023-02-02T17:41:30+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,11 +12,11 @@ CVE-2023-25017
CVE-2023-25016
RESERVED
CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used,
allows CSRF ...)
- TODO: check
+ NOT-FOR-US: Clockwork Web
CVE-2023-25014 (An issue was discovered in the femanager extension before
5.5.3, 6.x b ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2023-25013 (An issue was discovered in the femanager extension before
5.5.3, 6.x b ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in
bigben_remove i ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/all/[email protected]/
@@ -119,9 +119,9 @@ CVE-2023-24978
CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is
vulnerable to au ...)
NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress
CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It
has been ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It
has been ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
CVE-2023-0615
@@ -131,15 +131,15 @@ CVE-2023-0615
CVE-2023-0614
RESERVED
CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0
and cla ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0612 (A vulnerability, which was classified as critical, was found in
TRENDn ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0611 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag
prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag
prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache
Software Fou ...)
NOT-FOR-US: Apache InLong
CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation
Apache ...)
@@ -469,7 +469,7 @@ CVE-2023-24834
CVE-2023-0600
RESERVED
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a
stored c ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-0598
RESERVED
CVE-2023-0597
@@ -3393,9 +3393,9 @@ CVE-2023-23753
CVE-2023-23752
RESERVED
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A
missing ACL ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A
missing toke ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP -
NTLM & ...)
NOT-FOR-US: Joomla! extension
CVE-2023-23748
@@ -3716,7 +3716,7 @@ CVE-2023-23632
CVE-2023-23631
RESERVED
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside
Node, Deno, ...)
- TODO: check
+ NOT-FOR-US: Eta
CVE-2023-23629 (Metabase is an open source data analytics platform. Affected
versions ...)
NOT-FOR-US: Metabase
CVE-2023-23628 (Metabase is an open source data analytics platform. Affected
versions ...)
@@ -4231,7 +4231,7 @@ CVE-2023-22839 (On BIG-IP versions 17.0.x before
17.0.0.2, 16.1.x before 16.1.3.
CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before
16.1.3.3, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and
F5OS-C beginn ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before
16.1.3.3, ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3,
15.1.x bef ...)
@@ -4247,7 +4247,7 @@ CVE-2023-22340 (On BIG-IP versions 16.1.x before
16.1.3.3, 15.1.x before 15.1.8,
CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before
16.1.3.3, 15. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before
16.1.3.3, 15. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x
beginning in 16. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22287
@@ -5108,27 +5108,27 @@ CVE-2023-23138
CVE-2023-23137
RESERVED
CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file
deletion vuln ...)
- TODO: check
+ NOT-FOR-US: lmxcms
CVE-2023-23135 (An arbitrary file upload vulnerability in Ftdms v3.1.6 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: ftdms
CVE-2023-23134
RESERVED
CVE-2023-23133
RESERVED
CVE-2023-23132 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key
disclos ...)
- TODO: check
+ NOT-FOR-US: Selfwealth
CVE-2023-23131 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App
Transpor ...)
- TODO: check
+ NOT-FOR-US: Selfwealth
CVE-2023-23130 (Connectwise Automate 2022.11 is vulnerable to Cleartext
authentication ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23129
RESERVED
CVE-2023-23128 (Connectwise Control 22.8.10013.8329 is vulnerable to Cross
Origin Reso ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23127 (In Connectwise Control 22.8.10013.8329, the login page does
not implem ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23126 (Connectwise Automate 2022.11 is vulnerable to Clickjacking.
The login ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2023-23125
RESERVED
CVE-2023-23124
@@ -5275,17 +5275,17 @@ CVE-2023-23080
CVE-2023-23079
RESERVED
CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine
ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23077 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine
ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23076 (OS Command injection vulnerability in Support Center Plus 11
via Execu ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23075 (Cross Site Scripting (XSS) vulnerability in Zoho Asset
Explorer 6.9 vi ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23074 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine
ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23073 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine
ServiceD ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-23072
RESERVED
CVE-2023-23071
@@ -7151,13 +7151,13 @@ CVE-2015-10010 (A vulnerability was found in OpenDNS
OpenResolve. It has been ra
CVE-2023-22576
RESERVED
CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion
of sensit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion
of sensit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22573 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22572 (Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of
sensitiv ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-0032
RESERVED
CVE-2023-0031
@@ -7381,7 +7381,7 @@ CVE-2023-22503
CVE-2023-22502
RESERVED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service
Managem ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository
linagora/twak ...)
NOT-FOR-US: linagora/Twake
CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0
for Robot ...)
@@ -7884,9 +7884,9 @@ CVE-2022-48096
CVE-2022-48095
RESERVED
CVE-2022-48094 (lmxcms v1.41 was discovered to contain an arbitrary file read
vulnerab ...)
- TODO: check
+ NOT-FOR-US: lmxcms
CVE-2022-48093 (Seacms v12.7 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2022-48092
RESERVED
CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to
Cross Site ...)
@@ -9131,7 +9131,7 @@ CVE-2022-47874
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE)
resulting i ...)
NOT-FOR-US: Netcad KEOS
CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request
forgery ( ...)
- TODO: check
+ NOT-FOR-US: maccms10
CVE-2022-47871
RESERVED
CVE-2022-47870
@@ -9441,13 +9441,13 @@ CVE-2022-47719
CVE-2022-47718
RESERVED
CVE-2022-47717 (Last Yard 22.09.8-1 is vulnerable to Cross-origin resource
sharing (CO ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47716
RESERVED
CVE-2022-47715 (In Last Yard 22.09.8-1, the cookie can be stolen via via
unencrypted t ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47714 (Last Yard 22.09.8-1 does not enforce HSTS headers ...)
- TODO: check
+ NOT-FOR-US: Last Yard
CVE-2022-47713
RESERVED
CVE-2022-47712
@@ -12718,9 +12718,9 @@ CVE-2022-47005
CVE-2022-47004
RESERVED
CVE-2022-47003 (A vulnerability in the Remember Me function of Mura CMS before
v10.0.5 ...)
- TODO: check
+ NOT-FOR-US: Mura CMS
CVE-2022-47002 (A vulnerability in the Remember Me function of Masa CMS v7.2,
7.3, and ...)
- TODO: check
+ NOT-FOR-US: Mura CMS
CVE-2022-47001
RESERVED
CVE-2022-47000
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e7b38122c3123db54cc0e17c6d664f27d66a65
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6e7b38122c3123db54cc0e17c6d664f27d66a65
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
