Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9205cae9 by Salvatore Bonaccorso at 2023-02-23T20:56:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1683,11 +1683,11 @@ CVE-2023-25814
CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a
SQL inj ...)
TODO: check
CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected
versions do ...)
- TODO: check
+ NOT-FOR-US: Minio
CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions
prior to 1.2 ...)
- TODO: check
+ NOT-FOR-US: Uptime Kuma
CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions
prior to 1.2 ...)
- TODO: check
+ NOT-FOR-US: Uptime Kuma
CVE-2023-25809
RESERVED
CVE-2023-25808
@@ -1747,7 +1747,7 @@ CVE-2023-25782
CVE-2023-25781
RESERVED
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of
alarm r ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-0845
RESERVED
CVE-2023-0844
@@ -3705,7 +3705,7 @@ CVE-2023-25160 (Nextcloud Mail is an email app for the
Nextcloud home server pla
CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25158 (GeoTools is an open source Java library that provides tools
for geospa ...)
- TODO: check
+ NOT-FOR-US: GeoTools
CVE-2023-25157 (GeoServer is an open source software server written in Java
that allow ...)
TODO: check
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not
impose rate ...)
@@ -6058,7 +6058,7 @@ CVE-2023-24322 (A reflected cross-site scripting (XSS)
vulnerability in the File
CVE-2023-24321
RESERVED
CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Axcora POS
CVE-2023-24319
RESERVED
CVE-2023-24318
@@ -6512,7 +6512,7 @@ CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet
Wireless AC Easy-Upgrad
CVE-2023-24094
RESERVED
CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: H3C A210-G A210-GV100R005
CVE-2023-24092
RESERVED
CVE-2023-24091
@@ -9520,7 +9520,7 @@ CVE-2023-23065
CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to
Incorrect Acce ...)
NOT-FOR-US: TOTOLINK
CVE-2023-23063 (Cellinx NVT v1.0.6.002b is vulnerable to local file
disclosure. ...)
- TODO: check
+ NOT-FOR-US: Cellinx NVT
CVE-2023-23062
RESERVED
CVE-2023-23061
@@ -9566,7 +9566,7 @@ CVE-2023-23042
CVE-2023-23041
RESERVED
CVE-2023-23040 (TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a
deprecated MD5 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-23039 (An issue was discovered in the Linux kernel through 6.2.0-rc2.
drivers ...)
TODO: check
CVE-2023-23038
@@ -9699,11 +9699,11 @@ CVE-2023-22976
CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).
...)
NOT-FOR-US: jfinal_cms
CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows
remote unau ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-22973 (A Local File Inclusion (LFI) vulnerability in
interface/forms/LBF/new. ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in
interface/form ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network
Systems Rou ...)
NOT-FOR-US: Hughes
CVE-2023-22970
@@ -12005,7 +12005,7 @@ CVE-2022-48151
CVE-2022-48150
RESERVED
CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0
was discov ...)
- TODO: check
+ NOT-FOR-US: Online Student Admission System in PHP Free Source Code
CVE-2022-48148
RESERVED
CVE-2022-48147
@@ -18211,7 +18211,7 @@ CVE-2022-46639 (A vulnerability in the
descarga_etiqueta.php component of Correo
CVE-2022-46638
RESERVED
CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded
credentials ...)
- TODO: check
+ NOT-FOR-US: Prolink router
CVE-2022-46636
RESERVED
CVE-2022-46635
@@ -21128,9 +21128,9 @@ CVE-2022-45602
CVE-2022-45601
RESERVED
CVE-2022-45600 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices
imprope ...)
- TODO: check
+ NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App
before v2.9.1 ...)
NOT-FOR-US: Joplin Desktop App
CVE-2022-45597
@@ -25356,13 +25356,13 @@ CVE-2023-20860
CVE-2023-20859
RESERVED
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x
prior to 8 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20857
RESERVED
CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass
vulnerabilit ...)
NOT-FOR-US: VMware
CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity
(XXE) vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion
vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-44605
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205cae91568fdb8383f0702de3c5a6390c8c986
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205cae91568fdb8383f0702de3c5a6390c8c986
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
