Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c07c9a17 by Salvatore Bonaccorso at 2023-02-23T22:17:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -510,7 +510,7 @@ CVE-2023-0941 (Use after free in Prompts in Google Chrome
prior to 110.0.5481.17
CVE-2023-0940
RESERVED
CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: NTN Information Technologies Online Services Software
CVE-2023-0938 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Music Gallery Site
CVE-2023-0937
@@ -635,7 +635,7 @@ CVE-2023-26216
CVE-2023-26215
RESERVED
CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s
TIBCO Busine ...)
- TODO: check
+ NOT-FOR-US: BusinessConnect UI component of TIBCO
CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
NOT-FOR-US: Answer
CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to
110.0.5481.177 allow ...)
@@ -1461,11 +1461,11 @@ CVE-2023-0871
CVE-2023-0870
RESERVED
CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of
OpenNM ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple
versions o ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-0867 (Multiple stored and reflected cross-site scripting
vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -2053,7 +2053,7 @@ CVE-2023-24585
CVE-2023-0816
RESERVED
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log
Files in m ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-0814 (The Profile Builder – User Profile & User
Registration Forms ...)
NOT-FOR-US: Profile Builder – User Profile & User Registration
Forms plugin for WordPress
CVE-2023-0813
@@ -3744,7 +3744,7 @@ CVE-2023-25156 (Kiwi TCMS, an open source test management
system, does not impos
CVE-2023-25155
RESERVED
CVE-2023-25154 (Misskey is an open source, decentralized social media
platform. In ver ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2023-25153 (containerd is an open source container runtime. Before
versions 1.6.18 ...)
- containerd 1.6.18~ds1-1
[bullseye] - containerd <no-dsa> (Minor issue; will be fixed via point
release)
@@ -4650,11 +4650,11 @@ CVE-2023-24813 (Dompdf is an HTML to PDF converter
written in php. Due to the di
- php-dompdf 2.0.3+dfsg-1
NOTE:
https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75
CVE-2023-24812 (Misskey is an open source, decentralized social media
platform. In ver ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2023-24811 (Misskey is an open source, decentralized social media
platform. In ver ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2023-24810 (Misskey is an open source, decentralized social media
platform. Due to ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting
with ver ...)
- nethack <unfixed>
NOTE:
https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch
@@ -5846,7 +5846,7 @@ CVE-2023-24417
CVE-2023-24416
RESERVED
CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in
QuantumCloud ChatBo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24414
RESERVED
CVE-2023-24413
@@ -5908,7 +5908,7 @@ CVE-2023-24386
CVE-2023-24385
RESERVED
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt
Organizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24383
RESERVED
CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP
Material ...)
@@ -6501,7 +6501,7 @@ CVE-2023-24116
CVE-2023-24115
RESERVED
CVE-2023-24114 (typecho 1.1/17.10.30 was discovered to contain a remote code
execution ...)
- TODO: check
+ NOT-FOR-US: typecho
CVE-2023-24113
RESERVED
CVE-2023-24112
@@ -6513,15 +6513,15 @@ CVE-2023-24110
CVE-2023-24109
RESERVED
CVE-2023-24108 (MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: MvcTools
CVE-2023-24107 (hour_of_code_python_2015 commit
520929797b9ca43bb818b2e8f963fb2025459f ...)
- TODO: check
+ NOT-FOR-US: hour_of_code_python_2015
CVE-2023-24106
RESERVED
CVE-2023-24105
RESERVED
CVE-2023-24104 (Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks UniFi Dream Machine Pro
CVE-2023-24103
RESERVED
CVE-2023-24102
@@ -6567,9 +6567,9 @@ CVE-2023-24083
CVE-2023-24082
RESERVED
CVE-2023-24081 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Redrock ...)
- TODO: check
+ NOT-FOR-US: Redrock Software TutorTrac
CVE-2023-24080 (A lack of rate limiting on the password reset endpoint of
Chamberlain ...)
- TODO: check
+ NOT-FOR-US: Chamberlain myQ
CVE-2023-24079
RESERVED
CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to
contain a r ...)
@@ -7836,7 +7836,7 @@ CVE-2023-23661
CVE-2023-23660
RESERVED
CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP
Matomo Exten ...)
- TODO: check
+ NOT-FOR-US: MainWP Matomo Extension
CVE-2023-23658
RESERVED
CVE-2023-23657
@@ -35352,7 +35352,7 @@ CVE-2020-36605 (Incorrect Default Permissions
vulnerability in Hitachi Infrastru
CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing
an inva ...)
NOT-FOR-US: LINE client for iOS
CVE-2022-41567 (The BusinessConnect UI component of TIBCO Software Inc.'s
TIBCO Busine ...)
- TODO: check
+ NOT-FOR-US: BusinessConnect UI component of TIBCO
CVE-2022-41566 (The server component of TIBCO Software Inc.'s TIBCO EBX
Add-ons contai ...)
TODO: check
CVE-2022-41565 (The Web Application component of TIBCO Software Inc.'s TIBCO
EBX and T ...)
@@ -43721,7 +43721,7 @@ CVE-2022-2884 (A vulnerability in GitLab CE/EE
affecting all versions from 11.3.
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload
a zipb ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and
either ...)
@@ -45112,11 +45112,11 @@ CVE-2022-37940
CVE-2022-37939
RESERVED
CVE-2022-37938 (Unauthenticated server side request forgery in HPE
Serviceguard Manage ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37936 (Unauthenticated Java deserialization vulnerability in
Serviceguard Man ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may
disclose ...)
NOT-FOR-US: HPE OneView for VMware vCenter
CVE-2022-37934 (A potential security vulnerability has been identified in HPE
OfficeCo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07c9a17a0187fa0fc321164015c82449cb387b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c07c9a17a0187fa0fc321164015c82449cb387b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
