Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
629d2aaf by Salvatore Bonaccorso at 2023-03-14T13:13:24+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1269,13 +1269,13 @@ CVE-2023-27898 (Jenkins 2.270 through 2.393 (both
inclusive), LTS 2.277.1 throug
CVE-2023-27897
RESERVED
CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform -
version 420, 4 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the
screen to be ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web
Services) - ve ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27893 (An attacker authenticated as a user with a non-administrative
role and ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-1258
RESERVED
CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series
device ...)
@@ -2413,13 +2413,13 @@ CVE-2023-27506
CVE-2023-27505
RESERVED
CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700,
701, 702, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27500 (An attacker with non-administrative authorizations can exploit
a direc ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27499
RESERVED
CVE-2023-27498 (SAP Host Agent (SAPOSCOL) - version 7.22, allows an
unauthenticated at ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27497
RESERVED
CVE-2023-27393
@@ -3075,13 +3075,13 @@ CVE-2023-27273
CVE-2023-27272
RESERVED
CVE-2023-27271 (In SAP BusinessObjects Business Intelligence Platform (Web
Services) - ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27270 (SAP NetWeaver Application Server for ABAP and ABAP Platform -
versions ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform -
versions ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version
7.50, does ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-27267
RESERVED
CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when
constructi ...)
@@ -5024,15 +5024,15 @@ CVE-2023-26463
CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain
elevated privi ...)
NOT-FOR-US: ThingsBoard
CVE-2023-26461 (SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50,
allows an ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server
for Java ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP
and ABAP P ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-26458
RESERVED
CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently
encode user-c ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-26456
RESERVED
CVE-2023-26455
@@ -7536,13 +7536,13 @@ CVE-2023-25620
CVE-2023-25619
RESERVED
CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform -
versions ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430,
allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-25616 (In some scenario, SAP Business Objects Business Intelligence
Platform ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-25615 (Due to insufficient input sanitization, SAP ABAP - versions
751, 753, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions
700, 701, ...)
NOT-FOR-US: SAP
CVE-2023-25613 (An LDAP Injection vulnerability exists in the
LdapIdentityBackend of A ...)
@@ -10599,7 +10599,7 @@ CVE-2023-24528 (SAP Fiori apps for Travel Management in
SAP ERP (My Travel Reque
CVE-2023-24527
RESERVED
CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service -
version ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND
102, 103, ...)
NOT-FOR-US: SAP
CVE-2023-24524 (SAP S/4 HANA Map Treasury Correspondence Format Data does not
perform ...)
@@ -12333,7 +12333,7 @@ CVE-2023-23859 (SAP NetWeaver AS for ABAP and ABAP
Platform - versions 740, 750,
CVE-2023-23858 (Due to insufficient input validation, SAP NetWeaver AS for
ABAP and AB ...)
NOT-FOR-US: SAP
CVE-2023-23857 (Due to missing authentication check, SAP NetWeaver AS for Java
- versi ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-23856 (In SAP BusinessObjects Business Intelligence (Web Intelligence
user in ...)
NOT-FOR-US: SAP
CVE-2023-23855 (SAP Solution Manager - version 720, allows an authenticated
attacker t ...)
@@ -18321,7 +18321,7 @@ CVE-2023-0023 (In SAP Bank Account Management (Manage
Banks) application, when a
CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for
OLAP al ...)
NOT-FOR-US: SAP
CVE-2023-0021 (Due to insufficient encoding of user input, SAP NetWeaver -
versions 7 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via
/aya/module/admin/fst_ ...)
NOT-FOR-US: AyaCMS
CVE-2022-4663 (The Members Import plugin for WordPress is vulnerable to Self
Cross-Si ...)
@@ -21825,7 +21825,7 @@ CVE-2022-47165
CVE-2022-47164
RESERVED
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie
Herdyawan DH ...)
TODO: check
CVE-2022-47161
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629d2aaf9e97ee59315bade07c0666111312bdd6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/629d2aaf9e97ee59315bade07c0666111312bdd6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
