[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 14 Mar 2023 09:29:42 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2836c442 by Moritz Muehlenhoff at 2023-03-14T17:28:54+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -451,7 +451,7 @@ CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT 
eXplorer 9.4.86.0. It
 CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as 
critic ...)
        NOT-FOR-US: XHCMS
 CVE-2023-1367 (Code Injection in GitHub repository 
alextselegidis/easyappointments pr ...)
-       TODO: check
+       NOT-FOR-US: alextselegidis/easyappointments
 CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class 
Registration Sy ...)
        NOT-FOR-US: SourceCodester Yoga Class Registration System
 CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza 
Ordering Syst ...)
@@ -2192,7 +2192,7 @@ CVE-2023-27589
 CVE-2023-27588
        RESERVED
 CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and 
listen to  ...)
-       TODO: check
+       NOT-FOR-US: ReadtoMyShoe
 CVE-2023-27586
        RESERVED
 CVE-2023-27585
@@ -2200,13 +2200,13 @@ CVE-2023-27585
 CVE-2023-27584
        RESERVED
 CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: PanIndex
 CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with 
version 0 ...)
-       TODO: check
+       NOT-FOR-US: maddy
 CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of 
GitHub e ...)
-       TODO: check
+       NOT-FOR-US: github-slug-action
 CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization 
for the C ...)
-       TODO: check
+       NOT-FOR-US: CodeIgniter
 CVE-2023-27579
        RESERVED
 CVE-2023-27578
@@ -3645,7 +3645,7 @@ CVE-2023-27054
 CVE-2023-27053
        RESERVED
 CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: E-Commerce System
 CVE-2023-27051
        RESERVED
 CVE-2023-27050
@@ -5348,7 +5348,7 @@ CVE-2023-26315
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: MedData Informatics MedDataPACS
 CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent 
Sandbox CLI f ...)
-       TODO: check
+       NOT-FOR-US: Trellix
 CVE-2023-0977
        RESERVED
 CVE-2023-0976
@@ -5358,7 +5358,7 @@ CVE-2023-0975
 CVE-2023-0974
        RESERVED
 CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a 
null poi ...)
-       TODO: check
+       NOT-FOR-US: STEPTools ifcmesh library
 CVE-2023-0972
        RESERVED
 CVE-2023-0971
@@ -6403,7 +6403,7 @@ CVE-2023-0890
 CVE-2023-0889
        RESERVED
 CVE-2023-0888 (An improper neutralization of directives in dynamically 
evaluated code ...)
-       TODO: check
+       NOT-FOR-US: Space Battery Pack SP with Wi-Fi
 CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and 
classified a ...)
        NOT-FOR-US: phjounin TFTPD64-SE
 CVE-2023-0886
@@ -6809,9 +6809,9 @@ CVE-2023-25805 (versionn, software for changing version 
information across multi
 CVE-2023-25804
        RESERVED
 CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, 
Apache, and Ke ...)
-       TODO: check
+       NOT-FOR-US: Roxy-WI
 CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, 
Apache, and Ke ...)
-       TODO: check
+       NOT-FOR-US: Roxy-WI
 CVE-2023-25801
        RESERVED
 CVE-2023-25800
@@ -8509,7 +8509,7 @@ CVE-2023-25285
 CVE-2023-25284
        RESERVED
 CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 
allows att ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2023-25282
        RESERVED
 CVE-2023-25281
@@ -8517,7 +8517,7 @@ CVE-2023-25281
 CVE-2023-25280
        RESERVED
 CVE-2023-25279 (OS Command injection vulnerability in D-Link 
DIR820LA1_FW105B03 allows ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2023-25278
        RESERVED
 CVE-2023-25277
@@ -8664,7 +8664,7 @@ CVE-2023-25209
 CVE-2023-25208
        RESERVED
 CVE-2023-25207 (PrestaShop dpdfrance &lt;6.1.3 is vulnerable to SQL Injection 
via dpdf ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2023-25206
        RESERVED
 CVE-2023-25205
@@ -8832,7 +8832,7 @@ CVE-2023-25172
 CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not 
impose rate ...)
        NOT-FOR-US: Kiwi TCMS
 CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, 
prior to ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes 
an autom ...)
        NOT-FOR-US: Discourse plugin
 CVE-2023-25168 (Wings is Pterodactyl's server control plane. This 
vulnerability can be ...)
@@ -9909,7 +9909,7 @@ CVE-2023-24764
 CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an 
authenticated  ...)
        NOT-FOR-US: PrestaShop module
 CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 
DIR_867_FW1.30B07 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2023-24761
        RESERVED
 CVE-2023-24760
@@ -10457,11 +10457,11 @@ CVE-2023-24580 (An issue was discovered in the 
Multipart Request Parser in Djang
        NOTE: 
https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
        NOTE: 
https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
 (3.2.18)
 CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to 
trick a v ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to 
elevate u ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to 
elevate u ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2023-24543
        RESERVED
 CVE-2023-23908
@@ -11150,7 +11150,7 @@ CVE-2023-24370
 CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 
allows atta ...)
        NOT-FOR-US: UJCMS
 CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Temenos
 CVE-2023-24367
        RESERVED
 CVE-2023-24366
@@ -11338,7 +11338,7 @@ CVE-2023-24281
 CVE-2023-24280
        RESERVED
 CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking 
Foundati ...)
-       TODO: check
+       NOT-FOR-US: Open Networking Foundation ONOS
 CVE-2023-24278
        RESERVED
 CVE-2023-24277
@@ -11906,7 +11906,7 @@ CVE-2023-24035
 CVE-2023-24034
        RESERVED
 CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, 
Exynos 1 ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2023-24032
        RESERVED
 CVE-2023-24031
@@ -12744,27 +12744,27 @@ CVE-2023-0357
 CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack 
strong encry ...)
        NOT-FOR-US: SOCOMEC MODULYS GP Netvision
 CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could 
allow an a ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user 
authenticat ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored 
passwords and u ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed 
without authe ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0351 (The Akuvox E11 web server backend library allows command 
injection in  ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated 
with th ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access 
to the ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is 
enforced by t ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary 
identifie ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP 
connec ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default 
and can ...)
-       TODO: check
+       NOT-FOR-US: Akuvox
 CVE-2023-0344
        RESERVED
 CVE-2023-0343
@@ -12856,7 +12856,7 @@ CVE-2023-23713
 CVE-2023-23712
        RESERVED
 CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting 
A2 Optim ...)
-       TODO: check
+       NOT-FOR-US: A2 Hosting
 CVE-2023-23710
        RESERVED
 CVE-2023-23709
@@ -16061,7 +16061,7 @@ CVE-2023-22702
 CVE-2023-22701
        RESERVED
 CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in 
PixelYourSite Pixel ...)
-       TODO: check
+       NOT-FOR-US: PixelYourSite
 CVE-2023-22699
        RESERVED
 CVE-2023-22698
@@ -19233,7 +19233,7 @@ CVE-2022-47597
 CVE-2022-47596
        RESERVED
 CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47594
        RESERVED
 CVE-2022-47593
@@ -20934,7 +20934,7 @@ CVE-2022-47442
 CVE-2022-47441
        RESERVED
 CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C 
Dolson My  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47439
        RESERVED
 CVE-2022-47438
@@ -21854,7 +21854,7 @@ CVE-2022-47173
 CVE-2022-47172
        RESERVED
 CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47170
        RESERVED
 CVE-2022-47169
@@ -21864,7 +21864,7 @@ CVE-2022-47168
 CVE-2022-47167
        RESERVED
 CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders 
Void Con ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47165
        RESERVED
 CVE-2022-47164
@@ -21872,7 +21872,7 @@ CVE-2022-47164
 CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and 
Tricks HQ, ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie 
Herdyawan DH ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47161
        RESERVED
 CVE-2022-47160
@@ -21886,7 +21886,7 @@ CVE-2022-47157
 CVE-2022-47156
        RESERVED
 CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic 
Slider by ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47154
        RESERVED
 CVE-2022-47153
@@ -42871,7 +42871,7 @@ CVE-2022-38104 (Auth. WordPress Options Change 
(siteurl, users_can_register, def
 CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup 
Scheduler plugi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin 
&lt;= 1 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) 
Persistent Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-36424
@@ -50097,7 +50097,7 @@ CVE-2022-35242 (Unauthenticated plugin settings change 
vulnerability in 59sec TH
 CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in 
XplodedThe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy 
plugin 8.5.8. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) 
vulnerability in 8 D ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome 
OS and L ...)
@@ -50353,27 +50353,27 @@ CVE-2022-37953 (An HTTP response splitting 
vulnerability exists in the AM Gatewa
 CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in 
the iHi ...)
        NOT-FOR-US: iHistorian Data Display of WorkstationST
 CVE-2022-37951 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37950 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37949 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37948 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37947 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37946 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37945 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37944 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37943 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37942 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37941 (Not used in 2022 ...)
-       TODO: check
+       NOT-FOR-US: Unused CVE ID
 CVE-2022-37940
        RESERVED
 CVE-2022-37939 (A potential security vulnerability has been identified in HPE 
Superdom ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to