Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd42a2f2 by Moritz Muehlenhoff at 2023-03-22T17:18:21+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2092,7 +2092,7 @@ CVE-2023-28107 (Discourse is an open-source discussion
platform. Prior to versio
CVE-2023-28106 (Pimcore is an open source data and experience management
platform. Pri ...)
NOT-FOR-US: Pimcore
CVE-2023-28105 (go-used-util has commonly used utility functions for Go.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: go-used-util
CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL
representat ...)
NOT-FOR-US: silverstripe/graphql
CVE-2023-28103
@@ -2140,7 +2140,7 @@ CVE-2023-28085
CVE-2023-28084
RESERVED
CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in
HPE Inte ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28082
RESERVED
CVE-2023-28081
@@ -2380,11 +2380,11 @@ CVE-2023-28005 (A vulnerability in Trend Micro Endpoint
Encryption Full Disk Enc
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository
froxlor ...)
- froxlor <itp> (bug #581792)
CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db()
access ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1305 (An authenticated attacker can leverage an exposed
“box” ob ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr()
method via ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as
critical. This ...)
NOT-FOR-US: UCMS
CVE-2023-1302 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -2695,9 +2695,9 @@ CVE-2023-1264 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 9.
CVE-2023-1263 (The CMP – Coming Soon & Maintenance plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1262 (Missing MAC layer security in Silicon Labs Wi-SUN Linux Border
Router ...)
- TODO: check
+ NOT-FOR-US: WI-SUN
CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0
and earli ...)
- TODO: check
+ NOT-FOR-US: WI-SUN
CVE-2023-1260
RESERVED
CVE-2023-1259
@@ -2828,11 +2828,11 @@ CVE-2023-27859
CVE-2023-27858
RESERVED
CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition
occurs w ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27856 (In affected versions, path traversal exists when processing a
message ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27855 (In affected versions, a path traversal exists when processing
a messag ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-27854
RESERVED
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and
prior ve ...)
@@ -3057,7 +3057,7 @@ CVE-2023-27844
CVE-2023-27843
RESERVED
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File
manager eXt ...)
- TODO: check
+ - extplorer <removed>
CVE-2023-27841
RESERVED
CVE-2023-27840
@@ -3675,9 +3675,9 @@ CVE-2023-27572
CVE-2023-27571
RESERVED
CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL
injection ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-27568
RESERVED
CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that
matches a pf ...)
@@ -3730,7 +3730,7 @@ CVE-2023-1169
CVE-2015-10089 (A vulnerability classified as problematic has been found in
flame.js. ...)
NOT-FOR-US: flame.js
CVE-2023-1168 (An authenticated remote code execution vulnerability exists in
the AOS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-1167
RESERVED
CVE-2023-1166
@@ -3911,9 +3911,9 @@ CVE-2023-23567
CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: Cost Calculator plugin for WordPress
CVE-2023-1154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pacsrapor
CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Pacsrapor
CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Persolus
CVE-2023-27520
@@ -5069,7 +5069,7 @@ CVE-2023-27089
CVE-2023-27088 (feiqu-opensource Background Vertical authorization
vulnerability exist ...)
NOT-FOR-US: feiqu-opensource Background Vertical
CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v
2.3.0 and ...)
- TODO: check
+ NOT-FOR-US: Xuxueli
CVE-2023-27086
RESERVED
CVE-2023-27085
@@ -6324,7 +6324,7 @@ CVE-2023-26515
CVE-2023-26514
RESERVED
CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software
Foundation Apache ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2023-26512
RESERVED
CVE-2023-1025
@@ -6420,7 +6420,7 @@ CVE-2023-26499
CVE-2023-26498
RESERVED
CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for
Exynos M ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-26496
RESERVED
CVE-2023-26495
@@ -8340,9 +8340,9 @@ CVE-2023-25797
CVE-2023-25796
RESERVED
CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
WP-master.I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mighty Digi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25793
RESERVED
CVE-2023-25792
@@ -8366,7 +8366,7 @@ CVE-2023-25784
CVE-2023-25783
RESERVED
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area
Postcode Chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25781
RESERVED
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of
alarm r ...)
@@ -10218,7 +10218,7 @@ CVE-2023-0683
CVE-2023-0682
RESERVED
CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an
open redir ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2023-0680
REJECTED
CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management
System ...)
@@ -10453,7 +10453,7 @@ CVE-2023-25137
CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote
attacker t ...)
NOT-FOR-US: vBulletin
CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an
adversary (with ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-25133
RESERVED
CVE-2023-25132
@@ -10599,7 +10599,7 @@ CVE-2023-25066 (Cross-Site Request Forgery (CSRF)
vulnerability in FolioVision F
CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in
ShapedPlugin WP Tab ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Matt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25063
RESERVED
CVE-2023-25062
@@ -11218,7 +11218,7 @@ CVE-2023-0600
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a
stored c ...)
NOT-FOR-US: Rapid7
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and
GE Dig ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel
cpu_entry_area m ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
@@ -11559,7 +11559,7 @@ CVE-2023-24711
CVE-2023-24710
RESERVED
CVE-2023-24709 (An issue found in Paradox Security Systems IPR512 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Paradox Security Systems IPR512
CVE-2023-24708
RESERVED
CVE-2023-24707
@@ -11621,7 +11621,7 @@ CVE-2023-24680
CVE-2023-24679
RESERVED
CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010
allows attac ...)
- TODO: check
+ NOT-FOR-US: Centralite Pearl Thermostat
CVE-2023-24677
RESERVED
CVE-2023-24676
@@ -11635,7 +11635,7 @@ CVE-2023-24673
CVE-2023-24672
RESERVED
CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an
unquoted servic ...)
- TODO: check
+ NOT-FOR-US: VX Search
CVE-2023-24670
RESERVED
CVE-2023-24669
@@ -12041,7 +12041,7 @@ CVE-2023-24573 (Dell Command | Monitor versions prior
to 10.9 contain an arbitra
CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions
before 6. ...)
NOT-FOR-US: Dell
CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-24570
RESERVED
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior
contain an I ...)
@@ -12606,7 +12606,7 @@ CVE-2023-24383
CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP
Material ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NsTh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24380
RESERVED
CVE-2023-24379
@@ -13702,7 +13702,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for
Node.js. Starting with version
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
NOTE:
https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
(v5.19.1)
CVE-2023-23935 (Discourse is an open-source messaging platform. In versions
3.0.1 and ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library.
Browsers may ...)
{DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
@@ -13962,7 +13962,7 @@ CVE-2023-0393
CVE-2023-0392
RESERVED
CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to
encrypt ...)
- TODO: check
+ NOT-FOR-US: MGT-COMMERCE
CVE-2022-48278
RESERVED
CVE-2022-48277
@@ -14367,7 +14367,7 @@ CVE-2023-23723
CVE-2023-23722
RESERVED
CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer
Admin L ...)
- TODO: check
+ NOT-FOR-US: David Gwyer Admin Log
CVE-2023-23720
RESERVED
CVE-2023-23719
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
