Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6decb0f by Moritz Muehlenhoff at 2023-04-17T16:24:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-30775
CVE-2023-30774
RESERVED
CVE-2023-2109 (Cross-site Scripting (XSS) - DOM in GitHub repository
chatwoot/chatwoo ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging
Management Sy ...)
NOT-FOR-US: SourceCodester Judging Management System
CVE-2023-30773
@@ -580,7 +580,7 @@ CVE-2023-2044 (A vulnerability has been found in Control iD
iDSecure 4.7.29.1 an
CVE-2023-2043 (A vulnerability, which was classified as problematic, was found
in Con ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-2042 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: DataGear
CVE-2023-2041 (A vulnerability classified as critical was found in novel-plus
3.6.2. ...)
NOT-FOR-US: novel-plus
CVE-2023-2040 (A vulnerability classified as critical has been found in
novel-plus 3. ...)
@@ -768,7 +768,7 @@ CVE-2023-30544
CVE-2023-30543
RESERVED
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2023-30541
RESERVED
CVE-2023-30540
@@ -778,11 +778,11 @@ CVE-2023-30539
CVE-2023-30538
RESERVED
CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-30536
RESERVED
CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports
core functi ...)
- TODO: check
+ NOT-FOR-US: Snowflake JDBC
CVE-2023-30534
RESERVED
CVE-2023-30533
@@ -968,7 +968,7 @@ CVE-2023-30476
CVE-2023-30475
RESERVED
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian
Evang Ultima ...)
- TODO: check
+ NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
CVE-2023-30473
RESERVED
CVE-2023-30472
@@ -2825,7 +2825,7 @@ CVE-2023-29586
CVE-2023-29585
RESERVED
CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow
via the ...)
- TODO: check
+ NOT-FOR-US: mp4v2
CVE-2023-29583
RESERVED
CVE-2023-29582
@@ -2859,7 +2859,7 @@ CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to
contain a SEGV vulnerabili
CVE-2023-29570
RESERVED
CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2023-29568
RESERVED
CVE-2023-29567
@@ -3082,7 +3082,7 @@ CVE-2012-10011 (A vulnerability was found in HD FLV
PLayer Plugin up to 1.7. It
CVE-2023-29530
RESERVED
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript
and TypeS ...)
- TODO: check
+ NOT-FOR-US: matrix-js-sdk
CVE-2023-29528
RESERVED
CVE-2023-29527
@@ -3118,7 +3118,7 @@ CVE-2023-29513
CVE-2023-29512
RESERVED
CVE-2023-29511 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-29510
RESERVED
CVE-2023-29509 (XWiki Commons are technical libraries common to several other
top leve ...)
@@ -4147,7 +4147,7 @@ CVE-2023-29196
CVE-2023-29195
RESERVED
CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
- TODO: check
+ NOT-FOR-US: Vitess
CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database
system f ...)
NOT-FOR-US: Go SpiceDB
CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with
access to t ...)
@@ -4695,7 +4695,7 @@ CVE-2023-29020
CVE-2023-29019
RESERVED
CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags
to appli ...)
- TODO: check
+ NOT-FOR-US: open-feature-operator
CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
NOT-FOR-US: Node vm2
CVE-2023-29016 (The Goobi viewer is a web application that allows digitised
material t ...)
@@ -4851,7 +4851,7 @@ CVE-2023-1708 (An issue was identified in GitLab CE/EE
affecting all versions fr
CVE-2023-1707
RESERVED
CVE-2023-1706 (This candidate is unused by its CNA. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE
CVE-2023-1705
RESERVED
CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -6869,7 +6869,7 @@ CVE-2023-26593 (CENTUM series provided by Yokogawa
Electric Corporation are vuln
CVE-2023-25955 (National land numerical information data conversion tool all
versions ...)
NOT-FOR-US: National land numerical information data conversion tool
CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA
MobilePrint' ...)
- TODO: check
+ NOT-FOR-US: KYOCERA
CVE-2023-25953
RESERVED
CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy
version 2.7.0 ...)
@@ -8429,7 +8429,7 @@ CVE-2023-1273
CVE-2023-1272
RESERVED
CVE-2023-1271 (Duplicate. Please use CVE-2023-24421. ...)
- TODO: check
+ NOT-FOR-US: Duplicated CVE entry
CVE-2023-1270 (Command Injection in GitHub repository
btcpayserver/btcpayserver prior ...)
NOT-FOR-US: btcpayserver
CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository
alextselegidis/easy ...)
@@ -9381,7 +9381,7 @@ CVE-2023-27612
CVE-2023-27611
RESERVED
CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in
TransbankDevelope ...)
- TODO: check
+ NOT-FOR-US: TransbankDevelopers Transbank Webpay
CVE-2023-27609
RESERVED
CVE-2023-27608
@@ -11132,7 +11132,7 @@ CVE-2023-26971
CVE-2023-26970
RESERVED
CVE-2023-26969 (Atropim 1.5.26 is vulnerable to Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: Atropim
CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with
glyphicon-glyph ...)
NOT-FOR-US: Atrocore
CVE-2023-26967
@@ -23031,7 +23031,7 @@ CVE-2023-22899 (Zip4j through 2.11.2, as used in
Threema and other products, doe
CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora)
1.3.0 a ...)
NOT-FOR-US: Pandora
CVE-2023-22897 (An issue was discovered in SecurePoint UTM before 12.2.5.1.
The firewa ...)
- TODO: check
+ NOT-FOR-US: SecurePoint UTM
CVE-2023-22896
RESERVED
CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause
a denia ...)
@@ -23826,7 +23826,7 @@ CVE-2023-22689
CVE-2023-22688
RESERVED
CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in
Jose Mortel ...)
- TODO: check
+ NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
CVE-2023-22686
RESERVED
CVE-2023-22685
@@ -23912,9 +23912,9 @@ CVE-2014-125046 (A vulnerability, which was classified
as critical, was found in
CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra
through 10 ...)
- ghidra <itp> (bug #923851)
CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading
procedure ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK
before 2023. ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-22668
RESERVED
CVE-2023-22667
@@ -24104,7 +24104,7 @@ CVE-2023-22622 (WordPress through 6.1.1 depends on
unpredictable client visits t
CVE-2023-22621
RESERVED
CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1.
The firewa ...)
- TODO: check
+ NOT-FOR-US: SecurePoint UTM
CVE-2023-22619
RESERVED
CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does
not vali ...)
@@ -24986,9 +24986,9 @@ CVE-2022-4819 (A vulnerability was found in HotCRP. It
has been rated as problem
CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has
been d ...)
NOT-FOR-US: Talend Open Studio for MDM
CVE-2022-48178 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to
contain a st ...)
- TODO: check
+ NOT-FOR-US: X2CRM Open Source Sales CRM
CVE-2022-48177 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to
contain a re ...)
- TODO: check
+ NOT-FOR-US: X2CRM Open Source Sales CRM
CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before
v1.3.3.154, R7 ...)
NOT-FOR-US: Netgear
CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code
execution ( ...)
@@ -27149,7 +27149,7 @@ CVE-2023-22237 (After Affects versions 23.1 (and
earlier), 22.6.3 (and earlier)
CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and
earlier) a ...)
NOT-FOR-US: Adobe
CVE-2023-22235 (InCopy versions 18.1 (and earlier), 17.4 (and earlier) are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a
Stack-b ...)
NOT-FOR-US: Adobe
CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and
earlier) are af ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6decb0f3540b3a9d3763d1416b40dd7922198c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6decb0f3540b3a9d3763d1416b40dd7922198c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
