Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f823e512 by Moritz Muehlenhoff at 2023-04-19T16:35:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9519,7 +9519,7 @@ CVE-2023-27707 (SQL injection vulnerability found in
DedeCMS v.5.7.106 allows a
CVE-2023-27706
RESERVED
CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer
overflow via th ...)
- TODO: check
+ NOT-FOR-US: APNG Optimizer
CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to
contain ...)
NOT-FOR-US: Void Tools
CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to
contain an inf ...)
@@ -11234,7 +11234,7 @@ CVE-2023-27094 (An issue found in OpenGoofy Hippo4j
v.1.4.3 allows attackers to
CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows
attackers t ...)
NOT-FOR-US: My-Blog
CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Jbootfly
CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3
allows a ...)
NOT-FOR-US: XiaoBingby TeaCMS
CVE-2023-27090
@@ -15599,25 +15599,25 @@ CVE-2023-25558 (DataHub is an open-source metadata
platform. When the DataHub fr
CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub
frontend acts ...)
NOT-FOR-US: DataHub
CVE-2023-25556 (A CWE-287: Improper Authentication vulnerability exists that
could all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25555 (A CWE-78: Improper Neutralization of Special Elements used in
an OS Co ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25554 (A CWE-78: Improper Neutralization of Special Elements used in
an OS Co ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25553 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25552 (A CWE-862: Missing Authorization vulnerability exists that
could allow ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25551 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25550 (A CWE-94: Improper Control of Generation of Code ('Code
Injection') vu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25549 (A CWE-94: Improper Control of Generation of Code ('Code
Injection') vu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25548 (A CWE-863: Incorrect Authorization vulnerability exists that
could all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25547 (A CWE-863: Incorrect Authorization vulnerability exists that
could all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache
Tomcat' versi ...)
NOT-FOR-US: Dell
CVE-2023-25543
@@ -17009,7 +17009,7 @@ CVE-2023-25012 (The Linux kernel through 6.1.9 has a
Use-After-Free in bigben_re
CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool
Ver11.0.22 ...)
NOT-FOR-US: PC settings tool
CVE-2023-25010 (A malicious actor may convince a victim to open a malicious
USD file t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-25009
RESERVED
CVE-2023-25008
@@ -18575,15 +18575,15 @@ CVE-2023-24506
CVE-2023-24505
RESERVED
CVE-2023-24504 (Electra Central AC unit – Adjacent attacker may cause
the unit t ...)
- TODO: check
+ NOT-FOR-US: Electra Central
CVE-2023-24503 (Electra Central AC unit – Adjacent attacker may cause
the unit t ...)
- TODO: check
+ NOT-FOR-US: Electra Central
CVE-2023-24502 (Electra Central AC unit – The unit opens an AP with an
easily ca ...)
- TODO: check
+ NOT-FOR-US: Electra Central
CVE-2023-24501 (Electra Central AC unit – Hardcoded Credentials in
unspecified c ...)
- TODO: check
+ NOT-FOR-US: Electra Central
CVE-2023-24500 (Electra Central AC unit – Adjacent attacker may cause
the unit t ...)
- TODO: check
+ NOT-FOR-US: Electra Central
CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's
device. ...)
NOT-FOR-US: Butterfly Button plugin
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does
not proper ...)
@@ -20477,9 +20477,9 @@ CVE-2023-22318
CVE-2023-22309
RESERVED
CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk
Appliance before ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4
allows ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23;
<=2.0.0p34, ...)
- check-mk <removed>
CVE-2023-0394 (A NULL pointer dereference flaw was found in
rawv6_push_pending_frames ...)
@@ -28196,7 +28196,7 @@ CVE-2023-22005
CVE-2023-22004
RESERVED
CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2023-22001 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f823e51275a82ea1e76e2e4042354ca48bdf9920
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f823e51275a82ea1e76e2e4042354ca48bdf9920
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
