Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
689ceebd by Moritz Muehlenhoff at 2023-04-19T17:24:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28208,17 +28208,17 @@ CVE-2023-21999 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virt
CVE-2023-21998 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21997 (Vulnerability in the Oracle User Management product of Oracle
E-Busine ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21995
RESERVED
CVE-2023-21994
RESERVED
CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture
product of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21991 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.8-dfsg-1
CVE-2023-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -28232,21 +28232,21 @@ CVE-2023-21987 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virt
CVE-2023-21986 (Vulnerability in the Oracle GraalVM Enterprise Edition product
of Orac ...)
NOT-FOR-US: GraalVM
CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21983
RESERVED
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -28256,15 +28256,15 @@ CVE-2023-21975
CVE-2023-21974
RESERVED
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
TODO: check
CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component:
Installation). Suppo ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28276,9 +28276,9 @@ CVE-2023-21967 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -28286,15 +28286,15 @@ CVE-2023-21962 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-21961
RESERVED
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21958
RESERVED
CVE-2023-21957
RESERVED
CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
@@ -28304,7 +28304,7 @@ CVE-2023-21954 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21951
RESERVED
CVE-2023-21950
@@ -28312,7 +28312,7 @@ CVE-2023-21950
CVE-2023-21949
RESERVED
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -28320,13 +28320,13 @@ CVE-2023-21946 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle
Analytics ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
@@ -28342,17 +28342,17 @@ CVE-2023-21937 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
- openjdk-11 <unfixed>
- openjdk-17 <unfixed>
CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database
Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 <unfixed>
@@ -28360,33 +28360,33 @@ CVE-2023-21930 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21926 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21925 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21924 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21923 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of
Oracle H ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager
component of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.31-1
CVE-2023-21916 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21915 (Vulnerability in the Oracle Banking Payments product of Oracle
Financi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21914
RESERVED
CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -28396,23 +28396,23 @@ CVE-2023-21912 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM
(componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21908 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21907 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21906 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21905 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21904 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21903 (Vulnerability in the Oracle Banking Virtual Account Management
product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21902 (Vulnerability in the Oracle Financial Services Behavior
Detection Plat ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21901
RESERVED
CVE-2023-21900 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
@@ -28424,7 +28424,7 @@ CVE-2023-21898 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virt
CVE-2023-21897
RESERVED
CVE-2023-21896 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-21895
RESERVED
CVE-2023-21894 (Vulnerability in the Oracle Global Lifecycle Management
NextGen OUI Fr ...)
@@ -31651,7 +31651,7 @@ CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was
discovered to contain a command i
CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command
injecti ...)
NOT-FOR-US: D-Link
CVE-2022-46640 (Nanoleaf Desktop App before v1.3.1 was discovered to contain a
command ...)
- TODO: check
+ NOT-FOR-US: Nanoleaf
CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of
Correos Pres ...)
NOT-FOR-US: Prestashop
CVE-2022-46638
@@ -32224,7 +32224,7 @@ CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in
the hostinfo plugin due to
CVE-2022-46390
RESERVED
CVE-2022-46389 (There exists a reflected XSS within the logout functionality
of Servic ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2022-46388
RESERVED
CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title
of the ...)
@@ -34019,13 +34019,13 @@ CVE-2022-45841
CVE-2022-45840
RESERVED
CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Repute Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45837
RESERVED
CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
W3 Eden, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45835
RESERVED
CVE-2022-45834
@@ -37267,7 +37267,7 @@ CVE-2022-44737 (Multiple Cross-Site Request Forgery
vulnerabilities in All-In-On
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Cham ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44735 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44733 (Local privilege escalation due to insecure folder permissions.
The fol ...)
@@ -38624,7 +38624,7 @@ CVE-2022-44634 (Auth. (admin+) Arbitrary File Read
vulnerability in S2W –
CVE-2022-44633
RESERVED
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Deni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44631
RESERVED
CVE-2022-44630
@@ -43879,11 +43879,11 @@ CVE-2022-3569 (Due to an issue with incorrect sudo
permissions, Zimbra Collabora
CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to
deseriali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43378 (A CWE-1021: Improper Restriction of Rendered UI Layers or
Frames vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43377 (A CWE-307: Improper Restriction of Excessive Authentication
Attempts v ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43376 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-43375
RESERVED
CVE-2022-43374
@@ -67248,7 +67248,7 @@ CVE-2022-34757 (A CWE-327: Use of a Broken or Risky
Cryptographic Algorithm vuln
CVE-2022-34756 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
NOT-FOR-US: Schneider Electric
CVE-2022-34755 (A CWE-427 - Uncontrolled Search Path Element vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-34754 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
NOT-FOR-US: Schneider Electric
CVE-2022-34753 (A CWE-78: Improper Neutralization of Special Elements used in
an OS Co ...)
@@ -122690,11 +122690,11 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x
before 8.8, when certain non-def
CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce
entropy bec ...)
NOT-FOR-US: GoAhead Web Server
CVE-2021-41614 (An issue was discovered in the controller unit of the OpenRISC
mor1kx ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41613 (An issue was discovered in the controller unit of the OpenRISC
mor1kx ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41612 (An issue was discovered in the ALU unit of the OpenRISC mor1kx
process ...)
- TODO: check
+ NOT-FOR-US: OpenRISC mor1kx
CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before
5.2. When ...)
- squid 5.2-1
[bullseye] - squid <not-affected> (Vulnerable code introduced later)
@@ -125576,9 +125576,9 @@ CVE-2021-3767 (bookstack is vulnerable to Improper
Neutralization of Input Durin
CVE-2021-40508
RESERVED
CVE-2021-40507 (An issue was discovered in the ALU unit of the OR1200 (aka
OpenRISC 12 ...)
- TODO: check
+ NOT-FOR-US: OR1200
CVE-2021-40506 (An issue was discovered in the ALU unit of the OR1200 (aka
OpenRISC 12 ...)
- TODO: check
+ NOT-FOR-US: OR1200
CVE-2021-40505
RESERVED
CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled
Modification of Ob ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689ceebd3853cdc7a34bfd8da1e2c733983ab08c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/689ceebd3853cdc7a34bfd8da1e2c733983ab08c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
