Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b9d5749 by Salvatore Bonaccorso at 2023-04-28T23:59:06+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2023-2338 (SQL Injection in GitHub repository
pimcore/pimcore prior to 10.5.
CVE-2023-2336 (Path Traversal in GitHub repository pimcore/pimcore prior to
10.5.21.)
NOT-FOR-US: pimcore
CVE-2023-2335 (Plaintext Password in Registry vulnerability in 42gears
surelock win ...)
- TODO: check
+ NOT-FOR-US: 42gears
CVE-2023-2331 (Unquoted service Path or Element vulnerability in 42Gears
Surelock Win ...)
NOT-FOR-US: 42Gears
CVE-2023-2328 (Cross-site Scripting (XSS) - Generic in GitHub repository
pimcore/pimc ...)
@@ -1341,15 +1341,15 @@ CVE-2023-30854 (AVideo is an open source video
platform. Prior to version 12.4,
CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in
their Gi ...)
TODO: check
CVE-2023-30852 (Pimcore is an open source data and experience management
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2023-30851
RESERVED
CVE-2023-30850 (Pimcore is an open source data and experience management
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2023-30849 (Pimcore is an open source data and experience management
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2023-30848 (Pimcore is an open source data and experience management
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2023-30847 (H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when
the rev ...)
TODO: check
CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients
with typ ...)
@@ -2037,7 +2037,7 @@ CVE-2023-30626 (Jellyfin is a free-software media system.
Versions starting with
CVE-2023-30625
RESERVED
CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to
versions 6. ...)
- TODO: check
+ NOT-FOR-US: wasmtime
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to
version 2, ...)
NOT-FOR-US: embano1/wip GitHub Action
CVE-2023-30622 (Clusternet is a general-purpose system for controlling
Kubernetes clus ...)
@@ -2702,9 +2702,9 @@ CVE-2023-30468
CVE-2023-1973
RESERVED
CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR
models (MS- ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-30466 (This vulnerability exists in Milesight 4K/H.265 Series NVR
models (MS- ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache InLong
CVE-2023-1972
@@ -2720,11 +2720,11 @@ CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability, which was classi
CVE-2023-1969 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2023-1968 (Instruments with Illumina Universal Copy Service v2.x are
vulnerable d ...)
- TODO: check
+ NOT-FOR-US: Illumina
CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes
untrusted data ...)
- TODO: check
+ NOT-FOR-US: Keysight N8844A Data Analytics Web Service
CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x
contain ...)
- TODO: check
+ NOT-FOR-US: Illumina
CVE-2023-1965
RESERVED
CVE-2023-30464
@@ -2747,9 +2747,9 @@ CVE-2023-30456 (An issue was discovered in
arch/x86/kvm/vmx/nested.c in the Linu
- linux 6.1.25-1
NOTE:
https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3)
CVE-2023-30455 (An issue was discovered in ebankIT before 7. A
Denial-of-Service attac ...)
- TODO: check
+ NOT-FOR-US: ebankIT
CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object
Model bas ...)
- TODO: check
+ NOT-FOR-US: ebankIT
CVE-2023-30453
RESERVED
CVE-2023-30452
@@ -2871,7 +2871,7 @@ CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered
to contain a segmentat
[bullseye] - iotjs <ignored> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5058
CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital
Wireless-N Repea ...)
- TODO: check
+ NOT-FOR-US: Aigital
CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was
discovered to co ...)
NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router
CVE-2023-30403
@@ -2923,7 +2923,7 @@ CVE-2023-30382
CVE-2023-30381
RESERVED
CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS
v5.7.107 ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-30379
RESERVED
CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a
stack-b ...)
@@ -2985,7 +2985,7 @@ CVE-2023-30351
CVE-2023-30350
RESERVED
CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code
execution (R ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2023-30348
RESERVED
CVE-2023-30347
@@ -3007,7 +3007,7 @@ CVE-2023-30340
CVE-2023-30339
RESERVED
CVE-2023-30338 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Emlog Pr ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2023-30337
RESERVED
CVE-2023-30336
@@ -3317,7 +3317,7 @@ CVE-2023-30185
CVE-2023-30184
RESERVED
CVE-2023-30183 (Wangmarket CMS v4.10 was discovered to contain a SQL injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Wangmarket CMS
CVE-2023-30182
RESERVED
CVE-2023-30181
@@ -3433,11 +3433,11 @@ CVE-2023-30127
CVE-2023-30126
RESERVED
CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting
(XSS).)
- TODO: check
+ NOT-FOR-US: Eyoucms
CVE-2023-30124
RESERVED
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in
the Mem ...)
- TODO: check
+ NOT-FOR-US: wuzhicms
CVE-2023-30122
RESERVED
CVE-2023-30121
@@ -3635,7 +3635,7 @@ CVE-2023-30026
CVE-2023-30025
RESERVED
CVE-2023-30024 (Insecure Permissions vulnerability found in MagicJack A921 USB
Phone J ...)
- TODO: check
+ NOT-FOR-US: MagicJack
CVE-2023-30023
RESERVED
CVE-2023-30022
@@ -4053,7 +4053,7 @@ CVE-2023-29817
CVE-2023-29816
RESERVED
CVE-2023-29815 (mccms v2.6.3 is vulnerable to Cross Site Request Forgery
(CSRF).)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-29814
RESERVED
CVE-2023-29813
@@ -5426,7 +5426,7 @@ CVE-2023-29336
CVE-2023-29335
RESERVED
CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29333
RESERVED
CVE-2023-29332
@@ -5737,15 +5737,15 @@ CVE-2023-29218 (The Twitter Recommendation Algorithm
through ec83d01 allows atta
CVE-2023-29217
RESERVED
CVE-2023-29169 (mySCADA myPRO versions 8.26.0 and prior has parameters which
an authen ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2023-29150 (mySCADA myPRO versions 8.26.0 and prior has parameters which
an authen ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2023-28716 (mySCADA myPRO versions 8.26.0 and prior has parameters which
an authen ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2023-28400 (mySCADA myPRO versions 8.26.0 and prior has parameters which
an authen ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2023-28384 (mySCADA myPRO versions 8.26.0 and prior has parameters which
an authen ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2023-1824
RESERVED
CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to
112.0. ...)
@@ -6125,7 +6125,7 @@ CVE-2023-1780
CVE-2023-1779
RESERVED
CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall
firmware ...)
- TODO: check
+ NOT-FOR-US: GajShield Data Security Firewall firmware
CVE-2023-1777 (Mattermost allows an attacker to request a preview of an
existing mess ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious
SVG imag ...)
@@ -6267,9 +6267,9 @@ CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5.
It has been rated as cri
CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code,
as explo ...)
NOT-FOR-US: 3CX DesktopApp
CVE-2023-29058 (A valid, authenticated XCC user with read-only permissions can
modify ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-29057 (A valid XCC user's local account permissions overrides their
active di ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to
read-onl ...)
TODO: check
CVE-2023-29055
@@ -7141,11 +7141,11 @@ CVE-2016-15030 (A vulnerability classified as
problematic has been found in Arno
CVE-2015-10097 (A vulnerability was found in grinnellplans-php up to 3.0. It
has been ...)
NOT-FOR-US: grinnellplans-php
CVE-2023-28821 (Concrete CMS (previously concrete5) before 9.1 did not have a
rate lim ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28820 (Concrete CMS (previously concrete5) before 9.1 is vulnerable
to stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28819 (Concrete CMS (previously concrete5) before 9.1 is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11
before 11 ...)
NOT-FOR-US: Veritas
CVE-2023-28817
@@ -7250,9 +7250,9 @@ CVE-2023-28772 (An issue was discovered in the Linux
kernel before 5.13.3. lib/s
CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series
firmware ve ...)
NOT-FOR-US: Zyxel
CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI
\u201cExpo ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28769 (The buffer overflow vulnerability in the library
\u201clibclinkc.so\u2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28768
RESERVED
CVE-2023-28767
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d574983aaea8650c65c0c667c9d2dcb9d7f9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d574983aaea8650c65c0c667c9d2dcb9d7f9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
