Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89f642d7 by Salvatore Bonaccorso at 2023-04-29T14:29:37+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It
has been rated as cri
CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has
been decla ...)
NOT-FOR-US: Zhong Bang CRMEB
CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been
classifi ...)
- TODO: check
+ NOT-FOR-US: Konga
CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up
to 12.56 ...)
NOT-FOR-US: ks-soft Advanced Host Monitor
CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and
Services Sys ...)
@@ -118,7 +118,7 @@ CVE-2023-2363 (A vulnerability, which was classified as
critical, has been found
CVE-2023-2361 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-2360 (Sensitive information disclosure due to CORS misconfiguration.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-2356 (Relative Path Traversal in GitHub repository mlflow/mlflow
prior to 2. ...)
NOT-FOR-US: mlflow
CVE-2023-2355 (Local privilege escalation due to a DLL hijacking
vulnerability. The f ...)
@@ -1379,11 +1379,11 @@ CVE-2023-30860
CVE-2023-30859
RESERVED
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs.
Starting in ...)
- TODO: check
+ NOT-FOR-US: Denosaurs emoji package
CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for
JavaScr ...)
TODO: check
CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8
and pri ...)
- TODO: check
+ NOT-FOR-US: eDEX-UI
CVE-2023-30855
RESERVED
CVE-2023-30854 (AVideo is an open source video platform. Prior to version
12.4, an OS ...)
@@ -1531,7 +1531,7 @@ CVE-2023-2160 (Weak Password Requirements in GitHub
repository modoboa/modoboa p
CVE-2023-2159
RESERVED
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user
impersonatio ...)
- TODO: check
+ NOT-FOR-US: Code Dx
CVE-2023-2157
RESERVED
CVE-2023-2156
@@ -6340,7 +6340,7 @@ CVE-2023-29058 (A valid, authenticated XCC user with
read-only permissions can m
CVE-2023-29057 (A valid XCC user's local account permissions overrides their
active di ...)
NOT-FOR-US: Lenovo
CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to
read-onl ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-29055
RESERVED
CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT
(All versi ...)
@@ -7786,7 +7786,7 @@ CVE-2023-1528 (Use after free in Passwords in Google
Chrome prior to 111.0.5563.
CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository
tsolucio/cor ...)
NOT-FOR-US: Corebos
CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have
risk o ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1525
RESERVED
CVE-2023-1524
@@ -8417,19 +8417,19 @@ CVE-2023-28479
CVE-2023-28478
RESERVED
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28475 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to Reflec ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28474 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28473 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to possib ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28472 (Concrete CMS (previously concrete5) before 9.2 does not have
Secure an ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats
endpoint is ...)
NOT-FOR-US: Couchbase Server
CVE-2023-28469
@@ -9072,7 +9072,7 @@ CVE-2023-28288 (Microsoft SharePoint Server Spoofing
Vulnerability)
CVE-2023-28287
RESERVED
CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
@@ -9122,7 +9122,7 @@ CVE-2023-28263 (Visual Studio Information Disclosure
Vulnerability)
CVE-2023-28262 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28261 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft .NET
CVE-2023-28259
@@ -10103,11 +10103,11 @@ CVE-2023-27975
CVE-2023-27974 (Bitwarden through 2023.2.1 offers password auto-fill when the
second-l ...)
NOT-FOR-US: Bitwarden
CVE-2023-27973 (Certain HP LaserJet Pro print products are potentially
vulnerable to H ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-27972 (Certain HP LaserJet Pro print products are potentially
vulnerable to B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-27971 (Certain HP LaserJet Pro print products are potentially
vulnerable to B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-1284
RESERVED
CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to
0.21.0.)
@@ -13300,9 +13300,9 @@ CVE-2023-26815
CVE-2023-26814
RESERVED
CVE-2023-26813 (SQL injection vulnerability in
com.xnx3.wangmarket.plugin.dataDictiona ...)
- TODO: check
+ NOT-FOR-US: wangmarket CMS
CVE-2023-26812 (Command execution vulnerability in the ActionEnter Class ins
jfinal CM ...)
- TODO: check
+ NOT-FOR-US: jfinal CMS
CVE-2023-26811
RESERVED
CVE-2023-26810
@@ -13362,9 +13362,9 @@ CVE-2023-26784 (SQL Injection vulnerability found in
Kirin Fortress Machine v.1.
CVE-2023-26783
RESERVED
CVE-2023-26782 (An issue discovered in mccms 2.6.1 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-26781 (SQL injection vulnerability in mccms 2.6 allows remote
attackers to ru ...)
- TODO: check
+ NOT-FOR-US: mccms
CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL
Injection.)
NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to
Deserialization which ...)
@@ -16190,7 +16190,7 @@ CVE-2023-0836 (An information leak vulnerability was
discovered in HAProxy 2.1,
CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to
remotely ob ...)
NOT-FOR-US: Node markdown-pdf
CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: HYPR Workforce Access on MacOS
CVE-2023-25181
RESERVED
CVE-2023-0833
@@ -17352,9 +17352,9 @@ CVE-2023-25498
CVE-2023-25497
RESERVED
CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo
Drivers Ma ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25495 (A valid, authenticated administrative user can query a web
interface A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25494
RESERVED
CVE-2023-25493
@@ -17470,7 +17470,7 @@ CVE-2023-25439
CVE-2023-25438
RESERVED
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before
1.1.1.H ...)
- TODO: check
+ NOT-FOR-US: vTech
CVE-2023-25436
RESERVED
CVE-2023-25435
@@ -20780,7 +20780,7 @@ CVE-2023-24271
CVE-2023-24270
RESERVED
CVE-2023-24269 (An arbitrary file upload vulnerability in the plugin upload
function o ...)
- TODO: check
+ NOT-FOR-US: Textpattern plugin
CVE-2023-24268
RESERVED
CVE-2023-24267
@@ -30998,7 +30998,7 @@ CVE-2023-21714 (Microsoft Office Information Disclosure
Vulnerability)
CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21712 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21711
RESERVED
CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability)
@@ -50887,13 +50887,13 @@ CVE-2022-41402
CVE-2022-41401
RESERVED
CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key
to encryp ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version
2022 use ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41398 (The optional Global Search feature for Sage 300 through
version 2022 u ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41397 (The optional Web Screens and Global Search features for Sage
300 throu ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-41396 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was
discovered to c ...)
NOT-FOR-US: Tenda
CVE-2022-41395 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was
discovered to c ...)
@@ -57782,7 +57782,7 @@ CVE-2022-2978 (A flaw use after free in the Linux
kernel NILFS file system was f
[bullseye] - linux 5.10.148-1
NOTE:
https://lore.kernel.org/linux-fsdevel/[email protected]/T/#u
CVE-2022-38730 (Docker Desktop for Windows before 4.6 allows attackers to
overwrite an ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-38729
RESERVED
CVE-2022-38728
@@ -58240,7 +58240,7 @@ CVE-2022-38585
CVE-2022-38584
RESERVED
CVE-2022-38583 (On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are
setup in ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of
Watchdo ...)
NOT-FOR-US: Watchdog Antivirus
CVE-2022-38581
@@ -61783,7 +61783,7 @@ CVE-2022-37341
CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for
Windows befo ...)
NOT-FOR-US: Intel
CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to
delete (or ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through
18.14.0, an ...)
{DSA-5358-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
@@ -70238,7 +70238,7 @@ CVE-2022-34293 (wolfSSL before 5.4.0 allows remote
attackers to cause a denial o
[bullseye] - wolfssl <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
CVE-2022-34292 (Docker Desktop for Windows before 4.6.0 allows attackers to
overwrite ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus
Viewer (All ...)
NOT-FOR-US: Siemens
CVE-2022-34290 (A vulnerability has been identified in PADS Standard/Plus
Viewer (All ...)
@@ -77272,7 +77272,7 @@ CVE-2022-31649 (ownCloud owncloud/core before 10.10.0
Improperly Removes Sensiti
CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected
Cross-Site S ...)
NOT-FOR-US: Talend Administration Center
CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to
delete any ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2022-31646
RESERVED
CVE-2022-31645
@@ -77280,7 +77280,7 @@ CVE-2022-31645
CVE-2022-31644
RESERVED
CVE-2022-31643 (A potential security vulnerability has been identified in the
system B ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-31642
RESERVED
CVE-2022-31641
@@ -96718,7 +96718,7 @@ CVE-2022-25093
CVE-2022-25092
RESERVED
CVE-2022-25091 (Infopop Ultimate Bulletin Board up to v5.47a was discovered to
allow a ...)
- TODO: check
+ NOT-FOR-US: Infopop Ultimate Bulletin Board
CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0
creates a tem ...)
NOT-FOR-US: Printix Secure Cloud Print Management
CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0
incorrectly u ...)
@@ -201534,7 +201534,7 @@ CVE-2020-23649
CVE-2020-23648 (Asus RT-N12E 2.0.0.39 is affected by an incorrect access
control vulne ...)
NOT-FOR-US: Asus
CVE-2020-23647 (Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19,
4.19.1, 4 ...)
- TODO: check
+ NOT-FOR-US: BoxBilling
CVE-2020-23646
RESERVED
CVE-2020-23645
@@ -205872,7 +205872,7 @@ CVE-2020-21645
CVE-2020-21644
RESERVED
CVE-2020-21643 (Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in
/zropuse ...)
NOT-FOR-US: ManageEngine Analytics Plus
CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in
Zoho Manage ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f642d7767437cac543e32babaab58473e85c1d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f642d7767437cac543e32babaab58473e85c1d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
