Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9101184b by Salvatore Bonaccorso at 2023-05-01T22:21:00+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ
Management Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online DJ Management System
CVE-2018-25085 (A vulnerability classified as problematic was found in
Responsive Menu ...)
NOT-FOR-US: Responsive Menus on Drupal
CVE-2015-10105 (A vulnerability, which was classified as critical, was found
in IP Bla ...)
@@ -1262,7 +1262,7 @@ CVE-2023-30899
CVE-2023-30898
RESERVED
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to
a padd ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2023-2196
RESERVED
CVE-2023-2195
@@ -1412,7 +1412,7 @@ CVE-2023-30861
CVE-2023-30860
RESERVED
CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that
helps you ...)
- TODO: check
+ NOT-FOR-US: Triton Minecraft plugin
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs.
Starting in ...)
NOT-FOR-US: Denosaurs emoji package
CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for
JavaScr ...)
@@ -3673,11 +3673,11 @@ CVE-2023-30065
CVE-2023-30064
RESERVED
CVE-2023-30063 (D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication
bypass.)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-30062
RESERVED
CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass
via phpcg ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-30060
RESERVED
CVE-2023-30059
@@ -4514,23 +4514,23 @@ CVE-2023-29645
CVE-2023-29644
RESERVED
CVE-2023-29643 (Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2
allows a ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2023-29642
RESERVED
CVE-2023-29641 (Cross Site Scripting (XSS) vulnerability in pandao editor.md
thru 1.5. ...)
- TODO: check
+ NOT-FOR-US: pandao editor.md
CVE-2023-29640
RESERVED
CVE-2023-29639 (Cross site scripting (XSS) vulnerability in ZHENFENG13
My-Blog, allows ...)
- TODO: check
+ NOT-FOR-US: ZHENFENG13 My-Blog
CVE-2023-29638 (Cross Site Scripting (XSS) vulnerability in WinterChenS
my-site before ...)
- TODO: check
+ NOT-FOR-US: WinterChenS my-site
CVE-2023-29637 (Cross Site Scripting (XSS) vulnerability in Qbian61
forum-java, allows ...)
TODO: check
CVE-2023-29636 (Cross site scripting (XSS) vulnerability in ZHENFENG13
My-Blog, allows ...)
- TODO: check
+ NOT-FOR-US: ZHENFENG13 My-Blog
CVE-2023-29635 (File upload vulnerability in Antabot White-Jotter v0.2.2,
allows remot ...)
- TODO: check
+ NOT-FOR-US: Antabot White-Jotter
CVE-2023-29634
RESERVED
CVE-2023-29633
@@ -9801,7 +9801,7 @@ CVE-2023-28094
CVE-2023-28093 (A user with a compromised configuration can start an unsigned
binary a ...)
NOT-FOR-US: Pegasystems
CVE-2023-28092 (A potential security vulnerability has been identified in HPE
ProLiant ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option
may exp ...)
NOT-FOR-US: HPE
CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read
credentials)
@@ -15715,7 +15715,7 @@ CVE-2023-25077 (Cross-site scripting vulnerability in
Authentication Key Setting
CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and
Product ...)
NOT-FOR-US: EC-CUBE
CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential
with A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0894
@@ -17436,7 +17436,7 @@ CVE-2023-25494
CVE-2023-25493
RESERVED
CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of
service ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-25491
RESERVED
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eric ...)
@@ -18053,7 +18053,7 @@ CVE-2023-0685 (The Wicked Folders plugin for WordPress
is vulnerable to Cross-Si
CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0683 (A valid, authenticated XCC user with read only access may gain
elevate ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-0682
RESERVED
CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an
open redir ...)
@@ -24905,17 +24905,17 @@ CVE-2015-10036 (A vulnerability was found in
kylebebak dronfelipe. It has been d
CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It
has been ...)
NOT-FOR-US: backdrop-contrib Basic Cart
CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2
firmware vers ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22923 (A format string vulnerability in a binary of the Zyxel
NBG-418N v2 fir ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22922 (A buffer overflow vulnerability in the Zyxel NBG-418N v2
firmware vers ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22921 (A cross-site scripting (XSS) vulnerability in the Zyxel
NBG-418N v2 fi ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel
LTE3316- ...)
NOT-FOR-US: Zyxel
CVE-2023-22919 (The post-authentication command injection vulnerability in the
Zyxel N ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22918 (A post-authentication information exposure vulnerability in
the CGI pr ...)
NOT-FOR-US: Zyxel
CVE-2023-22917 (A buffer overflow vulnerability in the
\u201csdwan_iface_ipc\u201d bin ...)
@@ -26585,7 +26585,7 @@ CVE-2023-22505
CVE-2023-22504
RESERVED
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22502
RESERVED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service
Managem ...)
@@ -26883,7 +26883,7 @@ CVE-2022-48188
CVE-2022-48187
RESERVED
CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying
Android a ...)
- TODO: check
+ NOT-FOR-US: Baiying Android application
CVE-2022-48185
RESERVED
CVE-2022-48184
@@ -30383,7 +30383,7 @@ CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3
does not validate and es
CVE-2022-4569
RESERVED
CVE-2022-4568 (A directory permissions management vulnerability in Lenovo
System Upda ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
NOT-FOR-US: OpenEMR
CVE-2021-46866
@@ -65644,7 +65644,7 @@ CVE-2022-35900 (An issue was discovered in Bentley
MicroStation before 10.17.0.x
CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game
SDK servi ...)
NOT-FOR-US: ASUSTeK
CVE-2022-35898 (OpenText BizManager before 16.6.0.1 does not perform proper
validation ...)
- TODO: check
+ NOT-FOR-US: OpenText BizManager
CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code
executi ...)
NOT-FOR-US: Insyde
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM
was discov ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9101184bcec0e42dcbba9a5130bd253ebf2c71a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9101184bcec0e42dcbba9a5130bd253ebf2c71a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
