Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cf8862e by Moritz Muehlenhoff at 2023-05-09T10:37:21+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600,
SAP_APP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-32111 (In SAP PowerDesigner (Proxy) - version 16.7, an attacker can
send a cr ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-31407 (SAP Business Planning and Consolidation - versions 740, 750,
allows an ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-31406 (Due to insufficient input validation, SAP BusinessObjects
Business Int ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business
Intelligence Pla ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer
prior to 1 ...)
- TODO: check
+ NOT-FOR-US: answerdev/answer
CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to
3.11.3.)
@@ -675,17 +675,17 @@ CVE-2023-31185
CVE-2023-31184
RESERVED
CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting
(XSS) vuln ...)
- TODO: check
+ NOT-FOR-US: Cybonet PineApp Mail SecureA
CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor
Application ...)
- TODO: check
+ NOT-FOR-US: EasyTor
CVE-2023-31181 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22:
Path Trav ...)
- TODO: check
+ NOT-FOR-US: WJJ Software
CVE-2023-31180 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected
cross-s ...)
- TODO: check
+ NOT-FOR-US: WJJ Software
CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal
-Vulnerability allow ...)
- TODO: check
+ NOT-FOR-US: AgilePoint
CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File
DeleteVulnerabi ...)
- TODO: check
+ NOT-FOR-US: AgilePoint
CVE-2023-31177
RESERVED
CVE-2023-31176
@@ -775,7 +775,7 @@ CVE-2023-31135
CVE-2023-31134
RESERVED
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a
website, ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2023-31132
RESERVED
CVE-2023-31131
@@ -783,7 +783,7 @@ CVE-2023-31131
CVE-2023-31130
RESERVED
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be
triggere ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2023-31128
RESERVED
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM
specific ...)
@@ -795,7 +795,7 @@ CVE-2023-31125 (Engine.IO is the implementation of
transport-based cross-browser
CVE-2023-31124
RESERVED
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal
platform ...)
- TODO: check
+ NOT-FOR-US: effectindex/tripreporter
CVE-2023-30768
RESERVED
CVE-2023-30763
@@ -1608,7 +1608,7 @@ CVE-2023-30861 (Flask is a lightweight WSGI web
application framework. When all
NOTE:
https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d
(2.2.5)
NOTE:
https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d
(2.3.2)
CVE-2023-30860 (WWBN AVideo is an open source video platform. In AVideo prior
to versi ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that
helps you ...)
NOT-FOR-US: Triton Minecraft plugin
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs.
Starting in ...)
@@ -1659,7 +1659,7 @@ CVE-2023-30839 (PrestaShop is an Open Source e-commerce
web application. Version
CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
NOT-FOR-US: PrestaShop
CVE-2023-30837 (Vyper is a pythonic smart contract language for the EVM. The
storage a ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2023-30836
RESERVED
CVE-2023-30835
@@ -1867,13 +1867,13 @@ CVE-2023-30792 (Anchor tag hrefs in Lexical prior to
v0.10.0 would render javasc
CVE-2023-30791
RESERVED
CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: MonicaHQ
CVE-2023-30786
RESERVED
CVE-2023-30785
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf8862e26f6bd6d3abf5a1bd1331187089385c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf8862e26f6bd6d3abf5a1bd1331187089385c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
