Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae8a32d2 by Moritz Muehlenhoff at 2023-05-17T16:47:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2023-31848 (davinci 0.3.0-rc is vulnerable to Server-side request forgery
(SSRF).)
- TODO: check
+ NOT-FOR-US: davinci
CVE-2023-31847 (In davinci 0.3.0-rc after logging in, the user can connect to
the mysq ...)
- TODO: check
+ NOT-FOR-US: davinci
CVE-2023-31679 (Incorrect access control in Videogo v6.8.1 allows attackers to
access ...)
- TODO: check
+ NOT-FOR-US: Videogo
CVE-2023-31678 (Incorrect access control in Videogo v6.8.1 allows attackers to
bind sh ...)
- TODO: check
+ NOT-FOR-US: Videogo
CVE-2023-31677 (Insecure permissions in luowice 3.5.18 allow attackers to view
informa ...)
- TODO: check
+ NOT-FOR-US: luowice
CVE-2023-31544 (A stored cross-site scripting (XSS) vulnerability in
alkacon-OpenCMS v ...)
NOT-FOR-US: alkacon-OpenCMS
CVE-2023-2753 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
@@ -21,11 +21,11 @@ CVE-2023-2608 (The Multiple Page Generator Plugin for
WordPress is vulnerable to
CVE-2023-2528 (The Contact Form by Supsystic plugin for WordPress is
vulnerable to Cr ...)
NOT-FOR-US: Contact Form by Supsystic plugin for WordPress
CVE-2023-2509 (A Cross-Site Scripting(XSS) vulnerability was found on ADM,
LooksGood ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR
CVE-2023-2469
REJECTED
CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0
allows an ...)
- TODO: check
+ NOT-FOR-US: glazedlists
CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows
unrestricte ...)
NOT-FOR-US: Sourcecodester Online Computer and Laptop Store
CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in
the fun ...)
@@ -33,7 +33,7 @@ CVE-2023-31856 (A command injection vulnerability in the
hostTime parameter in t
CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a
remote code ...)
NOT-FOR-US: Tenda
CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity
2.4-beta1 allows ...)
- TODO: check
+ - serendipity <removed>
CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers
to change ...)
NOT-FOR-US: Bludit
CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a
SQL inject ...)
@@ -43,7 +43,7 @@ CVE-2023-2740 (A vulnerability, which was classified as
problematic, has been fo
CVE-2023-2739 (A vulnerability classified as problematic was found in Gira
HomeServer ...)
NOT-FOR-US: Gira HomeServer
CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda
OA 11. ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2023-2731 [null pointer deference in LZWDecode() in libtiff/tif_lzw.c]
- tiff <unfixed>
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -146,7 +146,7 @@ CVE-2023-32956 (Improper neutralization of special elements
used in an OS comman
CVE-2023-32955 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: Synology
CVE-2023-32309 (PyMdown Extensions is a set of extensions for the
`Python-Markdown` ma ...)
- TODO: check
+ NOT-FOR-US: PyMdown Extensions
CVE-2023-32308 (anuko timetracker is an open source time tracking system.
Boolean-base ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -271,9 +271,9 @@ CVE-2023-31607 (An issue in the __libc_malloc component of
openlink virtuoso-ope
- virtuoso-opensource <unfixed>
NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120
CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR
with Pa ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR
FLOW SENSO ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the
cleartext ma ...)
- keepass2 <unfixed>
NOTE: https://github.com/vdohney/keepass-password-dumper
@@ -308,15 +308,15 @@ CVE-2023-2690 (A vulnerability, which was classified as
critical, has been found
CVE-2023-2689 (A vulnerability classified as critical was found in
SourceCodester Bil ...)
NOT-FOR-US: SourceCodester Billing Management System
CVE-2023-32303 (Planet is software that provides satellite data. The secret
file store ...)
- TODO: check
+ NOT-FOR-US: Planet
CVE-2023-32306 (Time Tracker is an open source time tracking system. A
time-based blin ...)
NOT-FOR-US: Time Tracker
CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to
1.1.9 contai ...)
- TODO: check
+ NOT-FOR-US: aiven-extras
CVE-2023-32081 (Vert.x STOMP is a vert.x implementation of the STOMP
specification tha ...)
NOT-FOR-US: Vert.x STOMP
CVE-2023-32073 (WWBN AVideo is an open source video platform. In versions 12.4
and pri ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-31985 (A Command Injection vulnerability in Edimax Wireless Router
N300 Firmw ...)
NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4
CVE-2023-31983 (A Command Injection vulnerability in Edimax Wireless Router
N300 Firmw ...)
@@ -373,11 +373,11 @@ CVE-2023-2515 (Mattermost fails to restrict a user with
permissions to edit othe
CVE-2023-2514 (Mattermost Sever fails to redact the DB username and password
before e ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-2512 (Prior to version v1.20230419.0, the FormData API implementation
was su ...)
- TODO: check
+ NOT-FOR-US: Cloudflare workerd
CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS
prior t ...)
- TODO: check
+ NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome
on Chrom ...)
- TODO: check
+ NOT-FOR-US: Google Chrome on ChromeOS
CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential
Addons ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum
virtual m ...)
@@ -1528,7 +1528,7 @@ CVE-2023-31147
CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum
virtual m ...)
NOT-FOR-US: Vyper
CVE-2023-31145 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2023-31144 (Craft CMS is a content management system. Starting in version
3.0.0 an ...)
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming
and inte ...)
@@ -1558,7 +1558,7 @@ CVE-2023-31133 (Ghost is an app for new-media creators
with tools to build a web
CVE-2023-31132
RESERVED
CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse
based on Po ...)
- TODO: check
+ NOT-FOR-US: Greenplum Database
CVE-2023-31130
RESERVED
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be
triggere ...)
@@ -2550,7 +2550,7 @@ CVE-2023-2162 (A use-after-free vulnerability was found
in iscsi_sw_tcp_session_
[bullseye] - linux 5.10.178-1
NOTE:
https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6)
CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity
Reference vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa
prior ...)
NOT-FOR-US: modoboa
CVE-2023-2159
@@ -3658,25 +3658,25 @@ CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes
cluster-level privilege e
CVE-2023-30511
RESERVED
CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb
manageme ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-1998 (The Linux kernel allows userspace processes to enable
mitigations by c ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
@@ -3880,7 +3880,7 @@ CVE-2023-30454 (An issue was discovered in ebankIT before
7. Document Object Mod
CVE-2023-30453
RESERVED
CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for
Confluen ...)
- TODO: check
+ NOT-FOR-US: MoroSystems EasyMind
CVE-2023-1964 (A vulnerability classified as critical has been found in
PHPGurukul Ba ...)
NOT-FOR-US: PHPGurukul Bank Locker Management System
CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management
System ...)
@@ -4256,7 +4256,7 @@ CVE-2023-30283
CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to
Incorrect Acces ...)
NOT-FOR-US: PrestaShop scexportcustomers
CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop
scquickacc ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900
v.1.0.2.26, R6700 ...)
NOT-FOR-US: Netgear
CVE-2023-30279
@@ -4328,7 +4328,7 @@ CVE-2023-30247 (File Upload vulnerability found in
Oretnom23 Storage Unit Rental
CVE-2023-30246 (SQL injection vulnerability found in Judging Management System
v.1.0 a ...)
NOT-FOR-US: Judging Management System
CVE-2023-30245 (SQL injection vulnerability found in Judging Management System
v.1.0 a ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-30244
RESERVED
CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is
vulnerable ...)
@@ -4440,7 +4440,7 @@ CVE-2023-30191
CVE-2023-30190
RESERVED
CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL
Injection via ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30188
RESERVED
CVE-2023-30187
@@ -4903,7 +4903,7 @@ CVE-2023-29963 (S-CMS v5.0 was discovered to contain an
authenticated remote cod
CVE-2023-29962
RESERVED
CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to
stack o ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-29960
RESERVED
CVE-2023-29959
@@ -5004,7 +5004,7 @@ CVE-2023-29929
CVE-2023-29928
RESERVED
CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access
controls ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote
code exe ...)
NOT-FOR-US: PowerJob
CVE-2023-29925
@@ -5134,9 +5134,9 @@ CVE-2023-29864
CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was
discovered to ...)
NOT-FOR-US: Medical Systems Co. Medisys Weblab Products
CVE-2023-29862 (An issue found in Agasio-Camera device version not specified
allows a ...)
- TODO: check
+ NOT-FOR-US: Agasio-Camera
CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: FLIR-DVTEL
CVE-2023-29860
RESERVED
CVE-2023-29859
@@ -6226,7 +6226,7 @@ CVE-2023-29441
CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FooPlugi ...)
- TODO: check
+ NOT-FOR-US: FooGallery
CVE-2023-29438
RESERVED
CVE-2023-29437
@@ -7071,7 +7071,7 @@ CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message
library implementation i
CVE-2023-29196 (Discourse is an open source platform for community discussion.
This vu ...)
NOT-FOR-US: Discourse
CVE-2023-29195 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
- TODO: check
+ NOT-FOR-US: Vitess
CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
NOT-FOR-US: Vitess
CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database
system f ...)
@@ -7432,9 +7432,9 @@ CVE-2023-29061
CVE-2023-29060
RESERVED
CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X
10.9.5 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2023-1763 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X
10.9.5 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2023-1762 (Improper Privilege Management in GitHub repository
thorsten/phpmyfaq p ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1761 (Cross-site Scripting in GitHub repository thorsten/phpmyfaq
prior to 3 ...)
@@ -7791,7 +7791,7 @@ CVE-2023-1700
CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced
browsin ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the
Packet For ...)
NOT-FOR-US: Juniper
CVE-2023-1696
@@ -9952,7 +9952,7 @@ CVE-2023-28358 (A vulnerability has been discovered in
Rocket.Chat where a markd
CVE-2023-28357 (A vulnerability has been identified in Rocket.Chat, where the
ACL chec ...)
NOT-FOR-US: Rocket.Chat
CVE-2023-28356 (A vulnerability has been identified where a maliciously
crafted messag ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2023-28355
RESERVED
CVE-2023-28354
@@ -10944,7 +10944,7 @@ CVE-2023-28078
CVE-2023-28077
RESERVED
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or
risky crypt ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28075
RESERVED
CVE-2023-28074
@@ -12091,7 +12091,7 @@ CVE-2023-27744
CVE-2023-27743
RESERVED
CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: IDURAR
CVE-2023-27741
RESERVED
CVE-2023-27740
@@ -16988,9 +16988,9 @@ CVE-2023-0866 (Heap-based Buffer Overflow in GitHub
repository gpac/gpac prior t
CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping
WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0864 (Cleartext Transmission of Sensitive Information vulnerability
in ABB T ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0863 (Improper Authentication vulnerability in ABB Terra AC wallbox
(UL40/80 ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable
to path ...)
NOT-FOR-US: NetModule NSRW web administration interface
CVE-2023-0861 (NetModule NSRW web administration interface executes an OS
command con ...)
@@ -18762,7 +18762,7 @@ CVE-2023-25396 (Privilege escalation in the MSI repair
functionality in Caphyon
CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command
injection ...)
NOT-FOR-US: TOTOLINK
CVE-2023-25394 (Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition.
The Update ...)
- TODO: check
+ NOT-FOR-US: Videostream macOS app
CVE-2023-25393
RESERVED
CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL
Certificate Val ...)
@@ -29138,7 +29138,7 @@ CVE-2022-4712
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input
validation in the ...)
- TODO: check
+ NOT-FOR-US: Apache Sling
CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions <
V11.2.3 ...)
NOT-FOR-US: JT Open
CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions <
V11.1.1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8a32d2347bbf1cef1c19248b53c5bc8b9a153a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae8a32d2347bbf1cef1c19248b53c5bc8b9a153a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
