Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8e7b40f by Salvatore Bonaccorso at 2023-05-30T22:25:24+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The
vulnerability ...)
TODO: check
CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes
provider ve ...)
@@ -13,9 +13,9 @@ CVE-2023-33178 (Xibo is a content management system (CMS). An
SQL injection vuln
CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal
vulnerabil ...)
TODO: check
CVE-2023-32699 (MeterSphere is an open source continuous testing platform.
Version 2.9 ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2023-32696 (CKAN is an open-source data management system for powering
data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2023-32689 (Parse Server is an open source backend that can be deployed to
any inf ...)
TODO: check
CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for
running ...)
@@ -5532,7 +5532,7 @@ CVE-2023-30198
CVE-2023-30197
RESERVED
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect
Access Co ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30195
RESERVED
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL
Injection via ...)
@@ -12428,7 +12428,7 @@ CVE-2023-27990 (The XSS vulnerability in Zyxel ATP
series firmware versions 4.32
CVE-2023-27989
RESERVED
CVE-2023-27988 (The post-authentication command injection vulnerability in the
Zyxel N ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by
Linkis ...)
NOT-FOR-US: Apache Linkis
CVE-2023-1297
@@ -13575,7 +13575,7 @@ CVE-2023-27615
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian
Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
MonitorC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27612
RESERVED
CVE-2023-27611
@@ -21502,9 +21502,9 @@ CVE-2023-24828 (Onedev is a self-hosted Git Server with
CI/CD and Kanban. In ver
CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software
Bill of ...)
NOT-FOR-US: syft
CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
- cmark-gfm <unfixed> (bug #1034171)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -21537,7 +21537,7 @@ CVE-2023-24819 (RIOT-OS, an operating system that
supports Internet of Things de
CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
NOT-FOR-US: RIOT-OS
CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24816 (IPython (Interactive Python) is a command shell for
interactive comput ...)
- ipython <not-affected> (Windows-specific)
NOTE:
https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7
@@ -22113,23 +22113,23 @@ CVE-2023-24607 (Qt before 6.4.3 allows a denial of
service via a crafted string
CVE-2023-24606
RESERVED
CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA
for all ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP
header le ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size
limits wh ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data
to the T ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a
non-app dee ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information
leak in th ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading
(without ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- froxlor <itp> (bug #581792)
CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor
prior to 2. ...)
@@ -22315,7 +22315,7 @@ CVE-2023-24570
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior
contain an I ...)
NOT-FOR-US: Dell
CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate
with Ho ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ'
version di ...)
NOT-FOR-US: Dell
CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
@@ -24640,9 +24640,9 @@ CVE-2023-23757
CVE-2023-23756
RESERVED
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The
lack of ra ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack
of input ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual
Composer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
@@ -24812,7 +24812,7 @@ CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23700
RESERVED
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0342
RESERVED
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of
editorconfig ...)
@@ -25428,7 +25428,7 @@ CVE-2023-23563
CVE-2023-23562
RESERVED
CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has
Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Stormshield Endpoint Security
CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur
because ...)
NOT-FOR-US: Lexmark
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the
Linux k ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8e7b40f807e4e46a43fcd4c062b38b23b1baa1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8e7b40f807e4e46a43fcd4c062b38b23b1baa1f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
