Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3e1c8c4 by Moritz Muehlenhoff at 2023-07-07T16:27:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1268,7 +1268,8 @@ CVE-2023-35172 (NextCloud Server and NextCloud Enterprise
Server provide file st
CVE-2023-35171 (NextCloud Server and NextCloud Enterprise Server provide file
storage ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-35169 (PHP-IMAP is a wrapper for common IMAP communication without
the need t ...)
- TODO: check
+ NOT-FOR-US: PHP-Imap
+ NOTE: src:ldap-account-manager bundles it, but not relevant for it
CVE-2023-35165 (AWS Cloud Development Kit (AWS CDK) is an open-source software
develop ...)
NOT-FOR-US: AWS Cloud Development Kit
CVE-2023-35163 (Vega is a decentralized trading platform that allows
pseudo-anonymous ...)
@@ -10954,7 +10955,7 @@ CVE-2023-29658
CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File
upload in ...)
- extplorer <removed>
CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile
app (Andro ...)
- TODO: check
+ NOT-FOR-US: Darktrace
CVE-2023-29655
RESERVED
CVE-2023-29654
@@ -12001,9 +12002,9 @@ CVE-2023-29383 (In Shadow 4.13, it is possible to
inject control characters into
NOTE:
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
NOTE:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows
an atta ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via
directory trav ...)
NOT-FOR-US: Warpinator
CVE-2023-29379
@@ -13268,7 +13269,7 @@ CVE-2023-1697 (An Improper Handling of Missing Values
vulnerability in the Packe
CVE-2023-1696 (The multimedia video module has a vulnerability in data
processing.Suc ...)
NOT-FOR-US: Huawei
CVE-2023-1695 (Vulnerability of failures to capture exceptions in the
communication f ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-1694 (The Settings module has the file privilege escalation
vulnerability.Su ...)
NOT-FOR-US: Huawei
CVE-2023-1693 (The Settings module has the file privilege escalation
vulnerability.Su ...)
@@ -13276,7 +13277,7 @@ CVE-2023-1693 (The Settings module has the file
privilege escalation vulnerabili
CVE-2023-1692 (The window management module lacks permission
verification.Successful ...)
NOT-FOR-US: Huawei
CVE-2023-1691 (Vulnerability of failures to capture exceptions in the
communication f ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in
VLC and ...)
- ffmpeg 7:5.1.2-1
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
@@ -16781,7 +16782,7 @@ CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise
1.5.0 allow a job submitter
- nomad <not-affected> (Vulnerable code not present; Introduced in
1.5.0)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389
CVE-2023-1298 (ServiceNow has released upgrades and patches that address a
Reflected ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability
exists ...)
NOT-FOR-US: Schneider
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability
exists that c ...)
@@ -19226,7 +19227,7 @@ CVE-2023-27227
CVE-2023-27226
RESERVED
CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User
Registration & Logi ...)
- TODO: check
+ NOT-FOR-US: Admin Panel v3
CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an
attacker to exe ...)
NOT-FOR-US: NginxProxyManager
CVE-2023-27223
@@ -19278,11 +19279,11 @@ CVE-2023-27201
CVE-2023-27200
RESERVED
CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722
allows atta ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722
can allow ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722
can allow ...)
- TODO: check
+ NOT-FOR-US: PAX
CVE-2023-27196
RESERVED
CVE-2023-27195
@@ -21935,9 +21936,9 @@ CVE-2023-26140
CVE-2023-26139
RESERVED
CVE-2023-26138 (All versions of the package drogonframework/drogon are
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: Drogon
CVE-2023-26137 (All versions of the package drogonframework/drogon are
vulnerable to H ...)
- TODO: check
+ NOT-FOR-US: Drogon
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are
vulnerable to Pr ...)
- node-tough-cookie <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
@@ -21964,7 +21965,7 @@ CVE-2023-26129 (All versions of the package bwm-ng are
vulnerable to Command Inj
CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable
to Comma ...)
NOT-FOR-US: Node keep-module-latest
CVE-2023-26127 (All versions of the package n158 are vulnerable to Command
Injection d ...)
- TODO: check
+ NOT-FOR-US: Node n158
CVE-2023-26126 (All versions of the package m.static are vulnerable to
Directory Trave ...)
NOT-FOR-US: m.static
CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0
are vuln ...)
@@ -23876,9 +23877,9 @@ CVE-2023-25585
CVE-2023-25584
RESERVED
CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra
vlan_name ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra
vlan_name ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25581
RESERVED
CVE-2023-25580
@@ -24185,7 +24186,7 @@ CVE-2023-25500 (Possible information disclosure in
Vaadin 10.0.0 to 10.0.23, 11.
CVE-2023-25499 (When adding non-visible components to the UI in server side,
content i ...)
NOT-FOR-US: Vaadin
CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the
urvpn_client ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to
110.0.5481.77 allow ...)
{DSA-5345-1}
- chromium 110.0.5481.77-1
@@ -25171,99 +25172,99 @@ CVE-2023-25126
CVE-2023-25125
REJECTED
CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the
vtysh_ubus binar ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-25069 (TXOne StellarOne has an improper access control privilege
escalation v ...)
NOT-FOR-US: TXOne StellarOne
CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the
libzebra.so. ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus
tcpdump ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in
Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
CVE-2022-48308 (It was discovered that the sls-logging was not verifying
hostnames in ...)
@@ -26665,17 +26666,17 @@ CVE-2022-48283 (A piece of Huawei whole-home
intelligence software has an Incorr
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0
and class ...)
NOT-FOR-US: NYUCCL psiTurk
CVE-2023-24595 (An OS command injection vulnerability exists in the
ys_thirdparty syst ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24583 (Two OS command injection vulnerabilities exist in the
urvpn_client cmd ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24582 (Two OS command injection vulnerabilities exist in the
urvpn_client cmd ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2023-22365 (An OS command injection vulnerability exists in the
ys_thirdparty chec ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus
_get_fw ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: YAFNET
CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not
sanitize and ...)
@@ -27023,9 +27024,9 @@ CVE-2023-24522 (Due to insufficient input sanitization,
SAP NetWeaver AS ABAP (B
CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP
(BSP Fra ...)
NOT-FOR-US: SAP
CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus
toolsh_ ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus
toolsh_ ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-24518
RESERVED
CVE-2023-24517
@@ -27037,7 +27038,7 @@ CVE-2023-24515
CVE-2023-24514
RESERVED
CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client
functional ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0507 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
CVE-2023-0506
@@ -27105,9 +27106,9 @@ CVE-2023-24499 (Butterfly Button plugin may leave
traces of its use on user's de
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does
not proper ...)
NOT-FOR-US: Netgear
CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the
requestHandler ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the
requestHandler ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in
GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before
1.5.9 d ...)
@@ -27306,7 +27307,7 @@ CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions
WB10.9a17 and prior are vu
CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior
store passwo ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-22371 (An os command injection vulnerability exists in the
liburvpn.so create ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use
a propri ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-0456
@@ -27818,7 +27819,7 @@ CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered
to contain a SQL injectio
CVE-2023-24257
RESERVED
CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6
Aspen be ...)
- TODO: check
+ NOT-FOR-US: NIO EC6 Aspen
CVE-2023-24255
RESERVED
CVE-2023-24254
@@ -28342,11 +28343,11 @@ CVE-2023-24034
CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980,
Exynos 1 ...)
NOT-FOR-US: Samsung
CVE-2023-24032 (In Zimbra Collaboration Suite through 9.0 and 8.8.15, an
attacker (who ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24031 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and
8.8.15. ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24030 (An open redirect vulnerability exists in the /preauth Servlet
in Zimbr ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a
host admini ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has
incorre ...)
@@ -28462,21 +28463,21 @@ CVE-2023-23971 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23970
RESERVED
CVE-2023-23907 (A directory traversal vulnerability exists in the server.js
start func ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login
functionali ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-23571 (An access violation vulnerability exists in the eventcore
functionalit ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io
file-export ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22844 (An authentication bypass vulnerability exists in the
requestHandlers.j ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22659 (An os command injection vulnerability exists in the
libzebra.so change ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js
LoginAu ...)
- TODO: check
+ NOT-FOR-US: MilesightVPN
CVE-2023-22306 (An OS command injection vulnerability exists in the
libzebra.so bridge ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0430 (Certificate OCSP revocation status was not checked when
verifying S/Mi ...)
{DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.7.1+1-1
@@ -28790,7 +28791,7 @@ CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German
Mesky GMAce ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23550 (An OS command injection vulnerability exists in the
ys_thirdparty user ...)
- TODO: check
+ NOT-FOR-US: Milesight UR32L
CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator &
WooComm ...)
@@ -28852,7 +28853,7 @@ CVE-2023-23843
CVE-2023-23842
RESERVED
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing
or updat ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23840
RESERVED
CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of
Sensitive I ...)
@@ -28946,7 +28947,7 @@ CVE-2023-23813 (Cross-Site Request Forgery (CSRF)
vulnerability in Joseph C Dols
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joos ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23811 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Neil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23810 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Snap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mori ...)
@@ -28954,7 +28955,7 @@ CVE-2023-23809 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Serg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23807 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Qumo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability
in Davin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23805
@@ -28978,7 +28979,7 @@ CVE-2023-23797 (Cross-Site Request Forgery (CSRF)
vulnerability in SecondLineThe
CVE-2023-23796
RESERVED
CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form
Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eigh ...)
@@ -29024,7 +29025,7 @@ CVE-2023-23549
CVE-2023-23548
RESERVED
CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated
attacker ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk
versions < ...)
- check-mk <removed>
CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance
before 1.6.5 ...)
@@ -29413,7 +29414,7 @@ CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz
WP-TopBar ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability
in JS H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23678
RESERVED
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix
GTmetri ...)
@@ -29963,7 +29964,7 @@ CVE-2023-23541 (A privacy issue was addressed with
improved private data redacti
CVE-2023-23540 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-23539 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23538 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2023-23537 (A privacy issue was addressed with improved private data
redaction for ...)
@@ -30018,7 +30019,7 @@ CVE-2023-23517 (The issue was addressed with improved
memory handling. This issu
- wpewebkit 2.38.4-1
NOTE: https://webkitgtk.org/security/WSA-2023-0001.html
CVE-2023-23516 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23515
RESERVED
CVE-2023-23514 (A use after free issue was addressed with improved memory
management. ...)
@@ -30531,9 +30532,9 @@ CVE-2023-23346
CVE-2023-23345
RESERVED
CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14
allows an ...)
- TODO: check
+ NOT-FOR-US: BigFix
CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal
Server v ...)
- TODO: check
+ NOT-FOR-US: BigFix
CVE-2023-23342
RESERVED
CVE-2023-23341
@@ -31958,7 +31959,7 @@ CVE-2023-XXXX [kodi: VideoPlayerCodec: Stop dividing by
zero]
CVE-2023-22907
RESERVED
CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access
with roo ...)
- TODO: check
+ NOT-FOR-US: Hero Qubo
CVE-2023-22905
RESERVED
CVE-2023-22904
@@ -32392,7 +32393,7 @@ CVE-2023-22836
CVE-2023-22835
RESERVED
CVE-2023-22834 (The Contour Service was not checking that users had permission
to crea ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between
2.519.0 an ...)
NOT-FOR-US: Palantir
CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0
through 1.19. ...)
@@ -32428,11 +32429,11 @@ CVE-2023-22818
CVE-2023-22817
RESERVED
CVE-2023-22816 (A post-authentication remote command injection vulnerability
in a CGI ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22815 (Post-authentication remote command injection vulnerabilities
in Wester ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22814 (An authentication bypass issue via spoofing was discovered in
the toke ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2023-22813 (A device API endpoint was missing access controls on Western
Digital M ...)
NOT-FOR-US: Western Digital
CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure
TLS 1.0 ...)
@@ -32865,7 +32866,7 @@ CVE-2023-22669 (Parsing of DWG files in Open Design
Alliance Drawings SDK before
CVE-2023-22668
RESERVED
CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer
during the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22666
RESERVED
CVE-2023-0094
@@ -35195,9 +35196,9 @@ CVE-2021-4275 (A vulnerability, which was classified as
problematic, was found i
CVE-2023-22388
RESERVED
CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX
write leadin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW
request to all ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22385
RESERVED
CVE-2023-22384
@@ -35951,7 +35952,7 @@ CVE-2022-47616 (Hitron CODA-5310 has insufficient
filtering for specific paramet
CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013
WordPress LMS P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47614 (Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore
API plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Quan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland
Barker, xnau ...)
@@ -35993,7 +35994,7 @@ CVE-2022-47595 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2022-47594
RESERVED
CVE-2022-47593 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in
RapidLoad Ra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in
Dmytriy.Cooperma ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael
Austoni ...)
@@ -39895,7 +39896,7 @@ CVE-2018-25048 (The CODESYS runtime system in multiple
versions allows an remote
CVE-2023-21673
RESERVED
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel
playback or ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21671
RESERVED
CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command
execution ...)
@@ -39957,31 +39958,31 @@ CVE-2023-21643
CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system
privile ...)
NOT-FOR-US: Qualcomm
CVE-2023-21641 (An app with non-privileged access can change global system
brightness ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21640 (Memory corruption in Linux when the file upload API is called
with par ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21639 (Memory corruption in Audio while processing
sva_model_serializer using ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21638 (Memory corruption in Video while calling APIs with different
instance ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21637 (Memory corruption in Linux while calling system configuration
APIs.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21636
RESERVED
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when
sim gets d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21634
RESERVED
CVE-2023-21633 (Memory Corruption in Linux while processing
QcRilRequestImsRegisterMul ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl
memory node.)
NOT-FOR-US: Qualcomm
CVE-2023-21631 (Weak Configuration due to improper input validation in Modem
while pro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer
overflow when ...)
NOT-FOR-US: Qualcomm
CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing
the PKCS15 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command
or FTM ...)
NOT-FOR-US: Qualcomm
CVE-2023-21627
@@ -39991,7 +39992,7 @@ CVE-2023-21626
CVE-2023-21625
RESERVED
CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic
module.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-46750
REJECTED
CVE-2022-46749
@@ -40035,13 +40036,13 @@ CVE-2022-46720 (An integer overflow was addressed
with improved input validation
CVE-2022-46719
REJECTED
CVE-2022-46718 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2022-46717 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2022-46716 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-46715 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2022-46714
RESERVED
CVE-2022-46713 (A race condition was addressed with additional validation.
This issue ...)
@@ -40818,9 +40819,9 @@ CVE-2022-46410 (An issue was discovered in Veritas
NetBackup Flex Scale through
CVE-2022-46409
RESERVED
CVE-2022-46408 (Ericsson Network Manager (ENM), versions prior to 22.1,
contains a vul ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2022-46407 (Ericsson Network Manager (ENM), versions prior to 22.2,
contains a vul ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2022-46406
RESERVED
CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of
service ( ...)
@@ -42097,7 +42098,7 @@ CVE-2022-46082
CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session
wouldn't preve ...)
NOT-FOR-US: Garmin
CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass
and comm ...)
- TODO: check
+ NOT-FOR-US: Nexxt Nebula
CVE-2022-46079
RESERVED
CVE-2022-46078
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e1c8c4dd32e7ef6883e9d54dc3439cc453f6b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3e1c8c4dd32e7ef6883e9d54dc3439cc453f6b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
