Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17c428e5 by Moritz Muehlenhoff at 2023-07-14T14:51:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -176,25 +176,25 @@ CVE-2023-34136 (Vulnerability in SonicWall GMS and
Analytics allows unauthentica
CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics
allows a r ...)
NOT-FOR-US: SonicWall
CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34132 (Use of password hash instead of password for authentication
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption
Algorithm (TE ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34129 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS
and Anal ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an
authenticated a ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an
authentica ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics
Web Servic ...)
NOT-FOR-US: SonicWall
CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall
GMS, So ...)
@@ -202,7 +202,7 @@ CVE-2023-34123 (Use of Hard-coded Cryptographic Key
vulnerability in SonicWall G
CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1
contains ...)
NOT-FOR-US: PowerShield SNMP Web Pro
CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Florist Site
CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.11.11+ds1-1
CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -264,65 +264,65 @@ CVE-2023-37455 (The permission request prompt from the
site in the background ta
CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop
version ...)
TODO: check
CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33903 (In FM service, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33902 (In bluetooth service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33901 (In bluetooth service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33900 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33899 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33898 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33895 (In fastDial service, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33894 (In fastDial service, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33893 (In fastDial service, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33892 (In fastDial service, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33891 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33890 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33889 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33888 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33887 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33886 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33885 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33884 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33883 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33882 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33881 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33880 (In music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33879 (In music service, there is a missing permission check. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native
modules, allo ...)
- TODO: check
+ NOT-FOR-US: DigiExam
CVE-2023-32789 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: DigiExam
CVE-2023-32788 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: DigiExam
CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin
5.0.1 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins
ElasticBo ...)
@@ -462,13 +462,13 @@ CVE-2023-32200 (There is insufficient restrictions of
called script functions in
CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to
unauth ...)
NOT-FOR-US: WP-Members Membership plugin for WordPress
CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer
Overflow vul ...)
- TODO: check
+ NOT-FOR-US: SOLIDWORKS
CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure
exists ...)
- TODO: check
+ NOT-FOR-US: SOLIDWORKS
CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized
access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized
modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress
is vul ...)
NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress
CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for
WordPres ...)
@@ -713,7 +713,7 @@ CVE-2023-35336 (Windows MSHTML Platform Security Feature
Bypass Vulnerability)
CVE-2023-35335 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-35333 (MediaWiki PandocUpload Extension Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: MediaWiki extension PandocUpload
CVE-2023-35332 (Windows Remote Desktop Protocol Security Feature Bypass)
NOT-FOR-US: Microsoft
CVE-2023-35331 (Windows Local Security Authority (LSA) Denial of Service
Vulnerability)
@@ -923,15 +923,15 @@ CVE-2023-32034 (Remote Procedure Call Runtime Denial of
Service Vulnerability)
CVE-2023-32033 (Microsoft Failover Cluster Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-31818 (An issue found in Marukyu Line v.13.4.1 allows a remote
attacker to ga ...)
- TODO: check
+ NOT-FOR-US: Marukyu Line
CVE-2023-31191 (DroneScout ds230 Remote ID receiver from BlueMark Innovations
is affec ...)
- TODO: check
+ NOT-FOR-US: DroneScout
CVE-2023-31190 (DroneScout ds230 Remote ID receiver from BlueMark Innovations
is affec ...)
- TODO: check
+ NOT-FOR-US: DroneScout
CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains an API
that t ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark
Innovationsis affect ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x
through ...)
TODO: check
CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability
where an au ...)
@@ -8738,65 +8738,65 @@ CVE-2023-30944 (The vulnerability was found Moodle
which exists due to insuffici
CVE-2023-30943 (The vulnerability was found Moodle which exists because the
applicatio ...)
- moodle <removed>
CVE-2023-30942 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30941 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30940 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30939 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30938 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30937 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30936 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30935 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30934 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30933 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30932 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30931 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30930 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30929 (In telephony service, there is a possible missing permission
check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30928 (In telephony service, there is a possible missing permission
check. Th ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30927 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30926 (In opm service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30925 (In opm service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30924 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30923 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30922 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30921 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30920 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30919 (In messaging service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30918 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30917 (In DMService, there is a possible missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30916 (In DMService, there is a possible missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-30915 (In email service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
CVE-2023-30914 (In email service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
CVE-2023-30913 (In telephony service, there is a missing permission check.
This could ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-2240 (Improper Privilege Management in GitHub repository
microweber/microweb ...)
NOT-FOR-US: microweber
CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
@@ -9525,7 +9525,7 @@ CVE-2023-2084 (The Essential Blocks plugin for WordPress
is vulnerable to unauth
CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2081
RESERVED
CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -9996,7 +9996,7 @@ CVE-2023-2074 (A vulnerability was found in Campcodes
Online Traffic Offense Man
CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense
Manageme ...)
NOT-FOR-US: Campcodes Online Traffic Offense Management System
CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored
cross-site s ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2023-2071
RESERVED
CVE-2023-2070
@@ -10167,9 +10167,9 @@ CVE-2022-48453
CVE-2022-48452
RESERVED
CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write
due to r ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48450 (In bluetooth service, there is a possible missing params
check. This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48449
RESERVED
CVE-2022-48448 (In telephony service, there is a possible missing permission
check. Th ...)
@@ -10215,19 +10215,19 @@ CVE-2023-30567
CVE-2023-30566
RESERVED
CVE-2023-30565 (An insecure connection between Systems Manager and CQI
Reporter applic ...)
- TODO: check
+ NOT-FOR-US: CQI ReporterUnisoc
CVE-2023-30564 (Alaris Systems Manager does not perform input validation
during the De ...)
- TODO: check
+ NOT-FOR-US: Alaris Systems Manager
CVE-2023-30563 (A malicious file could be uploaded into a System Manager User
Import F ...)
- TODO: check
+ NOT-FOR-US: Alaris Systems Manager
CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with
and dis ...)
- TODO: check
+ NOT-FOR-US: Balarisa Systems Manager
CVE-2023-30561 (The data flowing between the PCU and its modules is insecure.
A threat ...)
- TODO: check
+ NOT-FOR-US: Alarisa
CVE-2023-30560 (The configuration from the PCU can be modified without
authentication ...)
- TODO: check
+ NOT-FOR-US: Alarisa
CVE-2023-30559 (The configuration from the PCU can be modified without
authentication ...)
- TODO: check
+ NOT-FOR-US: Alarisa
CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery
project cont ...)
NOT-FOR-US: Archery
CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery
project cont ...)
@@ -10309,7 +10309,7 @@ CVE-2023-2005 (Vulnerability in Tenable Tenable.Io,
Tenable Nessus, Tenable Secu
CVE-2023-2004
REJECTED
CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the
build 5 of ...)
- TODO: check
+ NOT-FOR-US: Vision120
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due
to a m ...)
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c428e52405d664ce3761f60dd2bc5dcfda3a70
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c428e52405d664ce3761f60dd2bc5dcfda3a70
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
