[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 27 Jul 2023 14:32:01 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
de1039a8 by Moritz Muehlenhoff at 2023-07-27T23:31:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,67 +11,67 @@ CVE-2023-37369
        NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader
        NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027
 CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository 
omeka/omeka-s ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository 
omeka/omeka-s  ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository 
omeka/omeka-s ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior 
to 21.5. ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior 
to 21.4. ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
jgraph/dra ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2023-3970 (A vulnerability, which was classified as problematic, was found 
in GZ  ...)
-       TODO: check
+       NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP
 CVE-2023-3969 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP
 CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream 
WpStream \ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in 
version 3. ...)
-       TODO: check
+       NOT-FOR-US: Tolgee
 CVE-2023-38509 (XWiki Platform is a generic wiki platform. In 
org.xwiki.platform:xwiki ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system 
DietPi. T ...)
-       TODO: check
+       NOT-FOR-US: DietPi-Dashboard
 CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps 
prior to  ...)
-       TODO: check
+       NOT-FOR-US: sails.js
 CVE-2023-38495 (Crossplane is a framework for building cloud native control 
planes wit ...)
-       TODO: check
+       NOT-FOR-US: Crossplane
 CVE-2023-38492 (Kirby is a content management system. A vulnerability in 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2023-38491 (Kirby is a content management system. A vulnerability in 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2023-38490 (Kirby is a content management system. A vulnerability in 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2023-38489 (Kirby is a content management system. A vulnerability in 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2023-38488 (Kirby is a content management system. A vulnerability in 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Kirby
 CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in 
maennchen1.De ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WPKube A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Grav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Saturday ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WPFunnel ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Radio Fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
RadiusTh ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-37900 (Crossplane is a framework for building cloud native control 
planes wit ...)
-       TODO: check
+       NOT-FOR-US: Crossplane
 CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
RadiusTh ...)
-       TODO: check
+       NOT-FOR-US: WooCommerce plugin
 CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul 
Online Fire R ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Online Fire Reporting System
 CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul 
Online Fire R ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Online Fire Reporting System
 CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable 
to unau ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to 
unauthorized ...)
@@ -171,7 +171,7 @@ CVE-2023-3622 (Access Control Bypass Vulnerability in the 
SolarWinds Platform th
 CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper 
Initial ...)
        NOT-FOR-US: B&R Industrial Automation
 CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was 
requesti ...)
-       TODO: check
+       - intellij-idea <itp> (bug #747616)
 CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. 
This resul ...)
        NOT-FOR-US: PaddlePaddle
 CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw 
can cause  ...)
@@ -19332,7 +19332,7 @@ CVE-2023-28132
 CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to 
take ov ...)
        NOT-FOR-US: expo.io
 CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal 
hostname ...)
-       TODO: check
+       NOT-FOR-US: Gaia Portal
 CVE-2023-28129
        RESERVED
 CVE-2023-28128 (An unrestricted upload of file with dangerous type 
vulnerability exist ...)
@@ -74521,7 +74521,7 @@ CVE-2022-2503 (Dm-verity is used for extending 
root-of-trust to root filesystems
        NOTE: 
https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 (5.19-rc1)
        NOTE: 
https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m
 CVE-2022-2502 (A vulnerability exists in the HCI IEC 60870-5-104 function 
included in ...)
-       TODO: check
+       NOT-FOR-US: HCI
 CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in 
Django 3.2 b ...)
        {DSA-5254-1}
        - python-django 3:3.2.15-1
@@ -88247,13 +88247,13 @@ CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows 
attackers to activate Tethe
 CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the 
passcod ...)
        NOT-FOR-US: Owl Labs Meeting Owl
 CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header 
poisoning ...)
-       TODO: check
+       NOT-FOR-US: RTX TRAP
 CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory 
traversal via a  ...)
-       TODO: check
+       NOT-FOR-US: RTX TRAP
 CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Truedesk
 CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk 
v1.2.2 allows ...)
-       TODO: check
+       NOT-FOR-US: Truedesk
 CVE-2022-31454
        RESERVED
 CVE-2022-31453
@@ -88887,7 +88887,7 @@ CVE-2022-31202 (The export function in SoftGuard Web 
(SGW) before 5.1.5 allows d
 CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.)
        NOT-FOR-US: SoftGuard Web
 CVE-2022-31200 (Atmail 5.62 allows XSS via the 
mail/parse.php?file=html/$this-%3ELangu ...)
-       TODO: check
+       NOT-FOR-US: Atmail
 CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix 
Auditor Use ...)
        NOT-FOR-US: Netwrix Auditor
 CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a 
cached c ...)
@@ -147470,7 +147470,7 @@ CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible 
to upload a remote shell (
 CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It 
is possib ...)
        NOT-FOR-US: Kooboo CMS
 CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer 
IceWarp Serve ...)
-       TODO: check
+       NOT-FOR-US: IceWarp MailServer
 CVE-2021-36579
        RESERVED
 CVE-2021-36578
@@ -214187,7 +214187,7 @@ CVE-2020-22625
 CVE-2020-22624
        RESERVED
 CVE-2020-22623 (Directory traversal vulnerability in Jinfornet Jreport 15.6 
allows una ...)
-       TODO: check
+       NOT-FOR-US: Jinfornet Jreport
 CVE-2020-22622
        RESERVED
 CVE-2020-22621



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1039a8e6157ab19766026418d6cea458363df5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1039a8e6157ab19766026418d6cea458363df5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to