Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49d298b8 by Moritz Muehlenhoff at 2023-09-01T10:40:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14620,23 +14620,23 @@ CVE-2023-31177
CVE-2023-31176
RESERVED
CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the
Schweitz ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the
Schweitzer En ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer
Engineering ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in
the Schwe ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL
Command ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the
Schweitz ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
@@ -15324,7 +15324,7 @@ CVE-2023-2231 (A vulnerability, which was classified as
critical, was found in M
CVE-2023-2230
REJECTED
CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa
prior to 2 ...)
@@ -15444,7 +15444,7 @@ CVE-2023-2190 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30896
RESERVED
CVE-2023-30895
@@ -21867,7 +21867,7 @@ CVE-2023-28803
CVE-2023-28802
RESERVED
CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the
SAML authen ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-28800 (When using local accounts for administration, the redirect url
paramet ...)
NOT-FOR-US: Zscaler
CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection.
An atta ...)
@@ -22265,7 +22265,7 @@ CVE-2023-28694
CVE-2023-28693 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Balasahe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kevo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28691
RESERVED
CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
@@ -23270,7 +23270,7 @@ CVE-2023-28417
CVE-2023-28416
RESERVED
CVE-2023-28415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Xoot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Apex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms
versions v5.0.6 ...)
@@ -25912,7 +25912,7 @@ CVE-2023-27623
CVE-2023-27622
RESERVED
CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in MrDe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
@@ -26533,7 +26533,7 @@ CVE-2023-27428
CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NTZA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27426 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Noti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jame ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy
aka Shr ...)
@@ -32292,7 +32292,7 @@ CVE-2023-0691 (The Metform Elementor Contact Form
Builder for WordPress is vulne
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue
where w ...)
NOT-FOR-US: HashiCorp Boundary
CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has
been rat ...)
@@ -32352,7 +32352,7 @@ CVE-2023-25473 (Cross-Site Request Forgery (CSRF)
vulnerability in Miro Mannino
CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Pod ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Webcodin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton
Skorobogatov ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25469
@@ -32362,7 +32362,7 @@ CVE-2023-25468 (Cross-Site Request Forgery (CSRF)
vulnerability in Reservation.S
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Mores, A. Hu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Mahlamus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25465
RESERVED
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Stre ...)
@@ -32370,7 +32370,7 @@ CVE-2023-25464 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25463
RESERVED
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nami ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
@@ -32388,7 +32388,7 @@ CVE-2023-25455
CVE-2023-25454
RESERVED
CVE-2023-25453 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ian Sado ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mich ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPCh ...)
@@ -33453,7 +33453,7 @@ CVE-2023-25021 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Kiboko Labs ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Premio C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0657
RESERVED
CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS
allows a re ...)
@@ -33461,7 +33461,7 @@ CVE-2023-0656 (A Stack-based buffer overflow
vulnerability in the SonicOS allows
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could
permit a ...)
NOT-FOR-US: SonicWall
CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for
Android ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0653
RESERVED
CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the
repair ...)
@@ -34909,7 +34909,7 @@ CVE-2023-24550 (A vulnerability has been identified in
Solid Edge SE2022 (All ve
CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN
configured, malfor ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2023-24547
RESERVED
CVE-2023-24546 (On affected versions of the CloudVision Portal improper access
control ...)
@@ -35508,7 +35508,7 @@ CVE-2023-24403 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Veribo, Rol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24401 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24400 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Hu-ma ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -35516,7 +35516,7 @@ CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Snap ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rese ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Cont ...)
@@ -37189,15 +37189,15 @@ CVE-2014-125083 (A vulnerability has been found in
Anant Labs google-enterprise-
CVE-2013-10014 (A vulnerability classified as critical has been found in
oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on
unhandled ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware
authenticity. Th ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update
authentic ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password.
The Mot ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor
password. Th ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2023-23769
RESERVED
CVE-2023-23768
@@ -37207,7 +37207,7 @@ CVE-2023-23767
CVE-2023-23766
RESERVED
CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23763
@@ -38334,7 +38334,7 @@ CVE-2023-0240 (There is a logic error in io_uring's
implementation which can be
CVE-2023-0239
RESERVED
CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client
(<=6.29) for ...)
- TODO: check
+ NOT-FOR-US: WARP Mobile Client
CVE-2023-0237
REJECTED
CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise
and esc ...)
@@ -47622,9 +47622,9 @@ CVE-2022-46871 (An out of date library (libusrsctp)
contained vulnerabilities th
CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
NOT-FOR-US: Apache Zeppelin
CVE-2022-46869 (Local privilege escalation during installation due to improper
soft li ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-46868 (Local privilege escalation during recovery due to improper
soft link h ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil
Universal St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty
Thornley Impo ...)
@@ -51903,7 +51903,7 @@ CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The
following products are a
CVE-2022-45452 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis
CVE-2022-45451 (Local privilege escalation due to insecure driver
communication port p ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45450 (Sensitive information disclosure and manipulation due to
improper auth ...)
NOT-FOR-US: Acronis
CVE-2022-45449
@@ -55644,7 +55644,7 @@ CVE-2023-20892 (The vCenter Server contains a heap
overflow vulnerability due to
CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation
Segment con ...)
NOT-FOR-US: VMware
CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write
vulnerab ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20889 (Aria Operations for Networks contains an information
disclosure vulner ...)
NOT-FOR-US: VMware
CVE-2023-20888 (Aria Operations for Networks contains an authenticated
deserialization ...)
@@ -58462,7 +58462,7 @@ CVE-2023-20268
CVE-2023-20267
RESERVED
CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20265
RESERVED
CVE-2023-20264
@@ -180457,7 +180457,7 @@ CVE-2021-3264 (SQL Injection vulnerability in cxuucms
3.1 ivia the pid parameter
CVE-2021-3263
RESERVED
CVE-2021-3262 (TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084
NovusEDU-2.2. ...)
- TODO: check
+ NOT-FOR-US: TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084
CVE-2021-3261
RESERVED
CVE-2021-3260
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d298b8ee8efb99b9a96d41d9229f0ebd7e4caf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d298b8ee8efb99b9a96d41d9229f0ebd7e4caf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
