Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0134ba5 by Salvatore Bonaccorso at 2023-09-14T22:36:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital
Yepas all ...)
- TODO: check
+ NOT-FOR-US: Yepas Digital Yepas
CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated
as probl ...)
- phpipam <itp> (bug #731713)
CVE-2023-4951 (A cross site scripting issue was discovered with the pagination
functi ...)
- TODO: check
+ NOT-FOR-US: GreenRADIUS web admin interface
CVE-2023-4832 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Aceka Company Management
CVE-2023-4766 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Movus
CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Yepas Digital Yepas
CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability
in Exaga ...)
- TODO: check
+ NOT-FOR-US: Exagate SYSGuard 3001
CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-42180 (An arbitrary file upload vulnerability in the /user/upload
component o ...)
- TODO: check
+ NOT-FOR-US: lenosp
CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log
query mo ...)
- TODO: check
+ NOT-FOR-US: lenosp
CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA
plugin v10.1 ...)
TODO: check
CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications
China M ...)
- TODO: check
+ NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home
Gateway
CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe
Communicat ...)
- TODO: check
+ NOT-FOR-US: China Telecom Tianyi Home Gateway
CVE-2023-40779 (An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2
allows a remo ...)
- TODO: check
+ NOT-FOR-US: IceWarp
CVE-2023-39286 (A vulnerability in the Connect Mobility Router component of
Mitel MiVo ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-39285 (A vulnerability in the Edge Gateway component of Mitel MiVoice
Connect ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2023-38558 (A vulnerability has been identified in SIMATIC PCS neo
(Administration ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ
weak passw ...)
TODO: check
CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are
configured wi ...)
@@ -45,7 +45,7 @@ CVE-2023-37739 (i-doit Pro v25 and below was discovered to be
vulnerable to path
CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version
3.0.2, allow ...)
TODO: check
CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site
WebSocket Hija ...)
- TODO: check
+ NOT-FOR-US: Movim
CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WooCommerce CVR Payment Gateway plugin for WordPress
CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable
to Stor ...)
@@ -129,7 +129,7 @@ CVE-2023-40715 (A cleartext storage of sensitive
information vulnerability [CWE-
CVE-2023-3935 (A heap buffer overflow vulnerability in Wibu CodeMeter Runtime
network ...)
NOT-FOR-US: Wibu CodeMeter Runtime
CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting
Teamwork C ...)
- TODO: check
+ NOT-FOR-US: 3ds
CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1
contains ...)
@@ -277,9 +277,9 @@ CVE-2023-40611 (Apache Airflow, versions before 2.7.1, is
affected by a vulnerab
CVE-2023-40218 (An issue was discovered in the NPU kernel driver in Samsung
Exynos Mob ...)
NOT-FOR-US: Samsung
CVE-2023-3712 (Files or Directories Accessible to External Parties
vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-3711 (Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM
(Print ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-3710 (Improper Input Validation vulnerability in Honeywell PM43 on 32
bit, A ...)
NOT-FOR-US: Honeywell
CVE-2023-39637 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a command
injecti ...)
@@ -345,13 +345,13 @@ CVE-2023-38071 (A vulnerability has been identified in
JT2Go (All versions < V14
CVE-2023-38070 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.1 ...)
NOT-FOR-US: Siemens
CVE-2023-37881 (Weak access control in Wing FTP Server (Admin Web Client)
allows for p ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2023-37879 (Insecure storage of sensitive information in Wing FTP Server
(User Web ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2023-37878 (Insecure default permissions in Wing FTP Server (Admin Web
Client) all ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2023-37875 (Improper encoding or escaping of output in Wing FTP Server
(User Web C ...)
- TODO: check
+ NOT-FOR-US: Wing FTP Server
CVE-2023-36886 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-36805 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
@@ -427,9 +427,9 @@ CVE-2023-36736 (Microsoft Identity Linux Broker Remote Code
Execution Vulnerabil
CVE-2023-35355 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2023-34470 (AMI AptioV contains a vulnerability in BIOS where an Attacker
may use ...)
- TODO: check
+ NOT-FOR-US: AMI AptioV
CVE-2023-34469 (AMI AptioV contains a vulnerability in BIOS where an Attacker
may use ...)
- TODO: check
+ NOT-FOR-US: AMI AptioV
CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-XXXX [receiving with Lightning: partial MPP might be accepted]
@@ -457,11 +457,11 @@ CVE-2023-XXXX [RUSTSEC-2023-0057: Fails to prohibit
standard library access prio
NOTE: https://github.com/dtolnay/inventory/pull/43
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0057.html
CVE-2023-4899 (SQL Injection in GitHub repository mintplex-labs/anything-llm
prior to ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2023-4898 (Authentication Bypass by Primary Weakness in GitHub repository
mintple ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2023-4897 (Relative Path Traversal in GitHub repository
mintplex-labs/anything-ll ...)
- TODO: check
+ NOT-FOR-US: anything-llm
CVE-2023-4893 (The Crayon Syntax Highlighter plugin for WordPress is
vulnerable to Se ...)
NOT-FOR-US: Crayon Syntax Highlighter plugin for WordPress
CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for
WordPress is ...)
@@ -536,9 +536,9 @@ CVE-2023-40622 (SAP BusinessObjects Business Intelligence
Platform (Promotion Ma
CVE-2023-40621 (SAP PowerDesigner Client - version 16.7, allows an
unauthenticated att ...)
NOT-FOR-US: SAP
CVE-2023-40442 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40440 (This issue was addressed with improved state management of
S/MIME encr ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40309 (SAP CommonCryptoLib does not perform necessary authentication
checks, ...)
NOT-FOR-US: SAP
CVE-2023-40308 (SAP CommonCryptoLiballows an unauthenticated attacker to craft
a reque ...)
@@ -552,45 +552,45 @@ CVE-2023-38878 (A reflected cross-site scripting (XSS)
vulnerability in DevCode
CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business
Intelligen ...)
NOT-FOR-US: SAP
CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible
memory corru ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35684 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of
bounds wr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35683 (In bindSelection of DatabaseUtils.java, there is a possible
way to acc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35682 (In hasPermissionForActivity of PackageManagerHelper.java,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35681 (In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35680 (In multiple locations, there is a possible way to import
contacts belo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35679 (In MtpPropertyValue of MtpProperty.h, there is a possible out
of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35677 (In onCreate of DeviceAdminAdd.java, there is a possible way to
forcibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35676 (In createQuickShareAction of SaveImageInBackgroundTask.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35675 (In loadMediaResumptionControls of MediaResumeListener.kt,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35674 (In onCreate of WindowState.java, there is a possible way to
launch a b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35673 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35671 (In onHostEmulationData of HostEmulationManager.java, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35670 (In computeValuesFromData of FileUtils.java, there is a
possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35669 (In checkKeyIntentParceledCorrectly of
AccountManagerService.java, ther ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35667 (In updateList of NotificationAccessSettings.java, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35666 (In bta_av_rc_msg of bta_av_act.cc, there is a possible use
after free ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35665 (In multiple files, there is a possible way to import a contact
from an ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a
possible priv ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the
netfilter subs ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1)
@@ -683,7 +683,7 @@ CVE-2023-31468 (An issue was discovered in Inosoft VisiWin
7 through 2022-2.1 (R
CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication,
when c ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android
allows a re ...)
NOT-FOR-US: wave.ai.browser application
CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through
6.8.0 fo ...)
@@ -16877,11 +16877,11 @@ CVE-2023-31071 (Unauth. Reflected Cross-Site
Scripting (XSS) vulnerability in Ya
CVE-2023-31070
RESERVED
CVE-2023-31069 (An issue was discovered in TSplus Remote Access through
16.0.2.14. Cre ...)
- TODO: check
+ NOT-FOR-US: TSplus
CVE-2023-31068 (An issue was discovered in TSplus Remote Access through
16.0.2.14. The ...)
- TODO: check
+ NOT-FOR-US: TSplus
CVE-2023-31067 (An issue was discovered in TSplus Remote Access through
16.0.2.14. The ...)
- TODO: check
+ NOT-FOR-US: TSplus
CVE-2023-31066 (Files or Directories Accessible to External Parties
vulnerability in A ...)
NOT-FOR-US: Apache InLong
CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache
Software Found ...)
@@ -18438,7 +18438,7 @@ CVE-2023-2073 (A vulnerability was found in Campcodes
Online Traffic Offense Man
CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored
cross-site s ...)
NOT-FOR-US: Rockwell
CVE-2023-2071 (Rockwell Automation FactoryTalk View Machine Edition on the
PanelView ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -21400,7 +21400,7 @@ CVE-2022-48436
CVE-2023-29464
RESERVED
CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is
exposed to ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-29462 (An arbitrary code execution vulnerability contained in
Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-29461 (An arbitrary code execution vulnerability contained in
Rockwell Automa ...)
@@ -22022,7 +22022,7 @@ CVE-2023-29334 (Microsoft Edge (Chromium-based)
Spoofing Vulnerability)
CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29332 (Microsoft Azure Kubernetes Service Elevation of Privilege
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability)
@@ -22078,9 +22078,9 @@ CVE-2023-29308 (Adobe InDesign versions ID18.3 (and
earlier) and ID17.4.1 (and e
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29306 (Adobe Connect versions 12.3 and earlier are affected by a
reflected Cr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29305 (Adobe Connect versions 12.3 and earlier are affected by a
reflected Cr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
@@ -22483,7 +22483,7 @@ CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business
Server Pages) - versions 700
CVE-2023-29184
RESERVED
CVE-2023-29183 (An improper neutralization of input during web page generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in
Fortinet Forti ...)
NOT-FOR-US: FortiGuard
CVE-2023-29181
@@ -23745,7 +23745,7 @@ CVE-2023-28833 (Nextcloud server is an open source home
cloud implementation. In
CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7
CC712 ( ...)
NOT-FOR-US: Siemens
CVE-2023-28831 (The ANSI C OPC UA SDK contains an integer overflow
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions <
V14.2.0.5 ...)
NOT-FOR-US: Siemens
CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software
V14 (Al ...)
@@ -26731,7 +26731,7 @@ CVE-2023-28000 (An improper neutralization of special
elements used in an OS com
CVE-2023-27999 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
CVE-2023-27998 (A lack of custom error pages vulnerability [CWE-756] in
FortiPresence ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in
FortiOS versio ...)
NOT-FOR-US: FortiGuard
CVE-2023-27996
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0134ba5b396c3eb62e8d3da23a226ee663c4908
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0134ba5b396c3eb62e8d3da23a226ee663c4908
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
