Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2be57dc by Salvatore Bonaccorso at 2023-09-24T17:17:41+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2023-42821 (The package `github.com/gomarkdown/markdown`
is a Go library for
NOTE:
https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940
NOTE:
https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2
CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis.
Prior to ver ...)
- TODO: check
+ NOT-FOR-US: Galaxy
CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting
in vers ...)
TODO: check
CVE-2023-42798 (AutomataCI is a template git repository equipped with a native
built-i ...)
@@ -147,7 +147,7 @@ CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows
a GPU Use After Free
CVE-2023-42458 (Zope is an open-source web application server. Prior to
versions 4.8.1 ...)
NOT-FOR-US: Zope
CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST,
PUT, DELE ...)
- TODO: check
+ NOT-FOR-US: plone.rest
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows
users to ...)
TODO: check
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The
download metho ...)
@@ -161,9 +161,9 @@ CVE-2023-41992 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-41991 (A certificate validation issue was addressed. This issue is
fixed in i ...)
TODO: check
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image`
fields targe ...)
- TODO: check
+ NOT-FOR-US: plone.namedfile
CVE-2023-40183 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup
1.4.11 and ...)
NOT-FOR-US: Prestashop opartplannedpopup
CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop
opartfaq th ...)
@@ -196,7 +196,7 @@ CVE-2023-38876 (A reflected cross-site scripting (XSS)
vulnerability in msaad199
CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in
msaad1999's PH ...)
NOT-FOR-US: msaad1999's PHP-Login-System
CVE-2023-37279 (Faktory is a language-agnostic persistent background job
server. Prior ...)
- TODO: check
+ NOT-FOR-US: Faktory
CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1,
allows attac ...)
- netbox <itp> (bug #1017079)
CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0,
allows remot ...)
@@ -204,15 +204,15 @@ CVE-2023-36109 (Buffer Overflow vulnerability in
JerryScript version 3.0, allows
CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart
through 2.0.7 ...)
NOT-FOR-US: PrestaShop opartsavecart
CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository
hestiacp/h ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2023-5074 (Use of a static key to protect a JWT token used in user
authentication ...)
NOT-FOR-US: D-Link
CVE-2023-5042 (Sensitive information disclosure due to insecure folder
permissions. T ...)
NOT-FOR-US: Acronis
CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a
compromi ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot
solution imple ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the
\u201cvault\u201 ...)
TODO: check
CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Build Fai ...)
@@ -234,9 +234,9 @@ CVE-2023-43495 (Jenkins 2.423 and earlier, LTS 2.414.1 and
earlier does not esca
CVE-2023-43494 (Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1
through 2.414. ...)
- jenkins <removed>
CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan
LH1000), fi ...)
- TODO: check
+ NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of
Telstra ...)
- TODO: check
+ NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware
CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in
/hoteldruid/visualizza_c ...)
- hoteldruid <unfixed>
CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in
/hoteldruid/clienti.php ...)
@@ -276,7 +276,7 @@ CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817
Rel.80868n has a comman
CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a
command inje ...)
NOT-FOR-US: TP-Link
CVE-2023-43134 (There is an unauthorized access vulnerability in Netis
360RAC1200 v1.3 ...)
- TODO: check
+ NOT-FOR-US: Netis
CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8
(13.1.8) ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8
(13.1.8) ...)
@@ -294,17 +294,17 @@ CVE-2023-41902 (An XPC misconfiguration vulnerability in
CoreCode MacUpdater bef
CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to
obtain s ...)
TODO: check
CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming
Software ...)
- TODO: check
+ NOT-FOR-US: KostacKostac PLC Programming Software
CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software
Version 1. ...)
- TODO: check
+ NOT-FOR-US: Kostac PLC Programming Software
CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: Skyworth
CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization
of untr ...)
- phppgadmin <unfixed>
NOTE: https://github.com/phppgadmin/phppgadmin/issues/174
NOTE: https://github.com/hestiacp/phppgadmin/pull/4
CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in
OpenKnowledgeM ...)
- TODO: check
+ NOT-FOR-US: OpenKnowledgeMaps Head Start
CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a
privileged ...)
NOT-FOR-US: IBM
CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8
(13.1.8) ...)
@@ -353,7 +353,7 @@ CVE-2023-5063 (The Widget Responsive for Youtube plugin for
WordPress is vulnera
CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete
fix to a ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared
secret, loca ...)
- croc <itp> (bug #1017956)
CVE-2023-43620 (An issue was discovered in Croc through 9.6.5. A sender may
place ANSI ...)
@@ -435,7 +435,7 @@ CVE-2023-38351 (MiniTool Partition Wizard 12.8 contains an
insecure installation
CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks
Guardian an ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: SUSE RKE2
CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link
Following') vulne ...)
TODO: check
CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts
with hard ...)
@@ -539,7 +539,7 @@ CVE-2023-34195 (An issue was discovered in
SystemFirmwareManagementRuntimeDxe in
CVE-2023-33831 (A remote command execution (RCE) vulnerability in the
/api/runscript e ...)
NOT-FOR-US: FUXA
CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SUSE k3s
CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6.
drivers/medi ...)
- linux 5.8.7-1
[buster] - linux 4.19.146-1
@@ -17628,7 +17628,7 @@ CVE-2023-2264
CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series
A is v ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell
Automation sele ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to
authorizatio ...)
NOT-FOR-US: WP Activity Log plugin for WordPress
CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
@@ -17933,21 +17933,21 @@ CVE-2023-31017
CVE-2023-31016
RESERVED
CVE-2023-31015 (NVIDIA DGX H100 BMC contains a vulnerability in the REST
service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31014 (NVIDIA GeForce Now for Android contains a vulnerability in the
game la ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce Now for Android
CVE-2023-31013 (NVIDIA DGX H100 BMC contains a vulnerability in the REST
service, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31012 (NVIDIA DGX H100 BMC contains a vulnerability in the REST
service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31011 (NVIDIA DGX H100 BMC contains a vulnerability in the REST
service where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31010 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31009 (NVIDIA DGX H100 BMC contains a vulnerability in the REST
service, wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31008 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-31007 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-31006
@@ -33948,7 +33948,7 @@ CVE-2023-0831 (The Under Construction plugin for
WordPress is vulnerable to Cros
CVE-2023-0830 (A vulnerability classified as critical has been found in
EasyNAS 1.1.0 ...)
NOT-FOR-US: EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2023-0828
RESERVED
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -34537,7 +34537,7 @@ CVE-2023-0775 (An invalid \u2018prepare write
request\u2019 command can cause th
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical
Certificate G ...)
NOT-FOR-US: SourceCodester Medical Certificate Generator App
CVE-2023-0773 (The vulnerability exists in Uniview IP Camera due to
identification an ...)
- TODO: check
+ NOT-FOR-US: Uniview IP Camera
CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before
2.12.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25676 (TensorFlow is an open source machine learning platform. When
running v ...)
@@ -35045,25 +35045,25 @@ CVE-2023-XXXX [RUSTSEC-2023-0005]
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0005.html
NOTE: https://github.com/tokio-rs/tokio/issues/5372
CVE-2023-25534 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25533 (NVIDIA DGX H100 BMC contains a vulnerability in the web UI,
where an a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25532 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25531 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM
service, where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25529 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM
daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains
a vulne ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25527 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM
daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX H100 BMC
CVE-2023-25526 (NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and
nlmanag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Cumulus Linux
CVE-2023-25525 (NVIDIA Cumulus Linux contains a vulnerability in forwarding
where a Vx ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Cumulus Linux
CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux
contains a ...)
NOT-FOR-US: NVIDIA
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
@@ -39562,7 +39562,7 @@ CVE-2023-23959
CVE-2023-23958
RESERVED
CVE-2023-23957 (An authenticated user can see and modify the value for
\u2018next\u201 ...)
- TODO: check
+ NOT-FOR-US: Symantec Identity Portal
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will
be exec ...)
NOT-FOR-US: Symantec
CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to
7.3.13.1 / 3.1. ...)
@@ -41480,11 +41480,11 @@ CVE-2023-23366
CVE-2023-23365
RESERVED
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23362 (An OS command injection vulnerability has been reported to
affect QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23361
RESERVED
CVE-2023-23360
@@ -47207,21 +47207,21 @@ CVE-2022-47562 (Vulnerability in the RCPbind service
running on UDP port (111),
CVE-2022-47561 (The web application stores credentials in clear text in the
"admin.xml ...)
TODO: check
CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices
allows ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47559 (Lack of device control over web requests in ekorCCP and
ekorRCI, allow ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47558 (Devices ekorCCP and ekorRCI are vulnerable due to access to
the FTP se ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47557 (Vulnerability in ekorCCP and ekorRCI that could allow an
attacker with ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47556 (Uncontrolled resource consumption in ekorRCI, allowing an
attacker wit ...)
- TODO: check
+ NOT-FOR-US: ekorRCI devices
CVE-2022-47555 (Operating system command injection in ekorCCP and ekorRCI,
which could ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47554 (Exposure of sensitive information in ekorCCP and ekorRCI,
potentially ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47553 (Incorrect authorisation in ekorCCP and ekorRCI, which could
allow a re ...)
- TODO: check
+ NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47552
RESERVED
CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for
read perm ...)
@@ -54858,9 +54858,9 @@ CVE-2022-45450 (Sensitive information disclosure and
manipulation due to imprope
CVE-2022-45449
RESERVED
CVE-2022-45448 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and
before, i ...)
- TODO: check
+ NOT-FOR-US: M4 PDF plugin for Prestashop sites
CVE-2022-45447 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and
before, i ...)
- TODO: check
+ NOT-FOR-US: M4 PDF plugin for Prestashop sites
CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable
to CAP ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable
to iFr ...)
@@ -219635,7 +219635,7 @@ CVE-2020-24091
CVE-2020-24090
RESERVED
CVE-2020-24089 (An issue was discovered in ImfHpRegFilter.sys in IOBit Malware
Fighter ...)
- TODO: check
+ NOT-FOR-US: IOBit Malware Fighter
CVE-2020-24088 (An issue was discovered in MmMapIoSpace routine in Foxconn
Live Update ...)
NOT-FOR-US: Foxconn
CVE-2020-24087
@@ -376536,7 +376536,7 @@ CVE-2018-5480
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is
vulnerable ...)
NOT-FOR-US: FoxSash ImgHosting
CVE-2018-5478 (Contao 3.x before 3.5.32 allows XSS via the unsubscribe module
in the ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS
Web Appl ...)
NOT-FOR-US: ABB netCADOPS Web Application
CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta
Electronic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2be57dc34894b76a6ee2fc288e52d775a36a6ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2be57dc34894b76a6ee2fc288e52d775a36a6ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
