Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5dbb59b2 by Salvatore Bonaccorso at 2023-10-18T12:20:10+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2023-4938 (The BEAR for WordPress is vulnerable to
Missing Authorization in
CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator.
A `__p ...)
TODO: check
CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built
for develo ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPJo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2
version ...)
TODO: check
CVE-2023-42506 (Improper restriction of operations within the bounds of a
memory buffe ...)
@@ -25,45 +25,45 @@ CVE-2023-42506 (Improper restriction of operations within
the bounds of a memory
CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql
is used, ...)
TODO: check
CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the
'dynHandleBuyT ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote
code execu ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote
code execu ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-41629 (A lack of input sanitizing in the file download feature of
eSST Monito ...)
- TODO: check
+ NOT-FOR-US: eSST Monitoring
CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is
vulnerable to C ...)
NOT-FOR-US: Widgets for Google Reviews plugin for WordPress
CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the
NormalizationFilter does ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either
strings o ...)
TODO: check
CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was
patched insu ...)
TODO: check
CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to
Stack-Base ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SonicOS
CVE-2023-38552 (When the Node.js policy feature checks the integrity of a
resource aga ...)
TODO: check
CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas
discove ...)
TODO: check
CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution
of Unauth ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-35083 (Allows an authenticated attacker with network access to read
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown
element ...)
NOT-FOR-US: Mattermost Mobile
CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during
initial ...)
@@ -91,45 +91,45 @@ CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to
contain a Cross-Site Reques
CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 pre ...)
TODO: check
CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Fotomoto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ByConsol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Castos S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wp3sixty ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Arrow Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in real ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local
attacker to ...)
- TODO: check
+ NOT-FOR-US: Expense Management System
CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the P ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal plugin
CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree
menu Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the frag ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote
privileged ...)
- TODO: check
+ NOT-FOR-US: YeaLinkSIP-T19P-E2
CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected
versions of no ...)
- TODO: check
+ NOT-FOR-US: nocodb
CVE-2023-43777 (Eaton easySoft software is used to program easy controllers
and displa ...)
- TODO: check
+ NOT-FOR-US: Eaton easySoft software
CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection
functionality to ...)
- TODO: check
+ NOT-FOR-US: Eaton easyE4 PLC
CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage
vocabula ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki
widget in ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the Comm ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-39902 (A software vulnerability has been identified in the U-Boot
Secondary P ...)
TODO: check
CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan
Presence, deploy ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-4399 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of
sensitive in ...)
@@ -34678,9 +34678,9 @@ CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024
was discovered to contain
CVE-2023-27134
RESERVED
CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe,
.js, and .h ...)
- TODO: check
+ NOT-FOR-US: TSplus Remote Work
CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the
"var pa ...)
- TODO: check
+ NOT-FOR-US: TSplus Remote Work
CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0
allows a r ...)
NOT-FOR-US: Typecho
CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0
allows a r ...)
@@ -39680,7 +39680,7 @@ CVE-2023-25478 (Cross-Site Request Forgery (CSRF)
vulnerability in Jason Rouet W
CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Yotu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ezoic Am ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir
Prelovac S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi
About M ...)
@@ -42884,7 +42884,7 @@ CVE-2023-24387 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kari ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in Dav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt
Organizati ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
@@ -51980,33 +51980,33 @@ CVE-2023-22132
CVE-2023-22131
RESERVED
CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of
Oracle Syste ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22120
RESERVED
CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22116
RESERVED
CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -52022,15 +52022,15 @@ CVE-2023-22111 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center
Framework produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center
Framework produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -52038,7 +52038,7 @@ CVE-2023-22103 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
TODO: check
CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -52054,55 +52054,55 @@ CVE-2023-22095 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL
(componen ...)
TODO: check
CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle
Java SE ...)
TODO: check
CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common
Application Objec ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service
Managemen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services
product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services
product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border
Controller produ ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK
product of ...)
TODO: check
CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager
component of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of
Oracle Data ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of
Oracle Data ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of
Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database
Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA). Supported
version ...)
@@ -52194,7 +52194,7 @@ CVE-2023-22031 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2023-22030
RESERVED
CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of
Oracle C ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
@@ -52214,7 +52214,7 @@ CVE-2023-22021 (Vulnerability in the Oracle Business
Intelligence Enterprise Edi
CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle
Fusion Middl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dbb59b22ef0cbb4979d7182fe4d14d85f7db03a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5dbb59b22ef0cbb4979d7182fe4d14d85f7db03a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
