Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b65e2310 by Salvatore Bonaccorso at 2023-04-25T22:25:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2023-31207
CVE-2023-2283
RESERVED
CVE-2023-2282 (Improper access control in the Web Login listener in
Devolutions Remot ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related
Websoc ...)
TODO: check
CVE-2023-2280
@@ -1030,9 +1030,9 @@ CVE-2023-30841
CVE-2023-30840
RESERVED
CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-30837
RESERVED
CVE-2023-30836
@@ -1702,7 +1702,7 @@ CVE-2023-30625
CVE-2023-30624
RESERVED
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to
version 2, ...)
- TODO: check
+ NOT-FOR-US: embano1/wip GitHub Action
CVE-2023-30622 (Clusternet is a general-purpose system for controlling
Kubernetes clus ...)
TODO: check
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as
modular and us ...)
@@ -2090,7 +2090,7 @@ CVE-2023-30547 (vm2 is a sandbox that can run untrusted
code with whitelisted No
CVE-2023-30546
RESERVED
CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-30544 (Kiwi TCMS is an open source test management system. In
versions of Kiw ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In
affected ve ...)
@@ -2116,7 +2116,7 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4
driver that supports core
CVE-2023-30534
RESERVED
CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype
Pollution via ...)
- TODO: check
+ NOT-FOR-US: SheetJS
CVE-2023-2011
RESERVED
CVE-2023-2010
@@ -2980,7 +2980,7 @@ CVE-2023-30179
CVE-2023-30178
RESERVED
CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An
attacker ...)
- TODO: check
+ NOT-FOR-US: CraftCMS
CVE-2023-30176
RESERVED
CVE-2023-30175
@@ -3774,9 +3774,9 @@ CVE-2023-29782
CVE-2023-29781
RESERVED
CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service
vulnera ...)
- TODO: check
+ NOT-FOR-US: Third Reality Smart Blind
CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service
(DOS) vulner ...)
- TODO: check
+ NOT-FOR-US: Sengled Dimmer Switch
CVE-2023-29778
RESERVED
CVE-2023-29777
@@ -5978,7 +5978,7 @@ CVE-2023-1733 (A denial of service condition exists in
the Prometheus server bun
CVE-2023-1732
RESERVED
CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file
upload fun ...)
- TODO: check
+ NOT-FOR-US: LTOS
CVE-2023-1730
RESERVED
CVE-2023-1729
@@ -6884,7 +6884,7 @@ CVE-2023-28772 (An issue was discovered in the Linux
kernel before 5.13.3. lib/s
[buster] - linux 4.19.208-1
NOTE:
https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1)
CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series
firmware ve ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-28770
RESERVED
CVE-2023-28769
@@ -9295,19 +9295,19 @@ CVE-2023-28092
CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option
may exp ...)
NOT-FOR-US: HPE
CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read
credentials ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for
c7000 Int ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch
administrative cre ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts
...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential
settings ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may
expose OVGD ...)
NOT-FOR-US: HPE
CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps
may expos ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in
HPE Inte ...)
NOT-FOR-US: HPE
CVE-2023-28082
@@ -10730,7 +10730,7 @@ CVE-2023-27621
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-27618
RESERVED
CVE-2023-27617
@@ -12227,7 +12227,7 @@ CVE-2023-27107
CVE-2023-27106
RESERVED
CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling
M5S Port ...)
- TODO: check
+ NOT-FOR-US: Shanling
CVE-2023-27104
RESERVED
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer
overflow via ...)
@@ -12782,15 +12782,15 @@ CVE-2023-26845 (A Cross-Site Request Forgery (CSRF)
in OpenCATS 0.9.7 allows att
CVE-2023-26844
RESERVED
CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM
4.5.3 a ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-26842
RESERVED
CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM
v4.5.3 ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM
v4.5.3 ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM
v4.5.3 ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-26838
RESERVED
CVE-2023-26837
@@ -14753,11 +14753,11 @@ CVE-2023-26101 (In Progress Flowmon Packet
Investigator before 12.1.0, a Flowmon
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint
failed to s ...)
NOT-FOR-US: Progress Flowmon
CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The
consult ...)
- TODO: check
+ NOT-FOR-US: Telindus
CVE-2023-26098 (An issue was discovered in the Open Document feature in
Telindus Apsal ...)
- TODO: check
+ NOT-FOR-US: Telindus
CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b.
Unauthorize ...)
- TODO: check
+ NOT-FOR-US: Telindus
CVE-2023-26096
RESERVED
CVE-2023-26095
@@ -14838,9 +14838,9 @@ CVE-2023-26060 (An issue was discovered in Nokia NetAct
before 22 FP2211. On the
CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On
the Site ...)
NOT-FOR-US: Nokia
CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211
via an XM ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211
via an XM ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-0920
RESERVED
CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order
parameter, ...)
@@ -15622,7 +15622,7 @@ CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting
(XSS) vulnerability in WP-ma
CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mighty Digi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Geor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25792
RESERVED
CVE-2023-25791
@@ -16014,7 +16014,7 @@ CVE-2023-25712 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPGlobus ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in DIGI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware
Locatorai ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP
VR R ...)
@@ -16897,7 +16897,7 @@ CVE-2023-25492
CVE-2023-25491
RESERVED
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eric ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25489
RESERVED
CVE-2023-25488
@@ -16907,9 +16907,9 @@ CVE-2023-25487
CVE-2023-25486
RESERVED
CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bern ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Oliv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25483
RESERVED
CVE-2023-25482
@@ -16919,7 +16919,7 @@ CVE-2023-25481
CVE-2023-25480
RESERVED
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Podl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25478
RESERVED
CVE-2023-25477
@@ -17197,11 +17197,11 @@ CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is
vulnerable to SQL Injection. When t
CVE-2023-25349
RESERVED
CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM
4.5.3, ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in
ChurchCRM 4.5. ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4
and swi ...)
NOT-FOR-US: swig-templates
CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig
thru 1.4 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
