Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af7d88a6 by Salvatore Bonaccorso at 2023-06-01T08:23:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,35 +47,35 @@ CVE-2023-34255 (An issue was discovered in the Linux kernel
through 6.3.5. There
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab
Connection p ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks
were missin ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the
Subscription ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet
feed page ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during
oAuth config ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the
"password" type ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the
Plugin Vendor ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show
Connection ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit
Status P ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission
checks allowe ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission
checks allow ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2023-34088 (Collabora Online is a collaborative online office suite. A
stored cros ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A
vulnera ...)
TODO: check
CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom
forms and ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL
injecti ...)
TODO: check
CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno
1.34.0 and de ...)
@@ -85,21 +85,21 @@ CVE-2023-33964 (mx-chain-go is an implementation of the
MultiversX blockchain pr
CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in
Dcat-Admin v2.1.3 ...)
TODO: check
CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote
command exe ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in
Microworld Techno ...)
TODO: check
CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in
Microworld ...)
- TODO: check
+ NOT-FOR-US: Microworld Technologies eScan Management Console
CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an
authenticated rem ...)
- TODO: check
+ NOT-FOR-US: EDIMAX
CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via
MP4File::Read ...)
TODO: check
CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL
Injection.)
- TODO: check
+ NOT-FOR-US: KramerAV VIA GO
CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to
unauthenticated file ...)
- TODO: check
+ NOT-FOR-US: KramerAV VIA GO
CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to
Unauthenticated arbi ...)
- TODO: check
+ NOT-FOR-US: KramerAV VIA GO
CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
NOT-FOR-US: TOTOLINK
CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
@@ -107,11 +107,11 @@ CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102
and V9.1.0u.6369_B2023011
CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
NOT-FOR-US: TOTOLINK
CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the
Inline Table ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3,
IdentityIQ 8.2 ...)
TODO: check
CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the
FundRaiserEdi ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing
an att ...)
TODO: check
CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS
HMI Syste ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7d88a6ef318586cae372eaed501edffcb79ed6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7d88a6ef318586cae372eaed501edffcb79ed6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
