Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed9146bc by Salvatore Bonaccorso at 2023-06-13T20:32:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,27 +11,27 @@ CVE-2023-33985 (SAP NetWeaver Enterprise Portal - version
7.50, does not suffici
CVE-2023-33984 (SAP NetWeaver (Design Time Repository) - version 7.50, returns
an unfa ...)
NOT-FOR-US: SAP
CVE-2023-32674 (Certain versions of HP PC Hardware Diagnostics Windows are
potentially ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-32673 (Certain versions of HP PC Hardware Diagnostics Windows, HP
Image Assis ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-32221 (EaseUS Todo Backup version 20220111.390 - An omission during
installat ...)
- TODO: check
+ NOT-FOR-US: EaseUS Todo Backup
CVE-2023-32220 (Milesight NCR/camera version 71.8.0.6-r5 allows authentication
bypass ...)
- TODO: check
+ NOT-FOR-US: Milesight NCR/camera
CVE-2023-32219 (A Mazda model (2015-2016) can be unlocked via an unspecified
method.)
- TODO: check
+ NOT-FOR-US: Mazda
CVE-2023-32115 (An attacker can exploit MDS COMPARE TOOL and use specially
crafted inp ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-32114 (SAP NetWeaver (Change and Transport System) - versions 702,
731, 740, ...)
NOT-FOR-US: SAP
CVE-2023-2876 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB
REX640 P ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-2827 (SAP Plant Connectivity - version 15.5 (PCo) or the Production
Connecto ...)
NOT-FOR-US: SAP
CVE-2023-2729 (Use of insufficiently random values vulnerability in User
Management F ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-2673 (Improper Input Validation vulnerability in PHOENIX CONTACT
FL/TC MGUAR ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT
CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress Contact Forms by Cimatti plugin for WordPress
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to
unauthorize ...)
@@ -57,7 +57,7 @@ CVE-2023-35042 (GeoServer 2, in some configurations, allows
remote attackers to
CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a
stack overf ...)
NOT-FOR-US: Asus
CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the
urlFilterList ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a
stack overf ...)
NOT-FOR-US: Asus
CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun
Electronic Equipm ...)
@@ -3833,7 +3833,7 @@ CVE-2023-31238
CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in unFo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31235
RESERVED
CVE-2023-31234
@@ -5465,7 +5465,7 @@ CVE-2023-30755
CVE-2023-30754
RESERVED
CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Phan Chu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30752
RESERVED
CVE-2023-30751
@@ -5481,7 +5481,7 @@ CVE-2023-30747
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Booq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Phan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW
7.50, C ...)
NOT-FOR-US: SAP
CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions
SAP_UI 75 ...)
@@ -7032,7 +7032,7 @@ CVE-2023-30200
CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect
Access ...)
NOT-FOR-US: Prestashop
CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect
Access Co ...)
- TODO: check
+ NOT-FOR-US: Prestashop winbizpayment
CVE-2023-30197 (Incorrect Access Control in the module "My inventory"
(myinventory) <= ...)
NOT-FOR-US: Prestashop
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect
Access Co ...)
@@ -9050,11 +9050,11 @@ CVE-2023-1901
CVE-2023-1900 (A vulnerability within the Avira network protection feature
allowed an ...)
NOT-FOR-US: Norton
CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure
connection by ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1898 (Atlas Copco Power Focus 6000 web server uses a small amount of
session ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1897 (Atlas Copco Power Focus 6000 web server does not sanitize the
login in ...)
- TODO: check
+ NOT-FOR-US: Atlas Copco Power Focus 6000 web server
CVE-2023-1896
RESERVED
CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
@@ -9095,7 +9095,7 @@ CVE-2023-29387
CVE-2023-29386
RESERVED
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-29384
RESERVED
CVE-2023-1893
@@ -10615,7 +10615,7 @@ CVE-2020-36692 (A reflected XSS via POST vulnerability
in report scheduler of So
CVE-2023-28934
RESERVED
CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in StPe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPMo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28931
@@ -12310,7 +12310,7 @@ CVE-2023-28480
CVE-2023-28479
RESERVED
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498
have a Bu ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to stored ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable
to Stored ...)
@@ -14910,7 +14910,7 @@ CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to
contain a stack overflow
CVE-2023-27717
RESERVED
CVE-2023-27716 (An issue was discovered in freakchicken kafkaUI-lite 1.2.11
allows att ...)
- TODO: check
+ NOT-FOR-US: freakchicken kafkaUI-lite
CVE-2023-27715
RESERVED
CVE-2023-27714
@@ -18650,15 +18650,15 @@ CVE-2023-26300
CVE-2023-26299
RESERVED
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26296 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26295 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress
prior to 1 ...)
NOT-FOR-US: flatpressblog
CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS
Management S ...)
@@ -19760,9 +19760,9 @@ CVE-2023-25914
CVE-2023-25913
RESERVED
CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100
allows an una ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command
injection t ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910
RESERVED
CVE-2023-0872
@@ -25975,15 +25975,15 @@ CVE-2023-23824 (Auth. SQL Injection (SQLi)
vulnerability inWP-TopBar<= 5.36 vers
CVE-2023-23823
RESERVED
CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Ludw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rola ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23818 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Avip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability
in WebA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Twardes Sit ...)
@@ -29064,7 +29064,7 @@ CVE-2023-0144 (The Event Manager and Tickets Selling
Plugin for WooCommerce Word
CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup
Management Fu ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior
to 109. ...)
{DSA-5317-1}
- chromium 109.0.5414.74-1
@@ -30305,15 +30305,15 @@ CVE-2023-0042 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over
another use ...)
NOT-FOR-US: IBM
CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File
Inclusion i ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22585 (The Danfoss AK-EM100 web applications allow for Reflected
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22584 (The Danfoss AK-EM100 stores login credentials in cleartext.)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22583 (The Danfoss AK-EM100 web forms allow for SQL injection in the
login fo ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22582 (The Danfoss AK-EM100 web applications allow for Reflected
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Danfoss AK-EM100
CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it
possible f ...)
NOT-FOR-US: White Rabbit Switch
CVE-2023-22580 (Due to improper input filtering in the sequalize js library,
can malic ...)
@@ -30894,7 +30894,7 @@ CVE-2022-48190
CVE-2022-48189
RESERVED
CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS
driver of so ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-48187
REJECTED
CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying
Android a ...)
@@ -35732,7 +35732,7 @@ CVE-2022-47142 (Cross-Site Request Forgery (CSRF)
vulnerability in Plugincraft M
CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP
Dynamic K ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47140 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Repute I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir
Calusic WP Ba ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German
Krutov LOGIN ...)
@@ -39395,7 +39395,7 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers
to execute commands via
[buster] - xemacs21 <no-dsa> (Minor issue)
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies
microeisbss th ...)
- TODO: check
+ NOT-FOR-US: Comcast Defined Technologies microeisbss
CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series
(BACnet) (All ...)
NOT-FOR-US: Siemens
CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector
(All ver ...)
@@ -39702,7 +39702,7 @@ CVE-2022-45829 (Auth. Path Traversal vulnerability
inEasy WP SMTP plugin <= 1.5.
CVE-2022-45828
RESERVED
CVE-2022-45827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gall ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45826
RESERVED
CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
iThemes ...)
@@ -48203,9 +48203,9 @@ CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet
printers may be vulnerab
CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
NOT-FOR-US: HP
CVE-2022-43778 (Potential Time-of-Check to Time-of Use (TOCTOU)
vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-43777 (Potential Time-of-Check to Time-of Use (TOCTOU)
vulnerabilities have b ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-43776 (The url parameter of the /api/geojson endpoint in Metabase
versions <4 ...)
NOT-FOR-US: Metabase
CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9
contains a SQL ...)
@@ -68602,7 +68602,7 @@ CVE-2022-36333
CVE-2022-36332
RESERVED
CVE-2022-36331 (Western Digital My Cloud, My Cloud Home, My Cloud Home Duo,
and SanDis ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware
version val ...)
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an
attacker to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9146bcb1d5abebd3e89b0f06d4377d1be83f4f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed9146bcb1d5abebd3e89b0f06d4377d1be83f4f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
