Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8dfba272 by Moritz Muehlenhoff at 2023-10-11T10:39:17+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2023-5511 (Cross-Site Request Forgery (CSRF) in GitHub repository
snipe/snipe-it ...)
- TODO: check
+ - snipe-it <itp> (bug #1005172)
CVE-2023-4990 (Directory traversal vulnerability in MCL-Net versions prior to
4.6 Upd ...)
- TODO: check
+ NOT-FOR-US: MCL-Net
CVE-2023-45312 (In the mtproto_proxy (aka MTProto proxy) component through
0.7.2 for E ...)
- TODO: check
+ NOT-FOR-US: mtproto_proxy component for Erlang
CVE-2023-45194 (Use of default credentials vulnerability in MR-GM2 firmware
Ver. 3.00. ...)
- TODO: check
+ NOT-FOR-US: MR-GM2 firmware
CVE-2023-44997 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin
Rathod WP For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to
2.1.1.0 a ...)
- TODO: check
+ NOT-FOR-US: e-Gov Client Application
CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform
allows remo ...)
TODO: check
CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment
Scheduler 3.0. ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the
"theme" par ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2023-39325
- golang-1.21 1.21.3-1
- golang-1.20 1.20.10-1
@@ -21008,7 +21008,7 @@ CVE-2023-31098 (Weak Password Requirements
vulnerability in Apache Software Foun
CVE-2023-31097
RESERVED
CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem
Kernel ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2023-31095
RESERVED
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Lauri Ka ...)
@@ -21514,7 +21514,7 @@ CVE-2023-30912
CVE-2023-30911
RESERVED
CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely
exploit ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView
APIs.)
NOT-FOR-US: HPE
CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
@@ -21534,7 +21534,7 @@ CVE-2023-30902 (A privilege escalation vulnerability in
the Trend Micro Apex One
CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
NOT-FOR-US: Siemens
CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout
Browser (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020
R2 (All ...)
NOT-FOR-US: Siemens
CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020
R2 (All ...)
@@ -21810,15 +21810,15 @@ CVE-2023-30808
CVE-2023-30807
RESERVED
CVE-2023-30806 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17
is vulner ...)
- TODO: check
+ NOT-FOR-US: Sangfor Next-Gen Application Firewall
CVE-2023-30805 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17
is vulner ...)
- TODO: check
+ NOT-FOR-US: Sangfor Next-Gen Application Firewall
CVE-2023-30804 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17
is vulner ...)
- TODO: check
+ NOT-FOR-US: Sangfor Next-Gen Application Firewall
CVE-2023-30803 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17
is vulner ...)
- TODO: check
+ NOT-FOR-US: Sangfor Next-Gen Application Firewall
CVE-2023-30802 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17
is vulner ...)
- TODO: check
+ NOT-FOR-US: Sangfor Next-Gen Application Firewall
CVE-2023-30801 (All versions of the qBittorrent client through 4.5.5 use
default crede ...)
TODO: check
CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected
by a he ...)
@@ -26188,7 +26188,7 @@ CVE-2023-29350 (Microsoft Edge (Chromium-based)
Elevation of Privilege Vulnerabi
CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29348 (Windows Remote Desktop Gateway (RD Gateway) Information
Disclosure Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
@@ -35549,11 +35549,11 @@ CVE-2023-26322
CVE-2023-26321
RESERVED
CVE-2023-26320 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2023-26319 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2023-26318 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that
could allow ...)
NOT-FOR-US: Xiaomi
CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service
Application pro ...)
@@ -35868,7 +35868,7 @@ CVE-2023-26222
CVE-2023-26221
RESERVED
CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s
Spotfire Analy ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26219
RESERVED
CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus
contain ...)
@@ -37054,7 +37054,7 @@ CVE-2023-25824 (Mod_gnutls is a TLS module for Apache
HTTPD based on GnuTLS. Ver
CVE-2023-25823 (Gradio is an open-source Python library to build machine
learning and ...)
NOT-FOR-US: Gradio
CVE-2023-25822 (ReportPortal is an AI-powered test automation platform. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: reportportal
CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions
24.0.4 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
@@ -38045,13 +38045,13 @@ CVE-2023-25609 (A server-side request forgery (SSRF)
vulnerability[CWE-918] inFo
CVE-2023-25608 (An incomplete filtering of one or more instances of special
elements v ...)
NOT-FOR-US: FortiGuard
CVE-2023-25607 (An improper neutralization of special elements used in an OS
Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory
('Path ...)
NOT-FOR-US: Fortinet
CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR
7.3.0 - ...)
NOT-FOR-US: Fortinet
CVE-2023-25604 (An insertion of sensitive information into log file
vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25603
RESERVED
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all
versions, F ...)
@@ -48162,9 +48162,9 @@ CVE-2022-48185
CVE-2022-48184
RESERVED
CVE-2022-48183 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13
Gen3 that ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-48182 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13
Gen3 that ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-48181 (An ErrorMessage driver stack-based buffer overflow
vulnerability in BI ...)
NOT-FOR-US: Lenovo
CVE-2022-48180
@@ -60348,9 +60348,9 @@ CVE-2022-44760
CVE-2022-44759
RESERVED
CVE-2022-44758 (BigFix Insights/IVR fixlet uses improper credential handling
within ce ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-44757 (BigFix Insights for Vulnerability Remediation (IVR) uses weak
cryptogr ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable
toimproper ...)
NOT-FOR-US: HCL
CVE-2022-44755 (HCL Notes is susceptible to a stack based buffer overflow
vulnerabilit ...)
@@ -64014,7 +64014,7 @@ CVE-2022-3730 (A vulnerability, which was classified as
critical, was found in s
CVE-2022-3729 (A vulnerability, which was classified as critical, has been
found in s ...)
NOT-FOR-US: seccome Ehoney
CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13
Gen3 that ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-20601
RESERVED
CVE-2023-20600
@@ -69521,7 +69521,7 @@ CVE-2022-3433 (The aeson library is not safe to use to
consume untrusted JSON in
CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing
proces ...)
NOT-FOR-US: Lenovo
CVE-2022-3431 (A potential vulnerability in a driver used during manufacturing
proces ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some
consumer Len ...)
NOT-FOR-US: Lenovo
CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
@@ -69683,7 +69683,7 @@ CVE-2022-42453 (There are insufficient warnings when a
Fixlet is imported by a u
CVE-2022-42452 (HCL Launch is vulnerable to HTML injection. HTML code is
stored and in ...)
NOT-FOR-US: HCL
CVE-2022-42451 (Certain credentials within the BigFix Patch Management
Download Plug-i ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42450
RESERVED
CVE-2022-42449
@@ -86594,7 +86594,7 @@ CVE-2022-36230
CVE-2022-36229
RESERVED
CVE-2022-36228 (Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to
Insecure Perm ...)
- TODO: check
+ NOT-FOR-US: Nokelock Smart padlock
CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an
error a ...)
{DLA-3294-1}
- libarchive 3.6.2-1 (bug #1024669)
@@ -87308,7 +87308,7 @@ CVE-2022-35951 (Redis is an in-memory database that
persists on disk. Versions 7
[buster] - redis <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a
(7.0.5)
CVE-2022-35950 (OroCommerce is an open-source Business to Business Commerce
applicatio ...)
- TODO: check
+ NOT-FOR-US: OroCommerce
CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for
Node.js.`undici ...)
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
@@ -102657,7 +102657,7 @@ CVE-2022-30529 (File upload vulnerability in
asith-eranga ISIC tour booking thro
CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking
through ...)
NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-30527 (A vulnerability has been identified in SINEC NMS (All versions
< V2.0) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-1662 (In convert2rhel, there's an ansible playbook named
ansible/run-convert ...)
NOT-FOR-US: Red Hat convert2rhel
CVE-2022-1661 (The affected products are vulnerable to directory traversal,
which may ...)
@@ -128760,7 +128760,7 @@ CVE-2022-22300 (A improper handling of insufficient
permissions or privileges in
CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line
interprete ...)
NOT-FOR-US: FortiNet
CVE-2022-22298 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-22297 (An incomplete filtering of one or more instances of special
elements v ...)
NOT-FOR-US: FortiGuard
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
@@ -214353,19 +214353,19 @@ CVE-2020-27637 (The R programming language\u2019s
default package manager CRAN i
[stretch] - r-base <no-dsa> (Minor issue)
NOTE: https://labs.bishopfox.com/advisories/cran-version-4.0.2
CVE-2020-27636 (In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.)
- TODO: check
+ NOT-FOR-US: Microchip MPLAB Net
CVE-2020-27635 (In PicoTCP 1.7.0, TCP ISNs are improperly random.)
- TODO: check
+ NOT-FOR-US: PicoTCP
CVE-2020-27634 (In Contiki 4.5, TCP ISNs are improperly random.)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2020-27633 (In FNET 4.6.3, TCP ISNs are improperly random.)
- TODO: check
+ NOT-FOR-US: FNET
CVE-2020-27632 (In SIMATIC MV400 family versions prior to v7.0.6, the ISN
generator is ...)
NOT-FOR-US: Siemens SIMATIC MV400
CVE-2020-27631 (In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.)
- TODO: check
+ NOT-FOR-US: Oryx CycloneTCP
CVE-2020-27630 (In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly
random.)
- TODO: check
+ NOT-FOR-US: Silicon Labs uC/TCP-IP
CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency
parameters co ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had
access to au ...)
@@ -215306,7 +215306,7 @@ CVE-2020-27215
CVE-2020-27214
RESERVED
CVE-2020-27213 (An issue was discovered in Ethernut Nut/OS 5.1. The code that
generate ...)
- TODO: check
+ NOT-FOR-US: Ethernut Nut/OS
CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have
incorrect a ...)
NOT-FOR-US: STMicroelectronics STM32L4 devices
CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have
improper ...)
@@ -235378,7 +235378,7 @@ CVE-2020-18338
CVE-2020-18337
RESERVED
CVE-2020-18336 (Cross Site Scripting (XSS) vulnerability found in Typora
v.0.9.65 allo ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2020-18335
RESERVED
CVE-2020-18334
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfba2722fed418d64850fa58ce368d60ac94b17
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfba2722fed418d64850fa58ce368d60ac94b17
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
