Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abd7bbe3 by Salvatore Bonaccorso at 2023-10-27T21:31:10+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -523,7 +523,7 @@ CVE-2023-34447 (iTop is an open source, web-based IT
service management platform
CVE-2023-34446 (iTop is an open source, web-based IT service management
platform. Prio ...)
NOT-FOR-US: iTop
CVE-2023-32359 (This issue was addressed with improved redaction of sensitive
informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time
compari ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape
the Trac ...)
@@ -803,7 +803,7 @@ CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2,
and 9.1, CICS TX Stan
CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mitc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to
cause a ...)
- TODO: check
+ NOT-FOR-US: Node Email Check module
CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA
device to ...)
NOT-FOR-US: PingFederate
CVE-2023-5732 (An attacker could have created a malicious link using
bidirectional ch ...)
@@ -24290,11 +24290,11 @@ CVE-2023-30971
CVE-2023-30970
RESERVED
CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an
API wide ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30968
RESERVED
CVE-2023-30967 (Gotham Orbital-Simulator service prior to 0.692.0 was found to
be vuln ...)
- TODO: check
+ NOT-FOR-US: Gotham Orbital-Simulator service
CVE-2023-30966
RESERVED
CVE-2023-30965
@@ -26086,7 +26086,7 @@ CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Im
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Themefic ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30492 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CodeBard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30490
@@ -33471,7 +33471,7 @@ CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through
1.4.1, in a non-default con
NOTE: Opt-In to allow privilege escalation (and disable by default):
NOTE:
https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c
CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component
in IDAtt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.140 ...)
- vim 2:9.0.1658-1 (unimportant)
NOTE: https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
@@ -35857,11 +35857,11 @@ CVE-2021-4327 (A vulnerability was found in
SerenityOS. It has been rated as cri
CVE-2023-27381
RESERVED
CVE-2023-27377 (Missing authentication in the
StudentPopupDetails_EmergencyContactDeta ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27376 (Missing authentication in the
StudentPopupDetails_StudentDetails ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27375 (Missing authentication in the
StudentPopupDetails_ContactDetails ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27374
RESERVED
CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
@@ -36302,23 +36302,23 @@ CVE-2023-XXXX [RUSTSEC-2023-0015]
NOTE:
https://github.com/tomprogrammer/rust-ascii/commit/dc7e07397ce362487162cb86f92c0bec4645d867
(v0.9.3)
NOTE: https://github.com/tomprogrammer/rust-ascii/issues/64
CVE-2023-27262 (Unauthenticated SQL injection in the GetAssignmentsDue
method i ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27261 (Missing authentication in the DeleteAssignments method
in IDAt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27260 (Unauthenticated SQL injection in the GetAssignmentsDue
method i ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27259 (Missing authentication in the GetAssignmentsDue method in
IDAtten ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27258 (Missing authentication in the GetStudentGroupStudents
method in ID ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27257 (Missing authentication in the GetActiveToiletPasses method
in IDAtt ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27256 (Missing authentication in the GetLogFiles method in
IDAttend\u2019s ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27255 (Unauthenticated SQL injection in the DeleteRoomChanges
method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27254 (Unauthenticated SQL injection in the GetRoomChanges
method in IDA ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-27253 (A command injection vulnerability in the function
restore_rrddata() of ...)
NOT-FOR-US: pfSense
CVE-2023-27252
@@ -36488,7 +36488,7 @@ CVE-2023-27172
CVE-2023-27171
RESERVED
CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform
a direc ...)
- TODO: check
+ NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in
license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168
@@ -37734,39 +37734,39 @@ CVE-2023-26598
CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network
devices ...)
NOT-FOR-US: Buffalo network devices
CVE-2023-26584 (Unauthenticated SQL injection in the GetStudentInconsistencies
met ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26583 (Unauthenticated SQL injection in the GetCurrentPeriod
method in IDA ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26582 (Unauthenticated SQL injection in the GetExcursionDetails
method in I ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26581 (Unauthenticated SQL injection in the GetVisitors method in
IDAttend\u ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26580 (Unauthenticated arbitrary file read in the IDAttend\u2019s
IDWeb appli ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26579 (Missing authentication in the DeleteStaff method in
IDAttend\u2019s ID ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26578 (Arbitrary file upload to web root in the IDAttend\u2019s IDWeb
applica ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26577 (Stored cross-site scripting in the IDAttend\u2019s IDWeb
application 3 ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26576 (Missing authentication in the SearchStudentsRFID method in
IDAttend\ ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26575 (Missing authentication in the SearchStudentsStaff method in
IDAttend\ ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26574 (Missing authentication in the SearchStudents method in
IDAttend\u2019s ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26573 (Missing authentication in the SetDB method in IDAttend\u2019s
IDWeb ap ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26572 (Unauthenticated SQL injection in the GetExcursionList method
in IDAtte ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26571 (Missing authentication in the SetStudentNotes method in
IDAttend\u201 ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26570 (Missing authentication in the StudentPopupDetails_Timetable
method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26569 (Unauthenticated SQL injection in the
StudentPopupDetails_Timetable met ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents
method in ...)
- TODO: check
+ NOT-FOR-US: IDAttend's IDWeb application
CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO
file) plac ...)
NOT-FOR-US: Sangoma
CVE-2023-26566
@@ -39505,7 +39505,7 @@ CVE-2023-0899 (The Steveas WP Live Chat Shoutbox
WordPress plugin through 1.4.2
CVE-2023-0898
RESERVED
CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack
vulnerability due ...)
- TODO: check
+ NOT-FOR-US: Sielco PolyEco1000
CVE-2023-26030
RESERVED
CVE-2023-26029
@@ -240187,7 +240187,7 @@ CVE-2020-17479 (jpv (aka Json Pattern Validator)
before 2.2.2 does not properly
CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly
conside ...)
- libcrypt-perl-perl <itp> (bug #907353)
CVE-2020-17477 (Incorrect LDAP ACLs in ucs-school-ldap-acls-master in
UCS@school befor ...)
- TODO: check
+ NOT-FOR-US: ucs-school-ldap-acls-master in UCS@school
CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user
name.)
NOT-FOR-US: Mibew Messenger
CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII
Koala 2.9. ...)
@@ -348630,9 +348630,9 @@ CVE-2018-17881 (On D-Link DIR-823G 2018-09-19
devices, the GoAhead configuration
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration allow ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17879 (An issue was discovered on certain ABUS TVIP cameras. The CGI
scripts ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17878 (Buffer Overflow vulnerability in certain ABUS TVIP cameras
allows atta ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an
Ethereum ga ...)
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0
version o ...)
@@ -349339,9 +349339,9 @@ CVE-2018-17561
CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1
prior to 1. ...)
NOT-FOR-US: Grouptime Teamwire Client
CVE-2018-17559 (Due to incorrect access control, unauthenticated remote
attackers can ...)
- TODO: check
+ NOT-FOR-US: ABUS TVIP cameras
CVE-2018-17558 (Hardcoded manufacturer credentials and an OS command injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2018-17557
REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New
Media Sou ...)
@@ -351633,7 +351633,7 @@ CVE-2018-16741 (An issue was discovered in mgetty
before 1.2.1. In fax/faxq-help
CVE-2018-16740
RESERVED
CVE-2018-16739 (An issue was discovered on certain ABUS TVIP devices. Due to a
path tr ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication
protocol, altho ...)
{DSA-4312-1}
- tinc 1.0.35-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd7bbe339bc07403c1cfc785c7442731945f4af
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abd7bbe339bc07403c1cfc785c7442731945f4af
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
