Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2836c442 by Moritz Muehlenhoff at 2023-03-14T17:28:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -451,7 +451,7 @@ CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT
eXplorer 9.4.86.0. It
CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as
critic ...)
NOT-FOR-US: XHCMS
CVE-2023-1367 (Code Injection in GitHub repository
alextselegidis/easyappointments pr ...)
- TODO: check
+ NOT-FOR-US: alextselegidis/easyappointments
CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class
Registration Sy ...)
NOT-FOR-US: SourceCodester Yoga Class Registration System
CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza
Ordering Syst ...)
@@ -2192,7 +2192,7 @@ CVE-2023-27589
CVE-2023-27588
RESERVED
CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and
listen to ...)
- TODO: check
+ NOT-FOR-US: ReadtoMyShoe
CVE-2023-27586
RESERVED
CVE-2023-27585
@@ -2200,13 +2200,13 @@ CVE-2023-27585
CVE-2023-27584
RESERVED
CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior
to versi ...)
- TODO: check
+ NOT-FOR-US: PanIndex
CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with
version 0 ...)
- TODO: check
+ NOT-FOR-US: maddy
CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of
GitHub e ...)
- TODO: check
+ NOT-FOR-US: github-slug-action
CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization
for the C ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2023-27579
RESERVED
CVE-2023-27578
@@ -3645,7 +3645,7 @@ CVE-2023-27054
CVE-2023-27053
RESERVED
CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: E-Commerce System
CVE-2023-27051
RESERVED
CVE-2023-27050
@@ -5348,7 +5348,7 @@ CVE-2023-26315
CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MedData Informatics MedDataPACS
CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent
Sandbox CLI f ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-0977
RESERVED
CVE-2023-0976
@@ -5358,7 +5358,7 @@ CVE-2023-0975
CVE-2023-0974
RESERVED
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a
null poi ...)
- TODO: check
+ NOT-FOR-US: STEPTools ifcmesh library
CVE-2023-0972
RESERVED
CVE-2023-0971
@@ -6403,7 +6403,7 @@ CVE-2023-0890
CVE-2023-0889
RESERVED
CVE-2023-0888 (An improper neutralization of directives in dynamically
evaluated code ...)
- TODO: check
+ NOT-FOR-US: Space Battery Pack SP with Wi-Fi
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and
classified a ...)
NOT-FOR-US: phjounin TFTPD64-SE
CVE-2023-0886
@@ -6809,9 +6809,9 @@ CVE-2023-25805 (versionn, software for changing version
information across multi
CVE-2023-25804
RESERVED
CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx,
Apache, and Ke ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx,
Apache, and Ke ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2023-25801
RESERVED
CVE-2023-25800
@@ -8509,7 +8509,7 @@ CVE-2023-25285
CVE-2023-25284
RESERVED
CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02
allows att ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25282
RESERVED
CVE-2023-25281
@@ -8517,7 +8517,7 @@ CVE-2023-25281
CVE-2023-25280
RESERVED
CVE-2023-25279 (OS Command injection vulnerability in D-Link
DIR820LA1_FW105B03 allows ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25278
RESERVED
CVE-2023-25277
@@ -8664,7 +8664,7 @@ CVE-2023-25209
CVE-2023-25208
RESERVED
CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection
via dpdf ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-25206
RESERVED
CVE-2023-25205
@@ -8832,7 +8832,7 @@ CVE-2023-25172
CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not
impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25170 (PrestaShop is an open source e-commerce web application that,
prior to ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes
an autom ...)
NOT-FOR-US: Discourse plugin
CVE-2023-25168 (Wings is Pterodactyl's server control plane. This
vulnerability can be ...)
@@ -9909,7 +9909,7 @@ CVE-2023-24764
CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an
authenticated ...)
NOT-FOR-US: PrestaShop module
CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867
DIR_867_FW1.30B07 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-24761
RESERVED
CVE-2023-24760
@@ -10457,11 +10457,11 @@ CVE-2023-24580 (An issue was discovered in the
Multipart Request Parser in Djang
NOTE:
https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE:
https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
(3.2.18)
CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to
trick a v ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to
elevate u ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to
elevate u ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2023-24543
RESERVED
CVE-2023-23908
@@ -11150,7 +11150,7 @@ CVE-2023-24370
CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3
allows atta ...)
NOT-FOR-US: UJCMS
CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Temenos
CVE-2023-24367
RESERVED
CVE-2023-24366
@@ -11338,7 +11338,7 @@ CVE-2023-24281
CVE-2023-24280
RESERVED
CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking
Foundati ...)
- TODO: check
+ NOT-FOR-US: Open Networking Foundation ONOS
CVE-2023-24278
RESERVED
CVE-2023-24277
@@ -11906,7 +11906,7 @@ CVE-2023-24035
CVE-2023-24034
RESERVED
CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980,
Exynos 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-24032
RESERVED
CVE-2023-24031
@@ -12744,27 +12744,27 @@ CVE-2023-0357
CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack
strong encry ...)
NOT-FOR-US: SOCOMEC MODULYS GP Netvision
CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could
allow an a ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user
authenticat ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored
passwords and u ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed
without authe ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0351 (The Akuvox E11 web server backend library allows command
injection in ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated
with th ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access
to the ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is
enforced by t ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary
identifie ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP
connec ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default
and can ...)
- TODO: check
+ NOT-FOR-US: Akuvox
CVE-2023-0344
RESERVED
CVE-2023-0343
@@ -12856,7 +12856,7 @@ CVE-2023-23713
CVE-2023-23712
RESERVED
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting
A2 Optim ...)
- TODO: check
+ NOT-FOR-US: A2 Hosting
CVE-2023-23710
RESERVED
CVE-2023-23709
@@ -16061,7 +16061,7 @@ CVE-2023-22702
CVE-2023-22701
RESERVED
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in
PixelYourSite Pixel ...)
- TODO: check
+ NOT-FOR-US: PixelYourSite
CVE-2023-22699
RESERVED
CVE-2023-22698
@@ -19233,7 +19233,7 @@ CVE-2022-47597
CVE-2022-47596
RESERVED
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47594
RESERVED
CVE-2022-47593
@@ -20934,7 +20934,7 @@ CVE-2022-47442
CVE-2022-47441
RESERVED
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47439
RESERVED
CVE-2022-47438
@@ -21854,7 +21854,7 @@ CVE-2022-47173
CVE-2022-47172
RESERVED
CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47170
RESERVED
CVE-2022-47169
@@ -21864,7 +21864,7 @@ CVE-2022-47168
CVE-2022-47167
RESERVED
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders
Void Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47165
RESERVED
CVE-2022-47164
@@ -21872,7 +21872,7 @@ CVE-2022-47164
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie
Herdyawan DH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47161
RESERVED
CVE-2022-47160
@@ -21886,7 +21886,7 @@ CVE-2022-47157
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Slider by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47154
RESERVED
CVE-2022-47153
@@ -42871,7 +42871,7 @@ CVE-2022-38104 (Auth. WordPress Options Change
(siteurl, users_can_register, def
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup
Scheduler plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin
<= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role)
Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424
@@ -50097,7 +50097,7 @@ CVE-2022-35242 (Unauthenticated plugin settings change
vulnerability in 59sec TH
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in
XplodedThe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy
plugin 8.5.8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome
OS and L ...)
@@ -50353,27 +50353,27 @@ CVE-2022-37953 (An HTTP response splitting
vulnerability exists in the AM Gatewa
CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in
the iHi ...)
NOT-FOR-US: iHistorian Data Display of WorkstationST
CVE-2022-37951 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37950 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37949 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37948 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37947 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37946 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37945 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37944 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37943 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37942 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37941 (Not used in 2022 ...)
- TODO: check
+ NOT-FOR-US: Unused CVE ID
CVE-2022-37940
RESERVED
CVE-2022-37939 (A potential security vulnerability has been identified in HPE
Superdom ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
