Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 34a2bd3b by Salvatore Bonaccorso at 2023-03-28T22:29:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -152,7 +152,7 @@ CVE-2023-1650 CVE-2023-1649 RESERVED CVE-2023-1648 (An issue has been discovered in GitLab DAST API scanner affecting all ...) - TODO: check + NOT-FOR-US: GitLab DAST API scanner CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) NOT-FOR-US: JetBrains Hub CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...) @@ -180,7 +180,7 @@ CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Moto CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in ...) NOT-FOR-US: MISP CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2023-28882 RESERVED CVE-2023-28881 @@ -230,7 +230,7 @@ CVE-2023-28861 CVE-2023-28860 RESERVED CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...) - TODO: check + NOT-FOR-US: calcom cal.com CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) @@ -938,11 +938,11 @@ CVE-2023-1525 CVE-2023-1524 RESERVED CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...) - TODO: check + NOT-FOR-US: SAUTER CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...) - TODO: check + NOT-FOR-US: SAUTER CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...) - TODO: check + NOT-FOR-US: SAUTER CVE-2023-28647 RESERVED CVE-2023-28646 @@ -978,9 +978,9 @@ CVE-2023-28632 CVE-2023-28631 RESERVED CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...) - TODO: check + NOT-FOR-US: GoCD CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...) - TODO: check + NOT-FOR-US: GoCD CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...) TODO: check CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...) @@ -1006,9 +1006,9 @@ CVE-2023-28618 CVE-2023-28391 RESERVED CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...) - TODO: check + NOT-FOR-US: SAUTER CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...) - TODO: check + NOT-FOR-US: SAUTER CVE-2023-1523 RESERVED CVE-2023-1522 @@ -3807,7 +3807,7 @@ CVE-2023-27823 CVE-2023-27822 RESERVED CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...) - TODO: check + NOT-FOR-US: Databasir CVE-2023-27820 RESERVED CVE-2023-27819 @@ -4067,7 +4067,7 @@ CVE-2023-27703 CVE-2023-27702 RESERVED CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) - TODO: check + NOT-FOR-US: MuYuCMS CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) NOT-FOR-US: MuYuCMS CVE-2023-27699 @@ -5434,9 +5434,9 @@ CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow CVE-2023-27248 RESERVED CVE-2023-27247 (An issue in Cynet Client Agent v4.6.0.8010 allows attackers with Admin ...) - TODO: check + NOT-FOR-US: Cynet Client Agent CVE-2023-27246 (An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth ...) - TODO: check + NOT-FOR-US: Virtual Disk of MK-Auth CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project ...) NOT-FOR-US: File Management Project CVE-2023-27244 @@ -5755,7 +5755,7 @@ CVE-2023-27098 CVE-2023-27097 RESERVED CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) - TODO: check + NOT-FOR-US: Hippo4j CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) NOT-FOR-US: Hippo4j CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...) @@ -5931,7 +5931,7 @@ CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permi CVE-2023-27009 RESERVED CVE-2023-27008 (A Cross-site scripting (XSS) vulnerability in the function encrypt_pas ...) - TODO: check + NOT-FOR-US: ATutor CVE-2023-27007 RESERVED CVE-2023-27006 @@ -6343,7 +6343,7 @@ CVE-2023-26804 CVE-2023-26803 RESERVED CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...) - TODO: check + NOT-FOR-US: DCN (Digital China Networks) DCBI-Netlog-LAB CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...) NOT-FOR-US: LB-LINK CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...) @@ -8252,7 +8252,7 @@ CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband M CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...) - TODO: check + NOT-FOR-US: MCUBO ICT CVE-2023-26070 RESERVED CVE-2023-26069 @@ -8800,9 +8800,9 @@ CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.3 CVE-2021-46874 RESERVED CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...) - TODO: check + NOT-FOR-US: HGiga OAKlouds CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25907 RESERVED CVE-2023-25906 @@ -8862,37 +8862,37 @@ CVE-2023-25880 CVE-2023-25879 RESERVED CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) @@ -8970,7 +8970,7 @@ CVE-2023-25830 CVE-2023-25829 RESERVED CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...) - TODO: check + NOT-FOR-US: Pluck CMS CVE-2023-25827 RESERVED CVE-2023-25826 @@ -9444,7 +9444,7 @@ CVE-2023-25706 CVE-2023-25705 RESERVED CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25703 RESERVED CVE-2023-25702 @@ -10780,13 +10780,13 @@ CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversa CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) NOT-FOR-US: Docmosis Tornado CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...) - TODO: check + NOT-FOR-US: Stimulsoft Designer CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...) - TODO: check + NOT-FOR-US: Stimulsoft Designer CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...) - TODO: check + NOT-FOR-US: Stimulsoft CVE-2023-25260 (Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusi ...) - TODO: check + NOT-FOR-US: Stimulsoft Designer CVE-2023-25259 RESERVED CVE-2023-25258 @@ -12532,7 +12532,7 @@ CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploi CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...) - TODO: check + NOT-FOR-US: Huawei CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...) NOT-FOR-US: Huawei CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...) @@ -13398,7 +13398,7 @@ CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 2 CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...) NOT-FOR-US: Tenemos CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...) - TODO: check + NOT-FOR-US: rConfig CVE-2023-24365 RESERVED CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...) @@ -13956,7 +13956,7 @@ CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrad CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...) NOT-FOR-US: TrendNet CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows ...) - TODO: check + NOT-FOR-US: MikroTik RouterOS CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...) NOT-FOR-US: H3C A210-G A210-GV100R005 CVE-2023-24092 @@ -15476,7 +15476,7 @@ CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate p CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...) NOT-FOR-US: saemorris TheRadSystem CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...) - TODO: check + NOT-FOR-US: GitLab DAST API scanner CVE-2023-0325 RESERVED CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...) @@ -16372,7 +16372,7 @@ CVE-2023-23332 CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...) NOT-FOR-US: Amano Xoffice CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...) - TODO: check + NOT-FOR-US: amano Xparc parking solutions CVE-2023-23329 RESERVED CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...) @@ -18298,7 +18298,7 @@ CVE-2023-22709 CVE-2023-22708 RESERVED CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-22706 RESERVED CVE-2023-22705 @@ -21594,15 +21594,15 @@ CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-22248 RESERVED CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-22245 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a2bd3bb15f241137500beacc1de83f22adf979 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34a2bd3bb15f241137500beacc1de83f22adf979 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits