Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a0db913d by Salvatore Bonaccorso at 2023-04-16T13:50:36+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7,7 +7,7 @@ CVE-2015-10103 CVE-2015-10102 RESERVED CVE-2015-10101 (A vulnerability classified as problematic was found in Google Analytic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2107 (A vulnerability, which was classified as critical, was found in IBOS 4 ...) NOT-FOR-US: IBOS CVE-2023-2106 (Weak Password Requirements in GitHub repository janeczku/calibre-web p ...) @@ -2782,7 +2782,7 @@ CVE-2023-29599 CVE-2023-29598 (lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: lmxcms CVE-2023-29597 (bloofox v0.5.2 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: bloofox CVE-2023-29596 RESERVED CVE-2023-29595 @@ -3105,13 +3105,13 @@ CVE-2023-29511 CVE-2023-29510 RESERVED CVE-2023-29509 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29508 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29507 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29506 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29505 RESERVED CVE-2023-28393 @@ -4089,33 +4089,33 @@ CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effe CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filtering of ...) NOT-FOR-US: Apache Linkis CVE-2023-29214 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29213 RESERVED CVE-2023-29212 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29211 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29210 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29209 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29208 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29207 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29206 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29205 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29204 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29203 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29202 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29201 (XWiki Commons are technical libraries common to several other top leve ...) - TODO: check + NOT-FOR-US: XWiki CVE-2023-29200 RESERVED CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...) @@ -8918,7 +8918,7 @@ CVE-2023-27814 CVE-2023-27813 RESERVED CVE-2023-27812 (bloofox v0.5.2 was discovered to contain an arbitrary file deletion vu ...) - TODO: check + NOT-FOR-US: bloofox CVE-2023-27811 RESERVED CVE-2023-27810 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) @@ -9254,21 +9254,21 @@ CVE-2023-27656 CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the component ...) TODO: check CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) - TODO: check + NOT-FOR-US: WHO CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) - TODO: check + NOT-FOR-US: WHO CVE-2023-27652 RESERVED CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...) - TODO: check + NOT-FOR-US: Ego Studio SuperClean CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...) NOT-FOR-US: APUS Group Launcher CVE-2023-27649 (SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0. ...) - TODO: check + NOT-FOR-US: Free Music CVE-2023-27648 (Directory Traversal vulnerability found in T-ME Studios Change Color o ...) - TODO: check + NOT-FOR-US: T-ME Studios Change Color of Keypad CVE-2023-27647 (An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacke ...) - TODO: check + NOT-FOR-US: DUALSPACE Lock Master CVE-2023-27646 RESERVED CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...) @@ -9276,7 +9276,7 @@ CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and CVE-2023-27644 RESERVED CVE-2023-27643 (An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows ...) - TODO: check + NOT-FOR-US: POWERAMP CVE-2023-27642 RESERVED CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...) @@ -9480,9 +9480,9 @@ CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-al CVE-2023-27573 RESERVED CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...) - TODO: check + NOT-FOR-US: CommScope Arris DG3450 CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...) - TODO: check + NOT-FOR-US: DG3450 Cable Gateway CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...) NOT-FOR-US: PrestaShop CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...) @@ -10640,7 +10640,7 @@ CVE-2023-27195 CVE-2023-27194 RESERVED CVE-2023-27193 (An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain pr ...) - TODO: check + NOT-FOR-US: DUALSPACE CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) NOT-FOR-US: DUALSPACE Super Secuirty CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) @@ -11089,7 +11089,7 @@ CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scr CVE-2023-26981 RESERVED CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...) - TODO: check + NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid CVE-2023-26979 RESERVED CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) @@ -11222,7 +11222,7 @@ CVE-2023-26920 CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...) NOT-FOR-US: delight-nashorn-sandbox CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...) - TODO: check + NOT-FOR-US: Diasoft File Replication Pro CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...) - libyang2 <unfixed> [bullseye] - libyang2 <no-dsa> (Minor issue) @@ -11566,7 +11566,7 @@ CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary CVE-2023-26757 RESERVED CVE-2023-26756 (The login page of Revive Adserver v5.4.1 is vulnerable to brute force ...) - TODO: check + NOT-FOR-US: Revive Adserver CVE-2023-26755 RESERVED CVE-2023-26754 @@ -11951,7 +11951,7 @@ CVE-2023-26561 CVE-2023-26560 RESERVED CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author before 25 ...) - TODO: check + NOT-FOR-US: Oxygen XML Web Author CVE-2023-26558 RESERVED CVE-2023-26557 @@ -12486,115 +12486,115 @@ CVE-2023-26427 CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26424 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26423 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26422 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26421 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26420 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26419 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26418 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26417 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26416 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26415 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26414 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26413 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26412 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26411 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26410 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26409 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26408 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26407 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26406 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26405 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26404 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26403 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26402 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26401 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26400 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26399 RESERVED CVE-2023-26398 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26397 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26396 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26395 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26394 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26393 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26392 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26391 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26390 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26389 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26388 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26387 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26386 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26385 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26384 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26383 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26382 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26381 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26380 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26379 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26378 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26377 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26376 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26375 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26374 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26373 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26372 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26370 RESERVED CVE-2023-26369 @@ -12917,9 +12917,9 @@ CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working di CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...) - backdrop <itp> (bug #914257) CVE-2023-26264 (All versions of Talend Data Catalog before 8.0-20220907 are potentiall ...) - TODO: check + NOT-FOR-US: Talend Data Catalog CVE-2023-26263 (All versions of Talend Data Catalog before 8.0-20230110 are potentiall ...) - TODO: check + NOT-FOR-US: Talend Data Catalog CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...) NOT-FOR-US: Sitecore CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...) @@ -15097,7 +15097,7 @@ CVE-2023-25599 CVE-2023-25598 RESERVED CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) - TODO: check + NOT-FOR-US: Mitel CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...) NOT-FOR-US: Aruba CVE-2023-25595 (A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allo ...) @@ -16846,7 +16846,7 @@ CVE-2023-24936 CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-24933 RESERVED CVE-2023-24932 @@ -17990,7 +17990,7 @@ CVE-2023-24547 CVE-2023-24546 RESERVED CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-0517 RESERVED CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travels ...) @@ -18173,15 +18173,15 @@ CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a da CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the Software ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-24512 RESERVED CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-24510 RESERVED CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with both re ...) - TODO: check + NOT-FOR-US: Arista CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...) NOT-FOR-US: Baicells CVE-2023-24507 @@ -22498,13 +22498,13 @@ CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be a CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...) NOT-FOR-US: SugarCRM CVE-2023-22951 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It ...) - TODO: check + NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22950 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Dat ...) - TODO: check + NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22949 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) - TODO: check + NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22948 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) - TODO: check + NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...) - shibboleth-sp <not-affected> (Windows-specific) CVE-2023-22946 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0db913d826804e980db8650c7cc86b059572967 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0db913d826804e980db8650c7cc86b059572967 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits