Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f0a2610b by Salvatore Bonaccorso at 2023-04-24T22:20:10+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -37,7 +37,7 @@ CVE-2023-31105 CVE-2023-31104 RESERVED CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2023-2256 RESERVED CVE-2023-2255 @@ -57,9 +57,9 @@ CVE-2023-2249 CVE-2023-2248 RESERVED CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...) - TODO: check + NOT-FOR-US: JetBrains Ktor CVE-2023-31103 RESERVED CVE-2023-31102 @@ -216,9 +216,9 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P NOTE: https://github.com/podofo/podofo/issues/69 NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31037 RESERVED CVE-2023-31036 @@ -1011,7 +1011,7 @@ CVE-2023-30778 CVE-2023-30777 RESERVED CVE-2023-30776 (An authenticated user with specific data permissions could access data ...) - TODO: check + NOT-FOR-US: Apache Superset CVE-2023-2129 RESERVED CVE-2023-2128 @@ -1468,7 +1468,7 @@ CVE-2023-30615 CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...) NOT-FOR-US: Pay (payments engine for Ruby on Rails) CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...) - TODO: check + NOT-FOR-US: Kiwi TCMS CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...) NOT-FOR-US: Cloud hypervisor CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...) @@ -1834,7 +1834,7 @@ CVE-2023-30546 CVE-2023-30545 RESERVED CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...) - TODO: check + NOT-FOR-US: Kiwi TCMS CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...) NOT-FOR-US: @web3-react CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...) @@ -2138,7 +2138,7 @@ CVE-2023-30460 CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...) NOT-FOR-US: SmartPTT SCADA CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...) - TODO: check + NOT-FOR-US: Medicine Tracker System CVE-2023-30457 RESERVED CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...) @@ -3373,9 +3373,9 @@ CVE-2023-29851 CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...) NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...) - TODO: check + NOT-FOR-US: Bang Resto CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: Bang Resto CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...) NOT-FOR-US: AeroCMS CVE-2023-29846 @@ -9330,9 +9330,9 @@ CVE-2023-27993 CVE-2023-27992 RESERVED CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-27989 RESERVED CVE-2023-27988 @@ -10834,7 +10834,7 @@ CVE-2023-27526 CVE-2023-27525 (An authenticated user with Gamma role authorization could have access ...) NOT-FOR-US: Apache Superset CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...) - TODO: check + NOT-FOR-US: Apache Superset CVE-2023-27523 RESERVED CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...) @@ -12474,7 +12474,7 @@ CVE-2023-26867 CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...) NOT-FOR-US: GreenPacket CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...) - TODO: check + NOT-FOR-US: PrestaShop bdroppy CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...) NOT-FOR-US: PrestaShop CVE-2023-26863 @@ -14568,11 +14568,11 @@ CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By CVE-2023-26062 RESERVED CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...) - TODO: check + NOT-FOR-US: Nokia CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...) - TODO: check + NOT-FOR-US: Nokia CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...) - TODO: check + NOT-FOR-US: Nokia CVE-2023-26058 RESERVED CVE-2023-26057 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits