Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0a2610b by Salvatore Bonaccorso at 2023-04-24T22:20:10+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2023-31105
CVE-2023-31104
RESERVED
CVE-2023-2257 (Authentication Bypass in Hub Business integration in
Devolutions Works ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2023-2256
RESERVED
CVE-2023-2255
@@ -57,9 +57,9 @@ CVE-2023-2249
CVE-2023-2248
RESERVED
CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth
Module in ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the
`resolveResource` ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor
CVE-2023-31103
RESERVED
CVE-2023-31102
@@ -216,9 +216,9 @@ CVE-2023-2241 (A vulnerability, which was classified as
critical, was found in P
NOTE: https://github.com/podofo/podofo/issues/69
NOTE:
https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
CVE-2012-10014 (A vulnerability classified as problematic has been found in
Kau-Boy Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization
Plugin up to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31037
RESERVED
CVE-2023-31036
@@ -1011,7 +1011,7 @@ CVE-2023-30778
CVE-2023-30777
RESERVED
CVE-2023-30776 (An authenticated user with specific data permissions could
access data ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-2129
RESERVED
CVE-2023-2128
@@ -1468,7 +1468,7 @@ CVE-2023-30615
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In
versions ...)
NOT-FOR-US: Pay (payments engine for Ruby on Rails)
CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users
to uplo ...)
- TODO: check
+ NOT-FOR-US: Kiwi TCMS
CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud
workloads. Thi ...)
NOT-FOR-US: Cloud hypervisor
CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their
reaction ...)
@@ -1834,7 +1834,7 @@ CVE-2023-30546
CVE-2023-30545
RESERVED
CVE-2023-30544 (Kiwi TCMS is an open source test management system. In
versions of Kiw ...)
- TODO: check
+ NOT-FOR-US: Kiwi TCMS
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In
affected ve ...)
NOT-FOR-US: @web3-react
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
@@ -2138,7 +2138,7 @@ CVE-2023-30460
CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the
attacker ...)
NOT-FOR-US: SmartPTT SCADA
CVE-2023-30458 (A username enumeration issue was discovered in Medicine
Tracker System ...)
- TODO: check
+ NOT-FOR-US: Medicine Tracker System
CVE-2023-30457
RESERVED
CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the
Linux kern ...)
@@ -3373,9 +3373,9 @@ CVE-2023-29851
CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does
not strip ...)
NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia
CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Bang Resto
CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Bang Resto
CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored
cross-site sc ...)
NOT-FOR-US: AeroCMS
CVE-2023-29846
@@ -9330,9 +9330,9 @@ CVE-2023-27993
CVE-2023-27992
RESERVED
CVE-2023-27991 (The post-authentication command injection vulnerability in the
CLI com ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions
4.32 throu ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-27989
RESERVED
CVE-2023-27988
@@ -10834,7 +10834,7 @@ CVE-2023-27526
CVE-2023-27525 (An authenticated user with Gamma role authorization could have
access ...)
NOT-FOR-US: Apache Superset
CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to
and inclu ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-27523
RESERVED
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_pr ...)
@@ -12474,7 +12474,7 @@ CVE-2023-26867
CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware
versions ...)
NOT-FOR-US: GreenPacket
CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy
v.2.2.12 and b ...)
- TODO: check
+ NOT-FOR-US: PrestaShop bdroppy
CVE-2023-26864 (SQL injection vulnerability found in PrestaShop
smplredirectionsmanage ...)
NOT-FOR-US: PrestaShop
CVE-2023-26863
@@ -14568,11 +14568,11 @@ CVE-2023-26063 (Certain Lexmark devices through
2023-02-19 access a Resource By
CVE-2023-26062
RESERVED
CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Sched ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Worki ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On
the Site ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-26058
RESERVED
CVE-2023-26057
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
