Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b65e2310 by Salvatore Bonaccorso at 2023-04-25T22:25:29+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -33,7 +33,7 @@ CVE-2023-31207 CVE-2023-2283 RESERVED CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) TODO: check CVE-2023-2280 @@ -1030,9 +1030,9 @@ CVE-2023-30841 CVE-2023-30840 RESERVED CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-30837 RESERVED CVE-2023-30836 @@ -1702,7 +1702,7 @@ CVE-2023-30625 CVE-2023-30624 RESERVED CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...) - TODO: check + NOT-FOR-US: embano1/wip GitHub Action CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...) TODO: check CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...) @@ -2090,7 +2090,7 @@ CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted No CVE-2023-30546 RESERVED CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...) NOT-FOR-US: Kiwi TCMS CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...) @@ -2116,7 +2116,7 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core CVE-2023-30534 RESERVED CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...) - TODO: check + NOT-FOR-US: SheetJS CVE-2023-2011 RESERVED CVE-2023-2010 @@ -2980,7 +2980,7 @@ CVE-2023-30179 CVE-2023-30178 RESERVED CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...) - TODO: check + NOT-FOR-US: CraftCMS CVE-2023-30176 RESERVED CVE-2023-30175 @@ -3774,9 +3774,9 @@ CVE-2023-29782 CVE-2023-29781 RESERVED CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...) - TODO: check + NOT-FOR-US: Third Reality Smart Blind CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...) - TODO: check + NOT-FOR-US: Sengled Dimmer Switch CVE-2023-29778 RESERVED CVE-2023-29777 @@ -5978,7 +5978,7 @@ CVE-2023-1733 (A denial of service condition exists in the Prometheus server bun CVE-2023-1732 RESERVED CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...) - TODO: check + NOT-FOR-US: LTOS CVE-2023-1730 RESERVED CVE-2023-1729 @@ -6884,7 +6884,7 @@ CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/s [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1) CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-28770 RESERVED CVE-2023-28769 @@ -9295,19 +9295,19 @@ CVE-2023-28092 CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...) NOT-FOR-US: HPE CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD ...) NOT-FOR-US: HPE CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...) NOT-FOR-US: HPE CVE-2023-28082 @@ -10730,7 +10730,7 @@ CVE-2023-27621 CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2023-27618 RESERVED CVE-2023-27617 @@ -12227,7 +12227,7 @@ CVE-2023-27107 CVE-2023-27106 RESERVED CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...) - TODO: check + NOT-FOR-US: Shanling CVE-2023-27104 RESERVED CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...) @@ -12782,15 +12782,15 @@ CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows att CVE-2023-26844 RESERVED CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-26842 RESERVED CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-26838 RESERVED CVE-2023-26837 @@ -14753,11 +14753,11 @@ CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...) NOT-FOR-US: Progress Flowmon CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...) - TODO: check + NOT-FOR-US: Telindus CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...) - TODO: check + NOT-FOR-US: Telindus CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...) - TODO: check + NOT-FOR-US: Telindus CVE-2023-26096 RESERVED CVE-2023-26095 @@ -14838,9 +14838,9 @@ CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...) NOT-FOR-US: Nokia CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) - TODO: check + NOT-FOR-US: Nokia CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) - TODO: check + NOT-FOR-US: Nokia CVE-2023-0920 RESERVED CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter, ...) @@ -15622,7 +15622,7 @@ CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-ma CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...) NOT-FOR-US: WordPress plugin CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25792 RESERVED CVE-2023-25791 @@ -16014,7 +16014,7 @@ CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...) NOT-FOR-US: WordPress plugin CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...) NOT-FOR-US: WordPress plugin CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR R ...) @@ -16897,7 +16897,7 @@ CVE-2023-25492 CVE-2023-25491 RESERVED CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25489 RESERVED CVE-2023-25488 @@ -16907,9 +16907,9 @@ CVE-2023-25487 CVE-2023-25486 RESERVED CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25483 RESERVED CVE-2023-25482 @@ -16919,7 +16919,7 @@ CVE-2023-25481 CVE-2023-25480 RESERVED CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25478 RESERVED CVE-2023-25477 @@ -17197,11 +17197,11 @@ CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When t CVE-2023-25349 RESERVED CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...) NOT-FOR-US: swig-templates CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits