Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: da35af90 by Moritz Muehlenhoff at 2023-04-27T10:43:58+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,5 @@ CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser ex ...) - TODO: check + NOT-FOR-US: Trust Wallet Core CVE-2023-31289 RESERVED CVE-2023-31288 @@ -136,7 +136,7 @@ CVE-2023-2309 CVE-2023-2308 RESERVED CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...) - TODO: check + NOT-FOR-US: builderio/qwik CVE-2023-2306 RESERVED CVE-2023-2305 @@ -194,7 +194,7 @@ CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order Manage CVE-2023-2292 RESERVED CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...) - TODO: check + NOT-FOR-US: Zoho CVE-2023-2290 RESERVED CVE-2023-2289 @@ -1229,17 +1229,17 @@ CVE-2023-30848 CVE-2023-30847 RESERVED CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...) - TODO: check + NOT-FOR-US: typed-rest-client CVE-2023-30845 (ESPv2 is a service proxy that provides API management capabilities usi ...) - TODO: check + NOT-FOR-US: ESPv2 CVE-2023-30844 RESERVED CVE-2023-30843 (Payload is a free and open source headless content management system. ...) - TODO: check + NOT-FOR-US: Payload CVE-2023-30842 (AVideo is an open-source video platform. Prior to version 12.4, AVideo ...) NOT-FOR-US: AVideo CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...) - TODO: check + NOT-FOR-US: Baremetal Operator (BMO) CVE-2023-30840 RESERVED CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...) @@ -2833,7 +2833,7 @@ CVE-2023-30365 CVE-2023-30364 RESERVED CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype pollution due t ...) - TODO: check + NOT-FOR-US: Tencent vConsole CVE-2023-30362 RESERVED CVE-2023-30361 @@ -13575,7 +13575,7 @@ CVE-2023-26569 CVE-2023-26568 RESERVED CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...) - TODO: check + NOT-FOR-US: Sangoma CVE-2023-26566 RESERVED CVE-2023-26565 @@ -14604,13 +14604,13 @@ CVE-2023-26248 CVE-2023-26247 RESERVED CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) - TODO: check + NOT-FOR-US: Hyundai CVE-2023-26245 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) - TODO: check + NOT-FOR-US: Hyundai CVE-2023-26244 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) - TODO: check + NOT-FOR-US: Hyundai CVE-2023-26243 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) - TODO: check + NOT-FOR-US: Hyundai CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...) - linux <unfixed> (unimportant) NOTE: https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4....@gmail.com/ @@ -17546,7 +17546,7 @@ CVE-2023-25294 CVE-2023-25293 RESERVED CVE-2023-25292 (Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office vers ...) - TODO: check + NOT-FOR-US: Intermesh BV Group-Office CVE-2023-25291 RESERVED CVE-2023-25290 @@ -18744,7 +18744,7 @@ CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. A CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...) NOT-FOR-US: HGiga CVE-2023-24836 (SUNNET CTMS has vulnerability of path traversal within its file upload ...) - TODO: check + NOT-FOR-US: SUNNET CVE-2023-24835 (Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Co ...) NOT-FOR-US: Softnext CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...) @@ -24691,7 +24691,7 @@ CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect ac CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...) NOT-FOR-US: Openfind Mail2000 CVE-2023-22901 (ChangingTec MOTP system has a path traversal vulnerability. A remote a ...) - TODO: check + NOT-FOR-US: ChangingTec MOTP CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) NOT-FOR-US: Efence CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) @@ -27978,7 +27978,7 @@ CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validat CVE-2022-4623 RESERVED CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) - TODO: check + NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45444 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) @@ -28316,7 +28316,7 @@ CVE-2022-47760 CVE-2022-47759 RESERVED CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allo ...) - TODO: check + NOT-FOR-US: Nanoleaf CVE-2022-47757 RESERVED CVE-2022-47756 @@ -36339,7 +36339,7 @@ CVE-2022-45458 CVE-2022-45457 RESERVED CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...) NOT-FOR-US: Acronis CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...) @@ -40569,9 +40569,9 @@ CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booste CVE-2022-3761 RESERVED CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) - TODO: check + NOT-FOR-US: aEnrich Technology a+HRD CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) - TODO: check + NOT-FOR-US: aEnrich Technology a+HRD CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...) @@ -174870,7 +174870,7 @@ CVE-2020-36072 (SQL injection vulnerability found in Tailor Management System v. CVE-2020-36071 (SQL injection vulnerability found in Tailor Management System v.1 allo ...) NOT-FOR-US: Tailor Management System CVE-2020-36070 (Insecure Permission vulnerability found in Yoyager v.1.4 and before al ...) - TODO: check + NOT-FOR-US: Voyager CVE-2020-36069 RESERVED CVE-2020-36068 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da35af906a23f4df36a626e0890e03df0b3bbd86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da35af906a23f4df36a626e0890e03df0b3bbd86 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits