Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
26a8bcde by Salvatore Bonaccorso at 2023-12-07T21:26:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
CVE-2023-6588 (Offline mode is always enabled, even if permission disallows
it, in D ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to
20231121. It h ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo S210
CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to
20231120 ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S20
CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a
stored cr ...)
- TODO: check
+ NOT-FOR-US: ControlByWeb Relay
CVE-2023-50164 (An attacker can manipulate file upload params to enable paths
traversa ...)
- libstruts1.2-java <removed>
NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066
CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-50000 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-4486 (Under certain circumstances, invalid authentication credentials
could ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls Metasys NAE55, SNE, and SNC engines
CVE-2023-49999 (Tenda W30E V16.01.0.12(4843) was discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49967 (Typecho v1.2.1 was discovered to be vulnerable to an XML
Quadratic Blo ...)
- TODO: check
+ NOT-FOR-US: Typecho
CVE-2023-49958 (An issue was discovered in Dalmann OCPP.Core through 1.2.0 for
OCPP (O ...)
- TODO: check
+ NOT-FOR-US: Dalmann OCPP.Core
CVE-2023-49957 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for
OCPP (Op ...)
- TODO: check
+ NOT-FOR-US: Dalmann OCPP.Core
CVE-2023-49956 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for
OCPP (Op ...)
- TODO: check
+ NOT-FOR-US: Dalmann OCPP.Core
CVE-2023-49955 (An issue was discovered in Dalmann OCPP.Core before 1.2.0 for
OCPP (Op ...)
- TODO: check
+ NOT-FOR-US: Dalmann OCPP.Core
CVE-2023-49787
REJECTED
CVE-2023-49746 (Server-Side Request Forgery (SSRF) vulnerability in
Softaculous Team S ...)
- TODO: check
+ NOT-FOR-US: Softaculous Team SpeedyCache
CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer
overflow vu ...)
TODO: check
CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a
heap-buffer-overflow vuln ...)
@@ -53,93 +53,93 @@ CVE-2023-49462 (libheif v1.17.5 was discovered to contain a
segmentation violati
CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation
violation via ...)
TODO: check
CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49435 (Tenda AX9 V22.03.01.46 is vulnerable to command injection.)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49434 (Tenda AX9 V22.03.01.46 has been found to contain a stack
overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49433 (Tenda AX9 V22.03.01.46 has been found to contain a stack
overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49432 (Tenda AX9 V22.03.01.46 has been found to contain a stack
overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49431 (Tenda AX9 V22.03.01.46 has been discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49430 (Tenda AX9 V22.03.01.46 has been found to contain a stack
overflow vuln ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49429 (Tenda AX9 V22.03.01.46 was discovered to contain a SQL command
injecti ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49428 (Tenda AX12 V22.03.01.46 has been discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49426 (Tenda AX12 V22.03.01.46 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49425 (Tenda AX12 V22.03.01.46 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49424 (Tenda AX12 V22.03.01.46 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49411 (Tenda W30E V16.01.0.12(4843) contains a stack overflow
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49410 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49409 (Tenda AX3 V16.03.12.11 was discovered to contain a Command
Execution v ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49408 (Tenda AX3 V16.03.12.11 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49406 (Tenda W30E V16.01.0.12(4843) was discovered to contain a
Command Execu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49405 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49404 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
gf_mpd_ ...)
TODO: check
CVE-2023-48325 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47779 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47548 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is vulnerable to Directory
Traversa ...)
- TODO: check
+ NOT-FOR-US: Gladys Assistant
CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management
System v ...)
- TODO: check
+ NOT-FOR-US: Best Courier Management System
CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box
contains a mem ...)
TODO: check
CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for
Recovery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
TODO: check
CVE-2023-41905 (NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected
Cross-Site scr ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41804 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm
Force S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41172 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored
Cross-Site script ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41171 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored
Cross-Site script ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41170 (NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected
Cross-Site scr ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41169 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored
Cross-Site script ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41168 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored
Cross-Site script ...)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-40302 (NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions
Vulnerability)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusPULSE
CVE-2023-40301 (NETSCOUT nGeniusPULSE 3.8 has a Command Injection
Vulnerability.)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusPULSE
CVE-2023-40300 (NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.)
- TODO: check
+ NOT-FOR-US: NETSCOUT nGeniusPULSE
CVE-2023-39909 (Ericsson Network Manager before 23.2 mishandles Access Control
and thu ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2023-39172 (The affected devices transmit sensitive information
unencrypted allowi ...)
TODO: check
CVE-2023-39171 (SENEC Storage Box V1,V2 and V3 accidentially expose a
management UI ac ...)
- TODO: check
+ NOT-FOR-US: SENEC Storage Box
CVE-2023-39170
REJECTED
CVE-2023-39169 (The affected devices use publicly available default
credentials with a ...)
@@ -147,17 +147,17 @@ CVE-2023-39169 (The affected devices use publicly
available default credentials
CVE-2023-39168
REJECTED
CVE-2023-39167 (InSENEC Storage Box V1,V2 and V3 an unauthenticated remote
attacker ca ...)
- TODO: check
+ NOT-FOR-US: SENEC Storage Box
CVE-2023-35909 (Uncontrolled Resource Consumption vulnerability in Saturday
Drive Ninj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35039 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33413 (The configuration functionality in the Intelligent Platform
Management ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-33412 (The web interface in the Intelligent Platform Management
Interface (IP ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-33411 (A web server in the Intelligent Platform Management Interface
(IPMI) b ...)
- TODO: check
+ NOT-FOR-US: Supermicro
CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository
mlflow/mlf ...)
NOT-FOR-US: mlflow
CVE-2023-6566 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
@@ -68684,7 +68684,7 @@ CVE-2022-45364 (Cross-Site Request Forgery (CSRF)
vulnerability in Glen Don L. M
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45362 (Server-Side Request Forgery (SSRF) vulnerability in Paytm
Paytm Paymen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a8bcde806fd821becb6a4602ee24f18ea76bbc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a8bcde806fd821becb6a4602ee24f18ea76bbc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
