Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5cecbd4 by Moritz Muehlenhoff at 2023-07-14T16:25:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -255,7 +255,7 @@ CVE-2023-3106 (A NULL pointer dereference vulnerability was
found in netlink_dum
- linux 4.8.5-1
NOTE:
https:/git.kernel.org/linus/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 (4.8-rc7)
CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog
could be sup ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not
properly val ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the
"passwo ...)
@@ -11122,7 +11122,7 @@ CVE-2023-30228
CVE-2023-30227
RESERVED
CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in
rizinorg Rizin ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2023-30225
RESERVED
CVE-2023-30224
@@ -11277,7 +11277,7 @@ CVE-2023-30153
CVE-2023-30152
RESERVED
CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher)
module fo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL
Injection ...)
NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete
(cityautocomplete ...)
@@ -11619,7 +11619,7 @@ CVE-2023-29986 (spring-boot-actuator-logview 0.2.13
allows Directory Traversal t
CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System
v1.0 admin\ ...)
NOT-FOR-US: Sourcecodester
CVE-2023-29984 (Null pointer dereference vulnerability exists in multiple
vendors MFPs ...)
- TODO: check
+ NOT-FOR-US: Fujufilm
CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt
cmaps v.8. ...)
NOT-FOR-US: Maximilian Vogt cmaps
CVE-2023-29982
@@ -13117,7 +13117,7 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a
in bzip3 before 1.3.0. A d
NOTE: https://github.com/kspalaiologos/bzip3/issues/95
NOTE:
https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465
(1.3.0)
CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic
Buffer ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
NOT-FOR-US: Schneider
CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability
exists t ...)
@@ -13221,9 +13221,9 @@ CVE-2023-1904
CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not
perform ...)
NOT-FOR-US: SAP
CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global
reference to ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2023-1901 (The bluetooth HCI host layer logic not clearing a global
reference to ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2023-1900 (A vulnerability within the Avira network protection feature
allowed an ...)
NOT-FOR-US: Norton
CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure
connection by ...)
@@ -13449,7 +13449,7 @@ CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code
Execution Vulnerability)
CVE-2023-29348
RESERVED
CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
@@ -13511,29 +13511,29 @@ CVE-2023-29321 (Adobe Animate versions 22.0.9 (and
earlier) and 23.0.1 (and earl
CVE-2023-29320
RESERVED
CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29306
@@ -13547,13 +13547,13 @@ CVE-2023-29303
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29299
RESERVED
CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and
earlier) an ...)
NOT-FOR-US: Adobe
CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and
earlier) an ...)
@@ -14094,9 +14094,9 @@ CVE-2023-29132 (Irssi 1.3.x and 1.4.x before 1.4.4 has
a use-after-free because
NOTE: https://github.com/irssi/irssi/pull/1456
NOTE:
https://github.com/irssi/irssi/commit/c554a45738712219c066897b09a44d99afeb4240
CVE-2023-29131 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29130 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7
compatibl ...)
NOT-FOR-US: Siemens
CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7
CC712 ( ...)
@@ -15720,7 +15720,7 @@ CVE-2023-1549 (The Ad Inserter WordPress plugin before
2.7.27 unserializes user
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
NOT-FOR-US: Schneider
CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Elra Parkmatik
CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not
escape som ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass
prior to 3 ...)
@@ -18169,7 +18169,7 @@ CVE-2023-28003 (A CWE-613: Insufficient Session
Expiration vulnerability exists
CVE-2023-28002
RESERVED
CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 -
7.0.12 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-28000 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
CVE-2023-27999 (An improper neutralization of special elements used in an OS
command v ...)
@@ -20112,31 +20112,31 @@ CVE-2023-27299
CVE-2023-27297
RESERVED
CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a
specially c ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-26585
RESERVED
CVE-2023-25948 (Server information leak of configuration data when an error is
generat ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error
is gener ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25178 (Controller may be loaded with malicious firmware which could
enable re ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring
during th ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-24589
RESERVED
CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message
from the ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow
which coul ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-23905
RESERVED
CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the
handling ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-22658
RESERVED
CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow
when hand ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated
restric ...)
NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service
CVE-2023-1108
@@ -21396,7 +21396,7 @@ CVE-2023-26863
CVE-2023-26862
RESERVED
CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet
v.1.7.10 an ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget
v.1.0.3 and b ...)
NOT-FOR-US: PrestaShop Igbudget
CVE-2023-26859
@@ -21999,9 +21999,9 @@ CVE-2023-26566
CVE-2023-26565
RESERVED
CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable
to Mode ...)
- TODO: check
+ NOT-FOR-US: Syncfusion
CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to
filesys ...)
- TODO: check
+ NOT-FOR-US: Syncfusion
CVE-2023-26562
RESERVED
CVE-2023-26561
@@ -24710,7 +24710,7 @@ CVE-2023-25708 (Cross-Site Request Forgery (CSRF)
vulnerability in Rextheme WP V
CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.
VikBooki ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25706 (Cross-Site Request Forgery (CSRF) vulnerability in Pagup
WordPress Rob ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Go P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mehj ...)
@@ -25163,7 +25163,7 @@ CVE-2023-25608
CVE-2023-25607
RESERVED
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory
('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR
7.3.0 - ...)
NOT-FOR-US: Fortinet
CVE-2023-25604
@@ -25656,7 +25656,7 @@ CVE-2023-25489
CVE-2023-25488
RESERVED
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
PixTypes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25486
RESERVED
CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bern ...)
@@ -25694,7 +25694,7 @@ CVE-2023-25470 (Cross-Site Request Forgery (CSRF)
vulnerability in Anton Skorobo
CVE-2023-25469
RESERVED
CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in
Reservation.Studio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Mores, A. Hu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25466
@@ -25744,7 +25744,7 @@ CVE-2023-25445
CVE-2023-25444
RESERVED
CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25441
@@ -26722,7 +26722,7 @@ CVE-2023-25053
CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tepl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua
Comment Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25050
RESERVED
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in impl ...)
@@ -27196,7 +27196,7 @@ CVE-2023-24883 (Microsoft PostScript and PCL6 Class
Printer Driver Information D
CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24881 (Microsoft Teams Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24879 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
@@ -28556,19 +28556,19 @@ CVE-2023-24494 (A stored cross-site scripting (XSS)
vulnerability exists in Tena
CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to
improper ...)
NOT-FOR-US: Tenable
CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure
Access client ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure
Access client ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24490 (Users with only access to launch VDA applications can launch
an unauth ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24489 (A vulnerability has been discovered in the customer-managed
ShareFile ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix
Gatewayin a ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app
for Linux ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow
a stand ...)
NOT-FOR-US: Citrix
CVE-2023-24484 (A malicious user can cause log files to be written to a
directory that ...)
@@ -28794,7 +28794,7 @@ CVE-2023-24423 (A cross-site request forgery (CSRF)
vulnerability in Jenkins Ger
CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in
Jenkins S ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine
PHP Compa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Zestard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11
Form Bui ...)
@@ -28802,7 +28802,7 @@ CVE-2023-24419 (Cross-Site Request Forgery (CSRF)
vulnerability in Strategy11 Fo
CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in
tiggersWelt.Net Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24416
RESERVED
CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in
QuantumCloud ChatBo ...)
@@ -29805,7 +29805,7 @@ CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch
Database ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prof ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tim ...)
@@ -30361,7 +30361,7 @@ CVE-2023-23805
CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Feed p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
JustTable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Easy G ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
Really Si ...)
@@ -30383,9 +30383,9 @@ CVE-2023-23794 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eigh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
Swatchly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
HT Menu p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods
Framework Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prem ...)
@@ -30413,7 +30413,7 @@ CVE-2023-23779 (Multiple improper neutralization of
special elements used in an
CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb
version 7 ...)
NOT-FOR-US: FortiGuard
CVE-2023-23777 (An improper neutralization of special elements used in an OS
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
NOT-FOR-US: Fortinet
CVE-2023-23775
@@ -30550,7 +30550,7 @@ CVE-2023-23758
CVE-2023-23757
RESERVED
CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The
lack of ra ...)
NOT-FOR-US: Joomla!
CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack
of input ...)
@@ -30661,7 +30661,7 @@ CVE-2023-23733 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joel ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme
WishSuite ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23730
RESERVED
CVE-2023-23729
@@ -30715,7 +30715,7 @@ CVE-2023-23706 (Cross-Site Request Forgery (CSRF)
vulnerability in miniOrange Wo
CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
Comments ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23702
@@ -30828,7 +30828,7 @@ CVE-2023-23673 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23672
RESERVED
CVE-2023-23671 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb
Layer Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23669
@@ -33782,7 +33782,7 @@ CVE-2023-22837
CVE-2023-22836
RESERVED
CVE-2023-22835 (A security defect was identified that enabled a user of
Foundry Issues ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-22834 (The Contour Service was not checking that users had permission
to crea ...)
NOT-FOR-US: Palantir
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between
2.519.0 an ...)
@@ -39302,7 +39302,7 @@ CVE-2023-21758 (Windows Internet Key Exchange (IKE)
Extension Denial of Service
CVE-2023-21757 (Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service
Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2023-21756 (Windows Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21755 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21754 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -42556,7 +42556,7 @@ CVE-2023-21528 (Microsoft SQL Server Remote Code
Execution Vulnerability)
CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21526 (Windows Netlogon Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
@@ -47704,7 +47704,7 @@ CVE-2023-21264
CVE-2023-21263
RESERVED
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out
of bound ...)
TODO: check
CVE-2023-21260 (In notification access permission dialog box, malicious
application ca ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5cecbd4624baec6e6d15fcbc7361f87d1380a00
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5cecbd4624baec6e6d15fcbc7361f87d1380a00
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
