Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fdc67062 by Moritz Muehlenhoff at 2023-10-04T16:25:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before
SMCCC sup ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only
for the ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system
calls u ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: Instagram for WordPress plugin for WordPress
CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
@@ -47,17 +47,17 @@ CVE-2023-37404 (IBM Observability with Instana 1.0.243
through 1.0.254 could all
CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter url wi ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter ip wit ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter common ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter url wi ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter option ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter port w ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-5366 [openvswitch don't match packets on nd_target field]
- openvswitch 3.1.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
@@ -88,7 +88,7 @@ CVE-2023-4883 (Invalid pointer release vulnerability.
Exploitation of this vulne
CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a
new VNF ( ...)
NOT-FOR-US: Open5GS
CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload
maliciou ...)
- TODO: check
+ NOT-FOR-US: ICP DAS
CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management
subsytem. A t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -96,21 +96,21 @@ CVE-2023-4732 (A flaw was found in the Linux Kernel's
memory management subsytem
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2236982
NOTE:
https://git.kernel.org/linus/8f34f1eac3820fc2722e5159acceb22545b30b0d (5.14-rc1)
CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious
JavaSc ...)
- TODO: check
+ NOT-FOR-US: Capensis
CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability.
It has b ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4102 (QSige login SSO does not have an access control mechanism to
verify wh ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4101 (The QSige login SSO does not have an access control mechanism
to verif ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain
resources. ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4099 (The QSige Monitor application does not have an access control
mechanis ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4098 (It has been identified that the web application does not
correctly fil ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4097 (The file upload functionality is not implemented correctly and
allows ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows
attackers to ...)
NOT-FOR-US: CatoNetworks CatoClient
CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to
specific en ...)
@@ -140,11 +140,11 @@ CVE-2023-40009 (Cross-Site Request Forgery (CSRF)
vulnerability in ThimPress WP
CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
NOT-FOR-US: cashIT!
CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on
IBERMATICA RPS, ...)
- TODO: check
+ NOT-FOR-US: IBERMATICA
CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019,
which explo ...)
- TODO: check
+ NOT-FOR-US: IBERMATICA
CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious
JavaSc ...)
- TODO: check
+ NOT-FOR-US: Capensis
CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots
Header Foo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme
The Pos ...)
@@ -178,29 +178,29 @@ CVE-2023-37990 (Cross-Site Request Forgery (CSRF)
vulnerability in Mike Perelink
CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk
OptiMonk: ...)
NOT-FOR-US: WordPress plugin
CVE-2023-34970 (A local non-privileged user can make improper GPU processing
operation ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-33200 (A local non-privileged user can make improper GPU processing
operation ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog
Manager 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog
Manager 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager
5.6.5633 ver ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss
Platform affect ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9
version , whi ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version,
the exp ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor
plugin <=0 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in
Trustindex.Io WP Te ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version
1.0.0. ...)
- TODO: check
+ NOT-FOR-US: Jorani
CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the
componen ...)
- TODO: check
+ NOT-FOR-US: UPV PEIX
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and
may leak sensitive information into the GRUB pager]
- grub2 2.12~rc1-11
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc670623f4770bf287fec7cabea7416e26b17d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc670623f4770bf287fec7cabea7416e26b17d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
