Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ba40ade by Moritz Muehlenhoff at 2023-10-04T16:55:51+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -267,7 +267,7 @@ CVE-2023-5160 (Mattermost fails to check the Show Full Name
option at the /api/v
CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE
affecting ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation
could all ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jim ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -275,7 +275,7 @@ CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
MD Jakir ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect
parsing o ...)
- TODO: check
+ NOT-FOR-US: pretix
CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jewe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
@@ -333,7 +333,7 @@ CVE-2023-43627 (Path traversal vulnerability in ACERA 1320
firmware ver.01.26 an
CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a
local a ...)
TODO: check
CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send
crafted no ...)
- TODO: check
+ NOT-FOR-US: animal-art-lab
CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to
contain ...)
NOT-FOR-US: Deyue Remote Vehicle Management System
CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish
article func ...)
@@ -361,13 +361,13 @@ CVE-2023-40744
CVE-2023-3967 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
NOT-FOR-US: Hitachi
CVE-2023-3770 (Incorrect validation vulnerability of the data entered,
allowing an at ...)
- TODO: check
+ NOT-FOR-US: Ingeteam
CVE-2023-3769 (Incorrect data input validation vulnerability, which could
allow an at ...)
- TODO: check
+ NOT-FOR-US: Ingeteam
CVE-2023-3768 (Incorrect data input validation vulnerability, which could
allow an at ...)
- TODO: check
+ NOT-FOR-US: Ingeteam
CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version
9.6.0. This ...)
- TODO: check
+ NOT-FOR-US: SLiMS
CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
NOT-FOR-US: cashIT!
CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
@@ -415,7 +415,7 @@ CVE-2023-5326 (A vulnerability was found in SATO CL4NX-J
Plus 1.13.2-u455_r2. It
CVE-2023-5324 (A vulnerability has been found in eeroOS up to 6.16.4-11 and
classifie ...)
NOT-FOR-US: eeroOS
CVE-2023-4211 (A local non-privileged user can make improper GPU memory
processing op ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-42132 (FD Application Apr. 2022 Edition (Version 9.01) and earlier
improperly ...)
NOT-FOR-US: FD Application Apr. 2022 Edition
CVE-2023-41737 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPGe ...)
@@ -697,7 +697,7 @@ CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting
(XSS) vulnerability i
CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write
response' pac ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible
for a r ...)
NOT-FOR-US: Apache Avro
CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
UserFeedbac ...)
@@ -736,21 +736,21 @@ CVE-2023-44174 (Online Movie Ticket Booking System v1.0
is vulnerable to an aut
CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to an
authentic ...)
NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource
does n ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44167 (The 'name' parameter of the process_registration.php resource
does no ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44166 (The 'age' parameter of the process_registration.php resource
does not ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44165 (The 'Password' parameter of the process_login.php resource
does not v ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does
not vali ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-44163 (The 'search' parameter of the process_search.php resource
does not va ...)
- TODO: check
+ NOT-FOR-US: Online Movie Ticket Booking System
CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure
File Uploa ...)
NOT-FOR-US: Online Book Store Project
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not
validate t ...)
- TODO: check
+ NOT-FOR-US: Online Book Store Project
CVE-2023-43662 (ShokoServer is a media server which specializes in organizing
anime. I ...)
NOT-FOR-US: ShokoServer
CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in
product ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba40adeb7a04731f1641b5af1b9382daed99b35
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba40adeb7a04731f1641b5af1b9382daed99b35
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
