Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
071973d6 by Salvatore Bonaccorso at 2023-11-16T21:55:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,187 +13,187 @@ CVE-2023-6121 (An out-of-bounds read vulnerability was
found in the NVMe-oF/TCP
NOTE:
https://lore.kernel.org/linux-nvme/[email protected]/T/
NOTE:
https://lore.kernel.org/linux-nvme/cak5usqvxayc3lj4onqers1p0jpbffr9urzmq6jb4qhab7aq...@mail.gmail.com/T/
CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix
GetSusp prio ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-6038 (An attacker is able to read any file on the server hosting the
H2O das ...)
- TODO: check
+ NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server
hosting ...)
- TODO: check
+ NOT-FOR-US: ModelDB
CVE-2023-6022 (An attacker is able to steal secrets and potentially gain
remote code ...)
TODO: check
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file
on the ...)
- TODO: check
+ NOT-FOR-US: Ray's log API endpoint
CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter
allowing ...)
- TODO: check
+ NOT-FOR-US: Ray
CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow
withou ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed
allowi ...)
TODO: check
CVE-2023-6016 (An attacker is able to gain remote code execution on a server
hosting ...)
TODO: check
CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to
a Loca ...)
TODO: check
CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource
CKEdit ...)
TODO: check
CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of
Sensitive I ...)
- TODO: check
+ NOT-FOR-US: nagayama_copabowl
CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher
Block Chai ...)
- TODO: check
+ NOT-FOR-US: PyPinkSign
CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for
encryption ...)
- TODO: check
+ NOT-FOR-US: SuperAGI
CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows
attacke ...)
TODO: check
CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher
Block Chaini ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows
attackers t ...)
TODO: check
CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
lawrence ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Gravity ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47511 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in SO W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ioannup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47508 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Averta M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47245 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47240 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47239 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47060 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47059 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47058 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47057 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47056 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47055 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47054 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47053 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47052 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47051 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47050 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47049 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47048 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47047 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47046 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47044 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47043 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47042 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47041 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47040 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44372 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44371 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44367 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44366 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44365 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44361 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44360 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44359 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44358 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44357 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44356 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44348 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44347 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44346 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44345 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44344 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44343 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44342 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44341 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44340 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44339 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44338 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44337 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44336 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and
20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44335 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44334 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44333 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44332 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44331 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44330 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and
earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44329 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and
earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44328 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and
earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44327 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and
earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44292 (Dell Repository Manager, 3.4.3 and prior, contains an Improper
Access ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44282 (Dell Repository Manager, 3.4.3 and prior, contains an Improper
Access ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-39926 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Acurax Unde ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39259 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and
2.3.7515.0 c ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-39246 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and
Dell Sec ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-36026 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36008 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-34375 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
10Web SE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32957 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Dazz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32796 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
MingoCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32469 (Dell Precision Tower BIOS contains an Improper Input
Validation vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-6105 (An information disclosure vulnerability exists in multiple
ManageEngin ...)
NOT-FOR-US: ManageEngine
CVE-2023-5381 (The Elementor Addon Elements plugin for WordPress is vulnerable
to Sto ...)
@@ -42043,7 +42043,7 @@ CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and
earlier) and 24.7 (and earl
CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier),
20.005.30516 (and ...)
NOT-FOR-US: Adobe
CVE-2023-26368 (Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and
earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2
(and earli ...)
NOT-FOR-US: Adobe
CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2
(and earli ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/071973d6abe27ea1691f6a0a24dea61f5e5ba49e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/071973d6abe27ea1691f6a0a24dea61f5e5ba49e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
