Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14bbbb1f by Moritz Muehlenhoff at 2023-11-22T14:06:58+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2023-48302 (Nextcloud Server provides data storage for
Nextcloud, an open so
CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in
product ...)
- TODO: check
+ NOT-FOR-US: TorchServe
CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
@@ -147,11 +147,11 @@ CVE-2023-5598 (Stored Cross-site Scripting (XSS)
vulnerabilities\xc2affecting 3D
CVE-2023-5055 (Possible variant of CVE-2021-3434 in function
le_ecred_reconf_req.)
NOT-FOR-US: zephyr-rtos
CVE-2023-49061 (An attacker could have performed HTML template injection via
Reader Mo ...)
- TODO: check
+ - firefox <not-affected> (Only affects Firefox for iOS)
CVE-2023-49060 (An attacker could have accessed internal pages or data by
ex-filtratin ...)
- TODO: check
+ - firefox <not-affected> (Only affects Firefox for iOS)
CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version
1.14.0, d ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a
remote atta ...)
NOT-FOR-US: SUP Online Shopping
CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software
applicat ...)
@@ -265,7 +265,7 @@ CVE-2023-48240 (XWiki Platform is a generic wiki platform.
The rendered diff in
CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation.
Prior to v ...)
TODO: check
CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS)
functionality sur ...)
- TODO: check
+ NOT-FOR-US: wire-avs
CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints
from rev ...)
NOT-FOR-US: Strapi Protected Populate Plugin
CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack
overflow via t ...)
@@ -161776,7 +161776,7 @@ CVE-2021-38407 (Delta Electronics DIALink versions
1.2.4.0 and prior is vulnerab
CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks
proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38405 (The Datalogics APDFL library used in affected products is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks
proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is
vulnerable to ...)
@@ -163205,7 +163205,7 @@ CVE-2021-37944
CVE-2021-37943
RESERVED
CVE-2021-37942 (A local privilege escalation issue was found with the APM Java
agent, ...)
- TODO: check
+ NOT-FOR-US: Elastic APM Java agent
CVE-2021-37941 (A local privilege escalation issue was found with the APM Java
agent, ...)
NOT-FOR-US: Elastic APM Java agent
CVE-2021-37940 (An information disclosure via GET request server-side request
forgery ...)
@@ -163215,7 +163215,7 @@ CVE-2021-37939 (It was discovered that Kibana\u2019s
JIRA connector & IBM Resili
CVE-2021-37938 (It was discovered that on Windows operating systems
specifically, Kiba ...)
- kibana <itp> (bug #700337)
CVE-2021-37937 (An issue was found with how API keys are created with the
Fleet-Server ...)
- TODO: check
+ - elasticsearch <removed>
CVE-2021-37936 (It was discovered that Kibana was not sanitizing document
fields conta ...)
- kibana <itp> (bug #700337)
CVE-2021-37935 (An information disclosure vulnerability in the login page of
Huntflow ...)
@@ -202921,9 +202921,9 @@ CVE-2021-22153 (A Remote Code Execution vulnerability
in the Management Console
CVE-2021-22152 (A Denial of Service due to Improper Input Validation
vulnerability in ...)
NOT-FOR-US: BlackBerry UEM
CVE-2021-22151 (It was discovered that Kibana was not validating a user
supplied path, ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2021-22150 (It was discovered that a user with Fleet admin permissions
could uploa ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0
are vulner ...)
NOT-FOR-US: Elastic Enterprise Search
CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0
was vulner ...)
@@ -202937,7 +202937,7 @@ CVE-2021-22145 (A memory disclosure vulnerability was
identified in Elasticsearc
CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an
uncontrolled rec ...)
- elasticsearch <removed>
CVE-2021-22143 (The Elastic APM .NET Agent can leak sensitive HTTP header
information ...)
- TODO: check
+ NOT-FOR-US: Elastic APM .NET Agent
CVE-2021-22142 (Kibana contains an embedded version of the Chromium browser
that the R ...)
- kibana <itp> (bug #700337)
CVE-2021-22141 (An open redirect flaw was found in Kibana versions before
7.13.0 and 6 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14bbbb1f0ce453fbe06ca44cccf4dabe38a15532
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14bbbb1f0ce453fbe06ca44cccf4dabe38a15532
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
