Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a13f24c by Moritz Muehlenhoff at 2023-11-23T11:14:34+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
- TODO: check
+ NOT-FOR-US: dom-sanitizer
CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
NOT-FOR-US: NZBGet
CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
- zlib-ng <itp> (bug #1002056)
CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -65,7 +65,7 @@ CVE-2023-41140 (A maliciously crafted PRT file when parsed
through Autodesk Auto
CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk
AutoCAD 20 ...)
NOT-FOR-US: Autodesk
CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and
2.3.7515.0 c ...)
NOT-FOR-US: Dell
CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a
heap-use-a ...)
@@ -222,9 +222,9 @@ CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable
to Directory Travers
CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
NOT-FOR-US: Headwind MDM Web panel
CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, a ...)
- TODO: check
+ NOT-FOR-US: TightGate-Pro Server
CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, b ...)
- TODO: check
+ NOT-FOR-US: TightGate-Pro Server
CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in
Sourcecodester St ...)
NOT-FOR-US: Sourcecodester Sticky Notes App
CVE-2023-46673 (It was identified that malformed scripts used in the script
processor ...)
@@ -238,9 +238,9 @@ CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in
the middle' vulnerabi
CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior,
contains a ...)
NOT-FOR-US: Dell
CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local
user is ...)
- TODO: check
+ NOT-FOR-US: Unitree Robotics A1
CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which
could a ...)
- TODO: check
+ NOT-FOR-US: Unitree Robotics A1
CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Download Com ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -34522,13 +34522,13 @@ CVE-2023-29078
CVE-2023-29077
RESERVED
CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when
parsed t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29074 (A maliciously crafted CATPART file when parsed through
Autodesk AutoCA ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk
AutoCAD ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-29072
RESERVED
CVE-2023-29071
@@ -35547,7 +35547,7 @@ CVE-2023-28813
CVE-2023-28812
RESERVED
CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
- TODO: check
+ NOT-FOR-US: hikvison
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
NOT-FOR-US: hikvison
CVE-2023-28809 (Some access control products are vulnerable to a session
hijacking att ...)
@@ -50287,7 +50287,7 @@ CVE-2023-23980 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Fullworks Q ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23976
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a13f24c3e0268e2e1f4fd6fa7860b55d1c7960b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a13f24c3e0268e2e1f4fd6fa7860b55d1c7960b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
