Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3bdd539 by Moritz Muehlenhoff at 2023-12-12T11:45:07+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,7 +187,7 @@ CVE-2023-6671 (A vulnerability has been discovered on OJS,
that consists in a CS
CVE-2023-6538 (SMU versions prior to 14.8.7825.01 are susceptible to
unintended infor ...)
NOT-FOR-US: Hitachi
CVE-2023-6194 (In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report
definition X ...)
- TODO: check
+ NOT-FOR-US: Eclipse Memory Analyzer
CVE-2023-6035 (The EazyDocs WordPress plugin before 2.3.4 does not properly
sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5955 (The Contact Form Email WordPress plugin before 1.3.44 does not
sanitis ...)
@@ -233,16 +233,16 @@ CVE-2023-5500 (This vulnerability allows an remote
attacker with low privileges
CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in
Monica (ak ...)
NOT-FOR-US: MonicaHQ
CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for
Caddy 2, whe ...)
- TODO: check
+ NOT-FOR-US: caddy-geo-ip
CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition
through 7 ...)
NOT-FOR-US: Hyland Alfresco Community Edition
CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a
one-byte out- ...)
- jq <undetermined>
NOTE:
https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md
CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution)
- TODO: check
+ NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in
Debian)
CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation
in a prod ...)
- TODO: check
+ NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in
Debian)
CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and
Manipul ...)
NOT-FOR-US: Android
CVE-2023-6655 (A vulnerability, which was classified as critical, has been
found in H ...)
@@ -276,7 +276,7 @@ CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote
attacker to read files via
CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before
2023.6-beta1 ...)
NOT-FOR-US: Mullvad VPN Windows app
CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows
Reflected XSS.)
- TODO: check
+ NOT-FOR-US: Semantik MediaWiki
CVE-2023-6647 (A vulnerability, which was classified as critical, has been
found in A ...)
NOT-FOR-US: AMTT HiBOS
CVE-2023-6646 (A vulnerability classified as problematic has been found in
linkding 1 ...)
@@ -371,7 +371,7 @@ CVE-2023-6507 (An issue was found in CPython 3.12.0
`subprocess` module on POSIX
NOTE: https://github.com/python/cpython/issues/112334
NOTE: https://github.com/python/cpython/pull/112617
CVE-2023-6245 (The Candid library causes a Denial of Service while parsing a
special ...)
- TODO: check
+ NOT-FOR-US: Candid
CVE-2023-6146 (A Qualys web application was found to have a stored XSS
vulnerability ...)
NOT-FOR-US: Qualys
CVE-2023-49788 (Collabora Online is a collaborative online office suite based
on Libre ...)
@@ -1086,7 +1086,7 @@ CVE-2023-4460 (The Uploading SVG, WEBP and ICO files
WordPress plugin through 1.
CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML
transformation ...)
NOT-FOR-US: Vite
CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for
secp256k1 ...)
- TODO: check
+ NOT-FOR-US: ecies
CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch
or tag n ...)
NOT-FOR-US: Github action
CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx
(JWA/JWE/JWK/J ...)
@@ -46535,7 +46535,7 @@ CVE-2023-26160
CVE-2023-26159
RESERVED
CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype
Polluti ...)
- TODO: check
+ NOT-FOR-US: mockjs
CVE-2023-26157
RESERVED
CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are
vulnerable to ...)
@@ -46543,7 +46543,7 @@ CVE-2023-26156 (Versions of the package chromedriver
before 119.0.1 are vulnerab
CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to
Command Inject ...)
NOT-FOR-US: node-qpdf
CVE-2023-26154 (Versions of the package pubnub before 7.4.0; all versions of
the packa ...)
- TODO: check
+ NOT-FOR-US: pubnub
CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are
vulnerable to Co ...)
NOT-FOR-US: geokit-rails
CVE-2023-26152 (All versions of the package static-server are vulnerable to
Directory ...)
@@ -198062,7 +198062,7 @@ CVE-2021-3189 (The slashify package 1.0.0 for Node.js
allows open-redirect attac
CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email
parameter, an ...)
- phplist <itp> (bug #612288)
CVE-2021-3187 (An issue was discovered in BeyondTrust Privilege Management for
Mac be ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Mac
CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html
Wifi S ...)
NOT-FOR-US: Tenda AC5
CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5,
6.1.x throug ...)
@@ -260458,7 +260458,7 @@ CVE-2020-12615
CVE-2020-12614
RESERVED
CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-12612
RESERVED
CVE-2020-12611
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bdd53936d586c6644ce43d809359261c10daf0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bdd53936d586c6644ce43d809359261c10daf0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
