Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18d41a1f by Moritz Muehlenhoff at 2023-12-12T17:11:38+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2023-6727 (Mattermost fails to perform correct authorization checks when
creating ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop
Manager 20 ...)
- NOT-FOR-US: Devolutions
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2023-6547 (Mattermost fails to validate team membership when a user
attempts to a ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable
to unb ...)
- TODO: check
+ NOT-FOR-US: Cloudflare quiche
CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation
fault vi ...)
TODO: check
CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting
(XSS). ...)
- TODO: check
+ NOT-FOR-US: SAS
CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point
Exceptio ...)
- espeak-ng <unfixed>
[bookworm] - espeak-ng <no-dsa> (Minor issue)
@@ -41,8 +41,9 @@ CVE-2023-49809 (Mattermost fails to handle a null request
body in the /add endpo
- mattermost-server <itp> (bug #823556)
CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS
service of HMI ...)
NOT-FOR-US: NetBIOS service of HMI GC-A2 series
+ NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2,
WRC-X3000GS ...)
- NOT-FOR-US: Elecom
+ NOT-FOR-US: ELECOM
CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (Al ...)
NOT-FOR-US: Siemens
CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (Al ...)
@@ -52,9 +53,9 @@ CVE-2023-49607 (Mattermost fails to validate the type of the
"reminder" body req
CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro
v.1.1 allow ...)
NOT-FOR-US: Voltronic Power SNMP Web Pro
CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of
HMI GC- ...)
- TODO: check
+ NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link
service ...)
- TODO: check
+ NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
NOT-FOR-US: Acronis
CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
@@ -92,11 +93,11 @@ CVE-2023-45847 (Mattermost fails to to check the length
when setting the title i
CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in
/plugins/ ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of
HMI GC- ...)
- TODO: check
+ NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL
injection vuln ...)
- TODO: check
+ NOT-FOR-US: EMlog
CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(incl. SIP ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
NOT-FOR-US: mlflow
CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for
Android, ...)
@@ -63104,9 +63105,9 @@ CVE-2023-21675 (Windows Kernel Elevation of Privilege
Vulnerability)
CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of
Privilege Vu ...)
NOT-FOR-US: Microsoft
CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus
(All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of
Module Libra ...)
NOT-FOR-US: Pandora FMS
CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event
section ...)
@@ -66970,7 +66971,7 @@ CVE-2022-46143 (Affected devices do not check the TFTP
blocksize correctly. This
CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in
flash memor ...)
NOT-FOR-US: Siemens
CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA
Portal) (Al ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the
debug zip ...)
NOT-FOR-US: Siemens
CVE-2022-44620 (Improper authentication vulnerability in
UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
@@ -79456,7 +79457,7 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer
Series are prone to an XS
CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an
authenti ...)
NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions >= ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb
prior to ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
@@ -220821,7 +220822,7 @@ CVE-2020-28371 (An issue was discovered in ReadyTalk
Avian 1.2.0 before 2020-10-
CVE-2020-28370
RESERVED
CVE-2020-28369 (In BeyondTrust Privilege Management for Windows (aka PMfW)
through 5.7 ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain
sensitive ...)
{DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
@@ -260564,13 +260565,13 @@ CVE-2020-12617
CVE-2020-12616
RESERVED
CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust Privilege Management for Windows
CVE-2020-12611
RESERVED
CVE-2020-12610
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
