Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2bc7ea40 by Salvatore Bonaccorso at 2023-12-14T21:46:54+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,11 @@ CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) - TODO: check + NOT-FOR-US: gradio CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow) - TODO: check + NOT-FOR-US: kubeflow CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow) - TODO: check + NOT-FOR-US: kubeflow CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3) TODO: check CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...) @@ -27,7 +27,7 @@ CVE-2023-5769 (A vulnerability exists in the webserver that affects the RTU500 CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) NOT-FOR-US: PHOENIX CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...) - TODO: check + NOT-FOR-US: Speckle Server CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...) TODO: check CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...) @@ -57,121 +57,121 @@ CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Rec NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: JFinalcms CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carous ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: EmpireCMS CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command execution in t ...) - TODO: check + NOT-FOR-US: PopojiCMS CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...) - TODO: check + NOT-FOR-US: HP CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49786 (Asterisk is an open source private branch exchange and telephony toolk ...) TODO: check CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.) - TODO: check + NOT-FOR-US: Starshop component for Joomla CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-49294 (Asterisk is an open source private branch exchange and telephony toolk ...) TODO: check CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before version 1. ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-48676 (Sensitive information disclosure and manipulation due to missing autho ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an information di ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an Imprope ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to ...) - TODO: check + NOT-FOR-US: Dokmee ECM CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...) TODO: check CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits