Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82e5c7ec by Salvatore Bonaccorso at 2023-12-14T22:11:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -183,33 +183,33 @@ CVE-2023-46750 (URL Redirection to Untrusted Site ('Open
Redirect') vulnerabilit
NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
TODO: check details
CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version
1.1.13, a ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-46144 (A download of code without integrity check vulnerability in
PLCnext pr ...)
- TODO: check
+ NOT-FOR-US: PLCnext
CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in
PHOENIX CONT ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2023-46142 (A incorrect permission assignment for critical resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: PLCnext
CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2023-45894 (The Remote Application Server in Parallels RAS before
19.2.23975 does ...)
TODO: check
CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
TODO: check
CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
@@ -217,25 +217,25 @@ CVE-2023-42800 (Moonlight-common-c contains the core
GameStream client code shar
CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
TODO: check
CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++
SDK befor ...)
- TODO: check
+ NOT-FOR-US: OPC UA C++ SDK
CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick
Contact ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky
Analytics D ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc
component ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform
componen ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms
Basic com ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer
componen ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord
compone ...)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-37457 (Asterisk is an open source private branch exchange and
telephony toolk ...)
TODO: check
CVE-2023-3904
@@ -328,13 +328,13 @@ CVE-2023-48085 (Nagios XI before version 5.11.3 was
discovered to contain a remo
CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Nagios XI
CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server.
In versi ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2023-47623 (Scrypted is a home video integration and automation platform.
In versi ...)
- TODO: check
+ NOT-FOR-US: Scrypted
CVE-2023-47620 (Scrypted is a home video integration and automation platform.
In versi ...)
- TODO: check
+ NOT-FOR-US: Scrypted
CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server.
In versi ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3
through ...)
NOT-FOR-US: IBM
CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local
user to ...)
@@ -344,7 +344,7 @@ CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow
a non-privileged loca
CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged
local user ...)
NOT-FOR-US: IBM
CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and
before wa ...)
- TODO: check
+ NOT-FOR-US: PlutoSVG
CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI
Client for ...)
NOT-FOR-US: Zoom
CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom
SDKs for i ...)
@@ -49415,7 +49415,7 @@ CVE-2023-0759 (Privilege Chaining in GitHub repository
cockpit-hq/cockpit prior
CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and
classified a ...)
NOT-FOR-US: glorylion JFinalOA
CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist
is missi ...)
{DLA-3323-1}
- c-ares 1.18.1-2 (bug #1031525)
@@ -70169,7 +70169,7 @@ CVE-2022-45367 (Cross-Site Request Forgery (CSRF)
vulnerability in Tyche Softwar
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jason Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L.
Mongaya ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e5c7ec10dd2056c572bab92b5772969f6c41b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e5c7ec10dd2056c572bab92b5772969f6c41b1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
