Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 82e5c7ec by Salvatore Bonaccorso at 2023-12-14T22:11:03+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -183,33 +183,33 @@ CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 TODO: check details CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46144 (A download of code without integrity check vulnerability in PLCnext pr ...) - TODO: check + NOT-FOR-US: PLCnext CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) - TODO: check + NOT-FOR-US: PHOENIX CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerability ...) - TODO: check + NOT-FOR-US: PLCnext CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) - TODO: check + NOT-FOR-US: PHOENIX CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...) TODO: check CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...) TODO: check CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...) @@ -217,25 +217,25 @@ CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shar CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...) TODO: check CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...) - TODO: check + NOT-FOR-US: OPC UA C++ SDK CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky Analytics D ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc component ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform componen ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms Basic com ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer componen ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord compone ...) - TODO: check + NOT-FOR-US: Joomla module CVE-2023-37457 (Asterisk is an open source private branch exchange and telephony toolk ...) TODO: check CVE-2023-3904 @@ -328,13 +328,13 @@ CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remo CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...) NOT-FOR-US: Nagios XI CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) - TODO: check + NOT-FOR-US: Audiobookshelf CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...) - TODO: check + NOT-FOR-US: Scrypted CVE-2023-47620 (Scrypted is a home video integration and automation platform. In versi ...) - TODO: check + NOT-FOR-US: Scrypted CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) - TODO: check + NOT-FOR-US: Audiobookshelf CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) NOT-FOR-US: IBM CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to ...) @@ -344,7 +344,7 @@ CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged loca CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...) - TODO: check + NOT-FOR-US: PlutoSVG CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...) NOT-FOR-US: Zoom CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...) @@ -49415,7 +49415,7 @@ CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...) NOT-FOR-US: glorylion JFinalOA CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) - TODO: check + NOT-FOR-US: PHOENIX CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist is missi ...) {DLA-3323-1} - c-ares 1.18.1-2 (bug #1031525) @@ -70169,7 +70169,7 @@ CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwar CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...) NOT-FOR-US: WordPress plugin CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...) NOT-FOR-US: WordPress plugin CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e5c7ec10dd2056c572bab92b5772969f6c41b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e5c7ec10dd2056c572bab92b5772969f6c41b1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits