Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e015124 by Salvatore Bonaccorso at 2023-12-19T22:10:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,7 +10,7 @@ CVE-2023-6931 (A heap out-of-bounds write vulnerability in
the Linux kernel's Pe
CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou
Life a ...)
NOT-FOR-US: Imou Life application
CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
- TODO: check
+ NOT-FOR-US: Transformers
CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC
60870-5-104 th ...)
NOT-FOR-US: Hitachi
CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in
52Nort ...)
@@ -20,51 +20,51 @@ CVE-2023-50376 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2023-50272 (A potential security vulnerability has been identified in HPE
Integrat ...)
NOT-FOR-US: HPE
CVE-2023-49706 (Defective request context handling in Self Service in LinOTP
3.x befor ...)
- TODO: check
+ NOT-FOR-US: LinOTP
CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in
KodeExplorer ve ...)
- TODO: check
+ NOT-FOR-US: kalcaddle KodExplorer
CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo
version ...)
TODO: check
CVE-2023-46804 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46803 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46266 (An attacker can send a specially crafted request which could
lead to l ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the
Smart Device ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46264 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46263 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted
web requ ...)
NOT-FOR-US: Ivanti
CVE-2023-46261 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46260 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46259 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46258 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46257 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46225 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46224 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46223 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46222 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46221 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46220 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46217 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46216 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
@@ -72,13 +72,13 @@ CVE-2023-44991 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2023-43870 (When installing the Net2 software a root certificate is
installed into ...)
- TODO: check
+ NOT-FOR-US: Paxton
CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure
that value ...)
TODO: check
CVE-2023-41727 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
@@ -280,9 +280,9 @@ CVE-2023-34168 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been
classified a ...)
- TODO: check
+ NOT-FOR-US: Ethex Contracts
CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and
classified a ...)
- TODO: check
+ NOT-FOR-US: Corveda PHPSandbox
CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker
to stea ...)
NOT-FOR-US: Keycloak
CVE-2023-6920
@@ -294,7 +294,7 @@ CVE-2023-6817 (A use-after-free vulnerability in the Linux
kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5)
CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository
allegroai/cle ...)
- TODO: check
+ NOT-FOR-US: ClearML Open Source Server
CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a
code inje ...)
NOT-FOR-US: Cambium ePMP Force
CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0
does not ...)
@@ -340,7 +340,7 @@ CVE-2023-49855 (Cross-Site Request Forgery (CSRF)
vulnerability in BinaryCarpent
CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe
Interactive C ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR
\xd6deme ve E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin
Ohashi WPPerf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge
First O ...)
@@ -41318,7 +41318,7 @@ CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain
an insecure permission a
CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting
interface. Wh ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS
ioctl, on ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
@@ -50117,7 +50117,7 @@ CVE-2023-25717 (Ruckus Wireless Admin through 10.4
allows Remote Code Execution
CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gqevu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress
\u2013 The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25714
RESERVED
CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Fullworks Q ...)
@@ -51892,19 +51892,19 @@ CVE-2023-25185 (An issue was discovered on NOKIA
Airscale ASIKA Single RAN devic
CVE-2023-25074 (Improper privilege validation in Command Centre Server allows
authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-24590 (A format string issue in the Controller 6000's optional
diagnostic web ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the
Controller ...)
NOT-FOR-US: Gallagher
CVE-2023-23584 (An observable response discrepancy in the Gallagher Command
Centre RES ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could
allow priv ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23570 (Client-Side enforcement of Server-Side security for the
Command Centre ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23568 (Improper privilege validation in Command Centre Server allows
authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-22439 (Improper input validation of a large HTTP request in the
Controller 60 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-22428 (Improper privilege validation in Command Centre Server allows
authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server
allows an a ...)
@@ -69836,7 +69836,7 @@ CVE-2022-45811
CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Ric ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS
Plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin
<= 1.0. ...)
@@ -206322,7 +206322,7 @@ CVE-2021-22964 (A redirect vulnerability in the
`fastify-static` module version
CVE-2021-22963 (A redirect vulnerability in the fastify-static module version
< 4.2.4 ...)
NOT-FOR-US: fastify-static
CVE-2021-22962 (An attacker can send a specially crafted request which could
lead to l ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2021-22961 (A code injection vulnerability exists within the firewall
software of ...)
NOT-FOR-US: GlassWire
CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores
chunk extens ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0151242b7b56fb1b6d5c3c8e60eb7785df5f3f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0151242b7b56fb1b6d5c3c8e60eb7785df5f3f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
