Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9c02bba9 by Moritz Mühlenhoff at 2023-08-03T10:17:07+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -61,7 +61,7 @@ CVE-2023-36858 (An insufficient verification of data vulnerability exists in BIG CVE-2023-36494 (Audit logs on F5OS-A may contain undisclosed sensitive information. No ...) NOT-FOR-US: F5 BIG-IP CVE-2023-36081 (Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/ ...) - TODO: check + NOT-FOR-US: GatesAIr Flexiva FM Transmitter CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to ...) NOT-FOR-US: Shelly 4PM Pro four-channel smart switch CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML ...) @@ -24675,33 +24675,33 @@ CVE-2023-26453 CVE-2023-26452 RESERVED CVE-2023-26451 (Functions with insufficient randomness were used to generate authoriza ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26450 (The "OX Count" web service did not specify a media-type when processin ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26449 (The "OX Chat" web service did not specify a media-type when processing ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26448 (Custom log-in and log-out locations are used-defined as jslob but were ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26447 (The "upsell" widget for the portal allows to specify a product descrip ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26446 (The users clientID at "application passwords" was not sanitized or esc ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26445 (Frontend themes are defined by user-controllable jslob settings and co ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26444 RESERVED CVE-2023-26443 (Full-text autocomplete search allows user-provided SQL syntax to be in ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26442 (In case Cacheservice was configured to use a sproxyd object-storage ba ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26441 (Cacheservice did not correctly check if relative cache object were poi ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26440 (The cacheservice API could be abused to indirectly inject parameters w ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26439 (The cacheservice API could be abused to inject parameters with SQL syn ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26438 (External service lookups for a number of protocols were vulnerable to ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...) - pdns-recursor 4.8.4-1 (bug #1033941) [bullseye] - pdns-recursor <no-dsa> (Minor issue) @@ -24723,7 +24723,7 @@ CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabi CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...) NOT-FOR-US: OX App Suite CVE-2023-26430 (Attackers with access to user accounts can inject arbitrary control ch ...) - TODO: check + NOT-FOR-US: OX App Suite CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...) NOT-FOR-US: OX App Suite CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...) @@ -24949,9 +24949,9 @@ CVE-2023-26319 CVE-2023-26318 RESERVED CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could allow ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2023-26315 RESERVED CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -44281,9 +44281,9 @@ CVE-2022-46487 CVE-2022-46486 RESERVED CVE-2022-46485 (Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and be ...) - TODO: check + NOT-FOR-US: ngSurvey CVE-2022-46484 (Information disclosure in password protected surveys in Data Illusion ...) - TODO: check + NOT-FOR-US: ngSurvey CVE-2022-46483 RESERVED CVE-2022-46482 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits