Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6baf211b by Salvatore Bonaccorso at 2023-08-10T22:55:20+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -144,19 +144,19 @@ CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in ...) NOT-FOR-US: Ivanti CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32561 (A previously generated artifact by an administrator could be accessed ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies] - postgresql-15 15.4-1 - postgresql-13 <not-affected> (Only affects 15.x) @@ -433,7 +433,7 @@ CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...) TODO: check CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Farmakom Remote Administration Console CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Oduyo Online Collection Software CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -447,7 +447,7 @@ CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: a2 Camera Trap Tracking System CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens Solid Edge CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...) TODO: check CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...) @@ -459,7 +459,7 @@ CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All ve CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) TODO: check CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...) NOT-FOR-US: Zoom CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...) @@ -515,9 +515,9 @@ CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 al CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...) - TODO: check + NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) - TODO: check + NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) NOT-FOR-US: Siemens CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) @@ -601,13 +601,13 @@ CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cros CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...) - TODO: check + NOT-FOR-US: Bitberry File Opener CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) - TODO: check + NOT-FOR-US: ESDS Emagic Data Center Management Suit CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...) NOT-FOR-US: Microsoft CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability) @@ -689,61 +689,61 @@ CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...) NOT-FOR-US: Zoom CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...) - TODO: check + NOT-FOR-US: Diebold Nixdorf Vynamic View Console CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...) - TODO: check + NOT-FOR-US: Adiscon Aiscon LogAnalyzer CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...) - TODO: check + NOT-FOR-US: PHPJabbers CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability) TODO: check CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft .NET CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...) NOT-FOR-US: WordPress plugin CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...) TODO: check CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits