Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 71736432 by Salvatore Bonaccorso at 2023-09-15T11:12:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13,7 +13,7 @@ CVE-2023-4766 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) NOT-FOR-US: Yepas Digital Yepas CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: Yordam MedasPro CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability in Exaga ...) NOT-FOR-US: Exagate SYSGuard 3001 CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) @@ -23,7 +23,7 @@ CVE-2023-42180 (An arbitrary file upload vulnerability in the /user/upload compo CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query mo ...) NOT-FOR-US: lenosp CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.1 ...) - TODO: check + NOT-FOR-US: Time to SLA plugin CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications China M ...) NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communicat ...) @@ -39,11 +39,11 @@ CVE-2023-38558 (A vulnerability has been identified in SIMATIC PCS neo (Administ CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All versions ...) NOT-FOR-US: Siemens CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ weak passw ...) - TODO: check + NOT-FOR-US: I-doit pro CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configured wi ...) - TODO: check + NOT-FOR-US: I-doit pro CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...) - TODO: check + NOT-FOR-US: I-doit pro CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...) TODO: check CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...) @@ -700,7 +700,7 @@ CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Ca CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. ...) NOT-FOR-US: ARRIS TG852G, TG862G, and TG1672G devices CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certifica ...) - TODO: check + NOT-FOR-US: Anaconda Python CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) NOT-FOR-US: icms2 CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...) @@ -28441,7 +28441,7 @@ CVE-2023-27472 (quickentity-editor-next is an open source, system local, video g CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 ...) - TODO: check + NOT-FOR-US: N-able Take Control Agent CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...) NOT-FOR-US: Malwarebytes Anti-Exploit CVE-2023-27468 @@ -29298,7 +29298,7 @@ CVE-2023-27171 CVE-2023-27170 RESERVED CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...) - TODO: check + NOT-FOR-US: Xpand IT Write-back manager CVE-2023-27168 RESERVED CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...) @@ -31251,7 +31251,7 @@ CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an ou CVE-2023-26370 RESERVED CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2023-26368 RESERVED CVE-2023-26367 @@ -33831,7 +33831,7 @@ CVE-2023-25610 CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...) NOT-FOR-US: Fortinet CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2023-25607 RESERVED CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...) @@ -38937,7 +38937,7 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Je CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...) NOT-FOR-US: Open5GS CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) @@ -38947,7 +38947,7 @@ CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...) NOT-FOR-US: SolarWinds CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...) NOT-FOR-US: SolarWinds CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...) @@ -53847,13 +53847,13 @@ CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...) NOT-FOR-US: WordPress plugin CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the Management Co ...) - TODO: check + NOT-FOR-US: BlackBerry CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the Management ...) - TODO: check + NOT-FOR-US: BlackBerry CVE-2023-21521 (An SQL Injection vulnerability in the Management Console(Operator Audi ...) - TODO: check + NOT-FOR-US: BlackBerry CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self Service(Credenti ...) - TODO: check + NOT-FOR-US: BlackBerry CVE-2023-21519 RESERVED CVE-2022-45467 @@ -60555,13 +60555,13 @@ CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Ci CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...) NOT-FOR-US: Cisco CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20235 RESERVED CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco FXOS Software CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...) NOT-FOR-US: Cisco CVE-2023-20231 @@ -60653,9 +60653,9 @@ CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco IS CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) NOT-FOR-US: Cisco CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on MPLS in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20190 (A vulnerability in the classic access control list (ACL) compression f ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...) @@ -60765,7 +60765,7 @@ CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface o CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could allow an ...) NOT-FOR-US: Cisco CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification checks cou ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) @@ -83373,7 +83373,7 @@ CVE-2022-35851 (An improper neutralization of input during web page generation v CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...) NOT-FOR-US: Fortinet CVE-2022-35849 (An improper neutralization of special elements used in an OS command v ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2022-35848 RESERVED CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...) @@ -88039,7 +88039,7 @@ CVE-2022-34240 CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) @@ -88061,13 +88061,13 @@ CVE-2022-34229 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005 CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) @@ -103433,17 +103433,17 @@ CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.00 CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...) NOT-FOR-US: Adobe CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) @@ -117811,7 +117811,7 @@ CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) @@ -120574,7 +120574,7 @@ CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...) NOT-FOR-US: YzmCMS CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170 ...) - TODO: check + NOT-FOR-US: Shenzhen Hichip Vision Technology IP Camera Firmware CVE-2022-23381 RESERVED CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...) @@ -131633,7 +131633,7 @@ CVE-2021-44174 CVE-2021-44173 RESERVED CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor vulnerab ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...) @@ -176000,7 +176000,7 @@ CVE-2021-28487 CVE-2021-28486 RESERVED CVE-2021-28485 (Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 rele ...) - TODO: check + NOT-FOR-US: Ericsson CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...) NOT-FOR-US: yubihsm-connector CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits