Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d471b326 by Salvatore Bonaccorso at 2023-05-04T20:57:02+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9122,11 +9122,11 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili CVE-2023-1386 RESERVED CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...) - NOT-FOR-US: Amazon Fire TV Stick 3rd gen + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...) - NOT-FOR-US: Amazon Fire TV Stick 3rd gen + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...) - NOT-FOR-US: Amazon Fire TV Stick 3rd gen + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...) - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 @@ -12919,7 +12919,7 @@ CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote a CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...) NOT-FOR-US: Tenda CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component microbin/s ...) - TODO: check + NOT-FOR-US: Microbin CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: BP Monitoring Management System CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...) @@ -16179,9 +16179,9 @@ CVE-2023-25829 CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...) NOT-FOR-US: Pluck CMS CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...) - TODO: check + NOT-FOR-US: OpenTSDB CVE-2023-25826 (Due to insufficient validation of parameters passed to the legacy HTTP ...) - TODO: check + NOT-FOR-US: OpenTSDB CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth @@ -26072,7 +26072,7 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve CVE-2023-22652 RESERVED CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...) - TODO: check + NOT-FOR-US: Rancher CVE-2023-22650 RESERVED CVE-2023-22649 @@ -48861,7 +48861,7 @@ CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 CVE-2022-3406 RESERVED CVE-2022-3405 (Code execution and sensitive information disclosure due to excessive p ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-3404 REJECTED CVE-2022-3403 @@ -79413,7 +79413,7 @@ CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file u CVE-2022-30996 REJECTED CVE-2022-30995 (Sensitive information disclosure due to improper authentication. The f ...) - TODO: check + NOT-FOR-US: Acronis CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...) NOT-FOR-US: Acronis CVE-2022-30993 (Cleartext transmission of sensitive information. The following product ...) @@ -391376,7 +391376,7 @@ CVE-2017-11199 CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...) NOT-FOR-US: FineCMS CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privi ...) - TODO: check + NOT-FOR-US: CyberArk Viewfinity CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...) {DLA-3058-1 DLA-1049-1} - libsndfile 1.0.28-3 (bug #869166) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits