Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9cd8fcea by Moritz Muehlenhoff at 2023-07-05T15:39:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -452,7 +452,7 @@ CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privilege CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...) NOT-FOR-US: Property Cloud Platform Management Center CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical information o ...) - TODO: check + NOT-FOR-US: Telegram on iOS CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communi ...) NOT-FOR-US: Xiamen Si Xin Communication Technology Video management system CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been identifi ...) @@ -21581,11 +21581,11 @@ CVE-2023-26137 CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...) TODO: check CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node flatnest CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...) - TODO: check + NOT-FOR-US: Node git-commit-info CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...) - TODO: check + NOT-FOR-US: progressbar.js CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...) TODO: check CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...) @@ -21599,7 +21599,7 @@ CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vu CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...) NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng) CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...) - TODO: check + NOT-FOR-US: Node keep-module-latest CVE-2023-26127 (All versions of the package n158 are vulnerable to Command Injection d ...) TODO: check CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...) @@ -21691,7 +21691,7 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - gitlab 15.10.8+ds1-2 CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...) - TODO: check + NOT-FOR-US: Huawei CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...) NOT-FOR-US: Progress Flowmon Packet Investigator CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...) @@ -21725,7 +21725,7 @@ CVE-2023-26087 CVE-2023-26086 RESERVED CVE-2023-26085 (A possible out-of-bounds read and write (due to an improper length che ...) - TODO: check + NOT-FOR-US: Arm NN Android-NN-Driver CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...) NOT-FOR-US: AArch64cryptolib CVE-2023-26083 (Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Ker ...) @@ -22003,7 +22003,7 @@ CVE-2023-26015 CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...) NOT-FOR-US: WordPress plugin CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...) NOT-FOR-US: WordPress plugin CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...) @@ -22081,7 +22081,7 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Int CVE-2023-25975 RESERVED CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...) @@ -22103,7 +22103,7 @@ CVE-2023-25965 CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) NOT-FOR-US: WordPress plugin CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...) NOT-FOR-US: WordPress plugin CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...) @@ -22161,11 +22161,11 @@ CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link res CVE-2023-25939 RESERVED CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-25935 RESERVED CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...) @@ -23267,7 +23267,7 @@ CVE-2023-25647 CVE-2023-25646 RESERVED CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...) - TODO: check + NOT-FOR-US: ZTE CVE-2023-25644 RESERVED CVE-2023-25643 @@ -23715,15 +23715,15 @@ CVE-2023-25524 CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) TODO: check CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...) TODO: check CVE-2023-25519 RESERVED CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) TODO: check CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) @@ -23818,9 +23818,9 @@ CVE-2023-25502 CVE-2023-25501 RESERVED CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to ...) - TODO: check + NOT-FOR-US: Vaadin CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...) - TODO: check + NOT-FOR-US: Vaadin CVE-2023-24019 RESERVED CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) @@ -24156,7 +24156,7 @@ CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...) - TODO: check + NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25365 RESERVED CVE-2023-25364 @@ -24290,9 +24290,9 @@ CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui v CVE-2023-25308 RESERVED CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.) - TODO: check + NOT-FOR-US: nothub mrpack-install CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.) - TODO: check + NOT-FOR-US: MultiMC Launcher CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...) NOT-FOR-US: PolyMC Launcher CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.) @@ -24603,13 +24603,13 @@ CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSc CVE-2023-25189 RESERVED CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) - TODO: check + NOT-FOR-US: NOKIA CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) - TODO: check + NOT-FOR-US: NOKIA CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) - TODO: check + NOT-FOR-US: NOKIA CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) - TODO: check + NOT-FOR-US: NOKIA CVE-2023-25074 RESERVED CVE-2023-24590 @@ -25117,13 +25117,13 @@ CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD fi CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated ...) NOT-FOR-US: Autodesk CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is used t ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to trigger ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2023-0634 REJECTED CVE-2023-0633 @@ -25524,13 +25524,13 @@ CVE-2023-0601 CVE-2023-24855 RESERVED CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-24853 RESERVED CVE-2023-24852 RESERVED CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-24850 RESERVED CVE-2023-24849 @@ -27441,7 +27441,7 @@ CVE-2023-24263 CVE-2023-24262 RESERVED CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows ...) - TODO: check + NOT-FOR-US: GL.iNET CVE-2023-24260 RESERVED CVE-2023-24259 @@ -27481,7 +27481,7 @@ CVE-2023-24245 CVE-2023-24244 RESERVED CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...) - TODO: check + NOT-FOR-US: CData RSB Connect CVE-2023-24242 RESERVED CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits