Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d08d3cc1 by Moritz Muehlenhoff at 2023-07-25T20:28:43+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -92,13 +92,17 @@ CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read a CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey modules allo ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via OTRS Sy ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly Software Trialw ...) NOT-FOR-US: Assembly Software Trialworks CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not properly ...) @@ -24840,7 +24844,7 @@ CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functi CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...) NOT-FOR-US: teler-waf CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 2.5.0 and ...) - TODO: check + NOT-FOR-US: NodeBB CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...) - php-react-http <removed> [buster] - php-react-http <no-dsa> (Minor issue) @@ -27556,7 +27560,7 @@ CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devic CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) NOT-FOR-US: NOKIA CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2023-24590 RESERVED CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...) @@ -27568,13 +27572,13 @@ CVE-2023-23576 CVE-2023-23570 RESERVED CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2023-22439 RESERVED CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2023-0672 RESERVED CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.) @@ -48572,9 +48576,9 @@ CVE-2023-21408 CVE-2023-21407 RESERVED CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...) - TODO: check + NOT-FOR-US: AXIS CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...) - TODO: check + NOT-FOR-US: AXIS CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...) NOT-FOR-US: AXIS OS CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...) @@ -52153,6 +52157,8 @@ CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitec NOTE: https://xenbits.xen.org/xsa/advisory-433.html NOTE: Technically not an issue in src:linux but track as well the kernel side mitigation NOTE: under the CVE entry. + NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further + NOTE: CPUs to follow in later releases CVE-2023-20592 RESERVED CVE-2023-20591 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits