Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6f63f2eb by Salvatore Bonaccorso at 2023-10-25T14:00:04+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,23 +3,23 @@ CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have c CVE-2023-5752 (When installing a package from a Mercurial VCS URL (ie "pip install ...) TODO: check CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-4608 (An authenticated XCC user with elevated privileges can perform blind S ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4607 (An authenticated XCC user can change permissions for any user through ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-4606 (An authenticated XCC user with Read-Only permission can change a diffe ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-46574 (An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote att ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-46358 (In the module "Referral and Affiliation Program" (referralbyphone) ver ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46347 (In the module "Step by Step products Pack" (ndk_steppingpack) version ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 co ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...) TODO: check CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. ...) @@ -31,71 +31,71 @@ CVE-2023-46125 (Fides is an open-source privacy engineering platform for managin CVE-2023-46124 (Fides is an open-source privacy engineering platform for managing the ...) TODO: check CVE-2023-46123 (jumpserver is an open source bastion machine, professional operation a ...) - TODO: check + NOT-FOR-US: JumpServer CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based application ...) TODO: check CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...) - TODO: check + NOT-FOR-US: Parse Server CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...) TODO: check CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) - TODO: check + NOT-FOR-US: zzzCMS CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) - TODO: check + NOT-FOR-US: zzzCMS CVE-2023-44794 (An issue in Dromara SaToken version 1.36.0 and before allows a remote ...) - TODO: check + NOT-FOR-US: Dromara SaToken CVE-2023-44769 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) - TODO: check + NOT-FOR-US: Zenario CMS CVE-2023-44767 (A File upload vulnerability in RiteCMS 3.0 allows a local attacker to ...) - TODO: check + NOT-FOR-US: RiteCMS CVE-2023-43961 (An issue in Dromara SaToken version 1.3.50RC and before when using Spr ...) - TODO: check + NOT-FOR-US: Dromara SaToken CVE-2023-43795 (GeoServer is an open source software server written in Java that allow ...) TODO: check CVE-2023-43360 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) - TODO: check + NOT-FOR-US: CMSmadesimple CVE-2023-41721 (Instances of UniFi Network Application that (i) are run on a UniFi Gat ...) - TODO: check + NOT-FOR-US: UniFi Network Application CVE-2023-41339 (GeoServer is an open source software server written in Java that allow ...) TODO: check CVE-2023-3112 (A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-39930 (A first-factor authentication bypass vulnerability exists in the PingF ...) - TODO: check + NOT-FOR-US: PingFederate CVE-2023-39740 (The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allo ...) TODO: check CVE-2023-39739 (The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 a ...) - TODO: check + NOT-FOR-US: REGINA SWEETS&BAKERY Line CVE-2023-39737 (The leakage of the client secret in Matsuya Line 13.6.1 allows attacke ...) - TODO: check + NOT-FOR-US: Matsuya Line CVE-2023-39736 (The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 a ...) - TODO: check + NOT-FOR-US: Fukunaga_memberscard Line CVE-2023-39735 (The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allo ...) - TODO: check + NOT-FOR-US: Uomasa_Saiji_news Line CVE-2023-39734 (The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_ ...) - TODO: check + NOT-FOR-US: VISION MEAT WORKS TrackDiner10/10_mc Line CVE-2023-39733 (The leakage of the client secret in TonTon-Tei Line v13.6.1 allows att ...) - TODO: check + NOT-FOR-US: TonTon-Tei Line CVE-2023-39732 (The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 all ...) - TODO: check + NOT-FOR-US: Tokueimaru_waiting Line CVE-2023-39219 (PingFederate Administrative Console dependency contains a weakness whe ...) - TODO: check + NOT-FOR-US: PingFederate CVE-2023-38041 (A logged in user may elevate its permissions by abusing a Time-of-Chec ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-37283 (Under a very specific and highly unrecommended configuration, authenti ...) - TODO: check + NOT-FOR-US: PingFederate CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host he ...) - TODO: check + NOT-FOR-US: sisqualWFM CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, it is p ...) TODO: check CVE-2023-34056 (vCenter Server contains a partial information disclosure vulnerability ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability in the im ...) - TODO: check + NOT-FOR-US: VMware CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration count of ...) TODO: check CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.) - TODO: check + NOT-FOR-US: Dromara Sureness CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any ...) TODO: check CVE-2023-5574 [Use-after-free bug in DamageDestroy] @@ -26675,7 +26675,7 @@ CVE-2023-29975 CVE-2023-29974 RESERVED CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...) - TODO: check + NOT-FOR-US: Pfsense CE CVE-2023-29972 RESERVED CVE-2023-29971 @@ -68186,9 +68186,9 @@ CVE-2022-3701 CVE-2022-3700 RESERVED CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) - ansible 7.0.0+dfsg-1 [bullseye] - ansible <no-dsa> (Minor issue) @@ -125246,7 +125246,7 @@ CVE-2022-0355 (Improper Removal of Sensitive Information Before Storage or Trans CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...) NOT-FOR-US: Lenovo CVE-2022-0353 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits