Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c812f959 by Salvatore Bonaccorso at 2023-12-08T21:41:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -33,93 +33,93 @@ CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX CVE-2023-6245 (The Candid library causes a Denial of Service while parsing a special ...) TODO: check CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability ...) - TODO: check + NOT-FOR-US: Qualys CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2023-49782 (Collabora Online is a collaborative online office suite based on Libre ...) - TODO: check + NOT-FOR-US: Collabora Online CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (X ...) - TODO: check + NOT-FOR-US: Dreamer CMS CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attacke ...) - TODO: check + NOT-FOR-US: DoraCMS CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for verification ...) - TODO: check + NOT-FOR-US: DoraCMS CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-bas ...) - TODO: check + NOT-FOR-US: Netgear CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48420 (there is a possible use after free due to a race condition. This could ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48416 (In multiple locations, there is a possible null dereference due to a m ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free due to ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapt ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot unverif ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48405 (there is a possible way for the secure world to write to NS memory due ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.c ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing p ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible ou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, th ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnet ...) - TODO: check + NOT-FOR-US: Android CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-47565 (An OS command injection vulnerability has been found to affect legacy ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) - TODO: check + NOT-FOR-US: EverShop NPM CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest p ...) - TODO: check + NOT-FOR-US: MGT CloudPanel CVE-2023-32975 (A buffer copy without checking size of input vulnerability has been re ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-32968 (A buffer copy without checking size of input vulnerability has been re ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...) NOT-FOR-US: microweber CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...) @@ -137,7 +137,7 @@ CVE-2023-6576 (A vulnerability was found in Beijing Baichuo S210 up to 20231123. CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL ...) NOT-FOR-US: Iconics SCADA Suite CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...) - TODO: check + NOT-FOR-US: Phoenix CVE-2023-5008 (Student Information System v1.0 is vulnerable to an unauthenticated SQ ...) NOT-FOR-US: Student Information System CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure File Uplo ...) @@ -54874,7 +54874,7 @@ CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...) NOT-FOR-US: QNAP CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) - TODO: check + NOT-FOR-US: QNAP CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...) NOT-FOR-US: QNAP CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits