Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d8911f33 by Moritz Muehlenhoff at 2023-12-15T15:51:02+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,43 +3,43 @@ CVE-2023-46279 CVE-2023-49898 NOT-FOR-US: Apache StreamPark CVE-2023-6832 (Business Logic Errors in GitHub repository microweber/microweber prior ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-6831 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) - TODO: check + NOT-FOR-US: mlflow CVE-2023-6827 (The Essential Real Estate plugin for WordPress is vulnerable to arbitr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6826 (The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50715 (Home Assistant is open source home automation software. Prior to versi ...) - TODO: check + NOT-FOR-US: Home assistant CVE-2023-4489 (The first S0 encryption key is generated with an uninitialized PRNG in ...) - TODO: check + NOT-FOR-US: Silicon Labs CVE-2023-48379 (Softnext Mail SQR Expert is an email management platform, it has inade ...) - TODO: check + NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48378 (Softnext Mail SQR Expert has a path traversal vulnerability within its ...) - TODO: check + NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48376 (SmartStar Software CWS is a web-based integration platform, its file u ...) - TODO: check + NOT-FOR-US: SmartStar Software CWS CVE-2023-48375 (SmartStar Software CWS is a web-based integration platform, it has a v ...) - TODO: check + NOT-FOR-US: SmartStar Software CWS CVE-2023-48374 (SmartStar Software CWS is a web-base integration platform, it has a vu ...) - TODO: check + NOT-FOR-US: SmartStar Software CWS CVE-2023-48373 (ITPison OMICARD EDM has a path traversal vulnerability within its para ...) - TODO: check + NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48372 (ITPison OMICARD EDM 's SMS-related function has insufficient validatio ...) - TODO: check + NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48371 (ITPison OMICARD EDM\u2019s file uploading function does not restrict u ...) - TODO: check + NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48050 (SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biom ...) - TODO: check + NOT-FOR-US: Cams Biometrics Zkteco CVE-2023-48049 (A SQL injection vulnerability in Cybrosys Techno Solutions Website Blo ...) - TODO: check + NOT-FOR-US: Cybrosys Techno Solutions CVE-2023-42183 (lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post- ...) - TODO: check + NOT-FOR-US: Classic LOCKSS Daemon CVE-2023-40954 (A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress ...) - TODO: check + NOT-FOR-US: Grzegorz Marczynski Dynamic Progress Bar CVE-2023-36878 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) @@ -49,7 +49,7 @@ CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow) CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow) NOT-FOR-US: kubeflow CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3) - TODO: check + NOT-FOR-US: h2oai/h2o-3 CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...) NOT-FOR-US: Keycloak CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...) @@ -71,7 +71,7 @@ CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...) NOT-FOR-US: Speckle Server CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...) - TODO: check + NOT-FOR-US: Hono CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...) NOT-FOR-US: EyouCMS CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...) @@ -234,7 +234,7 @@ CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerab CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: PHOENIX CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...) - TODO: check + NOT-FOR-US: Parallels CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) NOT-FOR-US: IBM CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) @@ -252,11 +252,11 @@ CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25 CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) NOT-FOR-US: Dell CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...) - TODO: check + NOT-FOR-US: Moonlight-common-c CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...) - TODO: check + NOT-FOR-US: Moonlight-common-c CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...) - TODO: check + NOT-FOR-US: Moonlight-common-c CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...) NOT-FOR-US: OPC UA C++ SDK CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...) @@ -336,7 +336,7 @@ CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...) NOT-FOR-US: Schneider Electric CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...) - TODO: check + NOT-FOR-US: Cube CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...) NOT-FOR-US: PRIMX CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...) @@ -508,9 +508,9 @@ CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...) NOT-FOR-US: Repox CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...) NOT-FOR-US: Newsletter Software SuperMailer CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...) @@ -45514,7 +45514,7 @@ CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 al CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...) NOT-FOR-US: quectel CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.) - TODO: check + NOT-FOR-US: fast-xml-parser CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...) NOT-FOR-US: delight-nashorn-sandbox CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...) @@ -56011,7 +56011,7 @@ CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulne CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2023-0248 (An attacker with physical access to the Kantech Gen1 ioSmart card read ...) - TODO: check + NOT-FOR-US: Kantech CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...) NOT-FOR-US: bits-and-blooms/bloom CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...) @@ -507822,7 +507822,7 @@ CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1. NOTE: http://advisories.mageia.org/MGASA-2015-0400.html NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html CVE-2015-2179 (The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to di ...) - TODO: check + NOT-FOR-US: xaviershay-dm-rails CVE-2015-2178 REJECTED CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a d ...) @@ -551907,7 +551907,7 @@ CVE-2013-2515 CVE-2013-2514 RESERVED CVE-2013-2513 (The flash_tool gem through 0.6.0 for Ruby allows command execution via ...) - TODO: check + NOT-FOR-US: Ruby flash_tool gem CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...) NOT-FOR-US: Ruby ftpd gem CVE-2013-2511 @@ -605604,7 +605604,7 @@ CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in stri - ruby1.8 <not-affected> NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/ CVE-2009-4123 (The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate ...) - TODO: check + NOT-FOR-US: jruby-openssl gem CVE-2009-4122 RESERVED CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CM ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8911f33ea584636904f04f899aaf3524a21d74f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8911f33ea584636904f04f899aaf3524a21d74f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits