[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 19 21:11:23 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e015124 by Salvatore Bonaccorso at 2023-12-19T22:10:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,7 +10,7 @@ CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Pe
CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...)
NOT-FOR-US: Imou Life application
CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
- TODO: check
+ NOT-FOR-US: Transformers
CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 th ...)
NOT-FOR-US: Hitachi
CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in 52Nort ...)
@@ -20,51 +20,51 @@ CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-50272 (A potential security vulnerability has been identified in HPE Integrat ...)
NOT-FOR-US: HPE
CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...)
- TODO: check
+ NOT-FOR-US: LinOTP
CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer ve ...)
- TODO: check
+ NOT-FOR-US: kalcaddle KodExplorer
CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...)
TODO: check
CVE-2023-46804 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46803 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46266 (An attacker can send a specially crafted request which could lead to l ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the Smart Device ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46264 (An unrestricted upload of file with dangerous type vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46263 (An unrestricted upload of file with dangerous type vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted web requ ...)
NOT-FOR-US: Ivanti
CVE-2023-46261 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46260 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46259 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46258 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46257 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46225 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46224 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46223 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46222 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46221 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46220 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46217 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-46216 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -72,13 +72,13 @@ CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulne
CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2023-43870 (When installing the Net2 software a root certificate is installed into ...)
- TODO: check
+ NOT-FOR-US: Paxton
CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure that value ...)
TODO: check
CVE-2023-41727 (An attacker sending specially crafted data packets to the Mobile Devic ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...)
NOT-FOR-US: WordPress plugin
CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
@@ -280,9 +280,9 @@ CVE-2023-34168 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been classified a ...)
- TODO: check
+ NOT-FOR-US: Ethex Contracts
CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified a ...)
- TODO: check
+ NOT-FOR-US: Corveda PHPSandbox
CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker to stea ...)
NOT-FOR-US: Keycloak
CVE-2023-6920
@@ -294,7 +294,7 @@ CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5)
CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/cle ...)
- TODO: check
+ NOT-FOR-US: ClearML Open Source Server
CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code inje ...)
NOT-FOR-US: Cambium ePMP Force
CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not ...)
@@ -340,7 +340,7 @@ CVE-2023-49855 (Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpent
CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive C ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR \xd6deme ve E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First O ...)
@@ -41318,7 +41318,7 @@ CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain an insecure permission a
CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting interface. Wh ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
@@ -50117,7 +50117,7 @@ CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution
CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25714
RESERVED
CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
@@ -51892,19 +51892,19 @@ CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devic
CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-24590 (A format string issue in the Controller 6000's optional diagnostic web ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...)
NOT-FOR-US: Gallagher
CVE-2023-23584 (An observable response discrepancy in the Gallagher Command Centre RES ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could allow priv ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23570 (Client-Side enforcement of Server-Side security for the Command Centre ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-22439 (Improper input validation of a large HTTP request in the Controller 60 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...)
@@ -69836,7 +69836,7 @@ CVE-2022-45811
CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ric ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <= 1.0. ...)
@@ -206322,7 +206322,7 @@ CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version
CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2.4 ...)
NOT-FOR-US: fastify-static
CVE-2021-22962 (An attacker can send a specially crafted request which could lead to l ...)
- TODO: check
+ NOT-FOR-US: Avalanche
CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
NOT-FOR-US: GlassWire
CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extens ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0151242b7b56fb1b6d5c3c8e60eb7785df5f3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0151242b7b56fb1b6d5c3c8e60eb7785df5f3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/aeb50f0d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list