[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 14 15:25:32 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e5cecbd4 by Moritz Muehlenhoff at 2023-07-14T16:25:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -255,7 +255,7 @@ CVE-2023-3106 (A NULL pointer dereference vulnerability was found in netlink_dum
- linux 4.8.5-1
NOTE: https:/git.kernel.org/linus/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 (4.8-rc7)
CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be sup ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not properly val ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the "passwo ...)
@@ -11122,7 +11122,7 @@ CVE-2023-30228
CVE-2023-30227
RESERVED
CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in rizinorg Rizin ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2023-30225
RESERVED
CVE-2023-30224
@@ -11277,7 +11277,7 @@ CVE-2023-30153
CVE-2023-30152
RESERVED
CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...)
NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
@@ -11619,7 +11619,7 @@ CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal t
CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...)
NOT-FOR-US: Sourcecodester
CVE-2023-29984 (Null pointer dereference vulnerability exists in multiple vendors MFPs ...)
- TODO: check
+ NOT-FOR-US: Fujufilm
CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...)
NOT-FOR-US: Maximilian Vogt cmaps
CVE-2023-29982
@@ -13117,7 +13117,7 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A d
NOTE: https://github.com/kspalaiologos/bzip3/issues/95
NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 (1.3.0)
CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider
CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...)
@@ -13221,9 +13221,9 @@ CVE-2023-1904
CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
NOT-FOR-US: SAP
CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2023-1901 (The bluetooth HCI host layer logic not clearing a global reference to ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...)
NOT-FOR-US: Norton
CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure connection by ...)
@@ -13449,7 +13449,7 @@ CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
CVE-2023-29348
RESERVED
CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
@@ -13511,29 +13511,29 @@ CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earl
CVE-2023-29320
RESERVED
CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29306
@@ -13547,13 +13547,13 @@ CVE-2023-29303
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29299
RESERVED
CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
NOT-FOR-US: Adobe
CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
@@ -14094,9 +14094,9 @@ CVE-2023-29132 (Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because
NOTE: https://github.com/irssi/irssi/pull/1456
NOTE: https://github.com/irssi/irssi/commit/c554a45738712219c066897b09a44d99afeb4240
CVE-2023-29131 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29130 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
NOT-FOR-US: Siemens
CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
@@ -15720,7 +15720,7 @@ CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
NOT-FOR-US: Schneider
CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Elra Parkmatik
CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
@@ -18169,7 +18169,7 @@ CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists
CVE-2023-28002
RESERVED
CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...)
@@ -20112,31 +20112,31 @@ CVE-2023-27299
CVE-2023-27297
RESERVED
CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-26585
RESERVED
CVE-2023-25948 (Server information leak of configuration data when an error is generat ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25178 (Controller may be loaded with malicious firmware which could enable re ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-24589
RESERVED
CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-23905
RESERVED
CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the handling ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-22658
RESERVED
CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow when hand ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated restric ...)
NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service
CVE-2023-1108
@@ -21396,7 +21396,7 @@ CVE-2023-26863
CVE-2023-26862
RESERVED
CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 an ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
NOT-FOR-US: PrestaShop Igbudget
CVE-2023-26859
@@ -21999,9 +21999,9 @@ CVE-2023-26566
CVE-2023-26565
RESERVED
CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...)
- TODO: check
+ NOT-FOR-US: Syncfusion
CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...)
- TODO: check
+ NOT-FOR-US: Syncfusion
CVE-2023-26562
RESERVED
CVE-2023-26561
@@ -24710,7 +24710,7 @@ CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP V
CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25706 (Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Rob ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...)
@@ -25163,7 +25163,7 @@ CVE-2023-25608
CVE-2023-25607
RESERVED
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...)
NOT-FOR-US: Fortinet
CVE-2023-25604
@@ -25656,7 +25656,7 @@ CVE-2023-25489
CVE-2023-25488
RESERVED
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25486
RESERVED
CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
@@ -25694,7 +25694,7 @@ CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobo
CVE-2023-25469
RESERVED
CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25466
@@ -25744,7 +25744,7 @@ CVE-2023-25445
CVE-2023-25444
RESERVED
CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25441
@@ -26722,7 +26722,7 @@ CVE-2023-25053
CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25050
RESERVED
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...)
@@ -27196,7 +27196,7 @@ CVE-2023-24883 (Microsoft PostScript and PCL6 Class Printer Driver Information D
CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24881 (Microsoft Teams Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24879 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
@@ -28556,19 +28556,19 @@ CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tena
CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...)
NOT-FOR-US: Tenable
CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure Access client ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure Access client ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix Gatewayin a ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app for Linux ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...)
NOT-FOR-US: Citrix
CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...)
@@ -28794,7 +28794,7 @@ CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ger
CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
@@ -28802,7 +28802,7 @@ CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Fo
CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24416
RESERVED
CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...)
@@ -29805,7 +29805,7 @@ CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...)
@@ -30361,7 +30361,7 @@ CVE-2023-23805
CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...)
@@ -30383,9 +30383,9 @@ CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...)
@@ -30413,7 +30413,7 @@ CVE-2023-23779 (Multiple improper neutralization of special elements used in an
CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb version 7 ...)
NOT-FOR-US: FortiGuard
CVE-2023-23777 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
NOT-FOR-US: Fortinet
CVE-2023-23775
@@ -30550,7 +30550,7 @@ CVE-2023-23758
CVE-2023-23757
RESERVED
CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...)
NOT-FOR-US: Joomla!
CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input ...)
@@ -30661,7 +30661,7 @@ CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23730
RESERVED
CVE-2023-23729
@@ -30715,7 +30715,7 @@ CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange Wo
CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23702
@@ -30828,7 +30828,7 @@ CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23672
RESERVED
CVE-2023-23671 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23669
@@ -33782,7 +33782,7 @@ CVE-2023-22837
CVE-2023-22836
RESERVED
CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...)
NOT-FOR-US: Palantir
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
@@ -39302,7 +39302,7 @@ CVE-2023-21758 (Windows Internet Key Exchange (IKE) Extension Denial of Service
CVE-2023-21757 (Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2023-21756 (Windows Win32k Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21755 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21754 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -42556,7 +42556,7 @@ CVE-2023-21528 (Microsoft SQL Server Remote Code Execution Vulnerability)
CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21526 (Windows Netlogon Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
@@ -47704,7 +47704,7 @@ CVE-2023-21264
CVE-2023-21263
RESERVED
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out of bound ...)
TODO: check
CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5cecbd4624baec6e6d15fcbc7361f87d1380a00
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5cecbd4624baec6e6d15fcbc7361f87d1380a00
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/c5a247c5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list