[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 16 20:55:38 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
071973d6 by Salvatore Bonaccorso at 2023-11-16T21:55:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,187 +13,187 @@ CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP
NOTE: https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/
NOTE: https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/
CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2O das ...)
- TODO: check
+ NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...)
- TODO: check
+ NOT-FOR-US: ModelDB
CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code ...)
TODO: check
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...)
- TODO: check
+ NOT-FOR-US: Ray's log API endpoint
CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter allowing ...)
- TODO: check
+ NOT-FOR-US: Ray
CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed allowi ...)
TODO: check
CVE-2023-6016 (An attacker is able to gain remote code execution on a server hosting ...)
TODO: check
CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...)
TODO: check
CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...)
TODO: check
CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...)
- TODO: check
+ NOT-FOR-US: nagayama_copabowl
CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chai ...)
- TODO: check
+ NOT-FOR-US: PyPinkSign
CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption ...)
- TODO: check
+ NOT-FOR-US: SuperAGI
CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows attacke ...)
TODO: check
CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...)
TODO: check
CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrence ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47511 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47508 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47245 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47240 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47239 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47060 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47059 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47058 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47057 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47056 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47055 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47054 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47053 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47052 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47051 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47050 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47049 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47048 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47047 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47046 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47044 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47043 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47042 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47041 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47040 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44372 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44371 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44367 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44366 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44365 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44361 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44360 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44359 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44358 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44357 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44356 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44348 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44347 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44346 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44345 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44344 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44343 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44342 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44341 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44340 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44339 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44338 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44337 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44336 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44335 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44334 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44333 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44332 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44331 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44330 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44329 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44328 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44327 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-44292 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44282 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-39926 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Unde ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39259 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-39246 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-36026 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36008 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-34375 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32957 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32796 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32469 (Dell Precision Tower BIOS contains an Improper Input Validation vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-6105 (An information disclosure vulnerability exists in multiple ManageEngin ...)
NOT-FOR-US: ManageEngine
CVE-2023-5381 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
@@ -42043,7 +42043,7 @@ CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earl
CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...)
NOT-FOR-US: Adobe
CVE-2023-26368 (Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
NOT-FOR-US: Adobe
CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/071973d6abe27ea1691f6a0a24dea61f5e5ba49e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/071973d6abe27ea1691f6a0a24dea61f5e5ba49e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/1b606715/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list