[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 4 15:26:28 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdc67062 by Moritz Muehlenhoff at 2023-10-04T16:25:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls u ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable to Stor ...)
NOT-FOR-US: Instagram for WordPress plugin for WordPress
CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -47,17 +47,17 @@ CVE-2023-37404 (IBM Observability with Instana 1.0.243 through 1.0.254 could all
CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The parameter ip wit ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The parameter common ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter option ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...)
- TODO: check
+ NOT-FOR-US: DTS Monitoring
CVE-2023-5366 [openvswitch don't match packets on nd_target field]
- openvswitch 3.1.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
@@ -88,7 +88,7 @@ CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this vulne
CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new VNF ( ...)
NOT-FOR-US: Open5GS
CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...)
- TODO: check
+ NOT-FOR-US: ICP DAS
CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management subsytem. A t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -96,21 +96,21 @@ CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management subsytem
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2236982
NOTE: https://git.kernel.org/linus/8f34f1eac3820fc2722e5159acceb22545b30b0d (5.14-rc1)
CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious JavaSc ...)
- TODO: check
+ NOT-FOR-US: Capensis
CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability. It has b ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4102 (QSige login SSO does not have an access control mechanism to verify wh ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4101 (The QSige login SSO does not have an access control mechanism to verif ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain resources. ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4099 (The QSige Monitor application does not have an access control mechanis ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4098 (It has been identified that the web application does not correctly fil ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-4097 (The file upload functionality is not implemented correctly and allows ...)
- TODO: check
+ NOT-FOR-US: QSige
CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to ...)
NOT-FOR-US: CatoNetworks CatoClient
CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to specific en ...)
@@ -140,11 +140,11 @@ CVE-2023-40009 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP
CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
NOT-FOR-US: cashIT!
CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, ...)
- TODO: check
+ NOT-FOR-US: IBERMATICA
CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019, which explo ...)
- TODO: check
+ NOT-FOR-US: IBERMATICA
CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious JavaSc ...)
- TODO: check
+ NOT-FOR-US: Capensis
CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Foo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...)
@@ -178,29 +178,29 @@ CVE-2023-37990 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink
CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: ...)
NOT-FOR-US: WordPress plugin
CVE-2023-34970 (A local non-privileged user can make improper GPU processing operation ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-33200 (A local non-privileged user can make improper GPU processing operation ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 ver ...)
- TODO: check
+ NOT-FOR-US: NXLog Manager
CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss Platform affect ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , whi ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exp ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=0 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Te ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1.0.0. ...)
- TODO: check
+ NOT-FOR-US: Jorani
CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...)
- TODO: check
+ NOT-FOR-US: UPV PEIX
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc670623f4770bf287fec7cabea7416e26b17d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdc670623f4770bf287fec7cabea7416e26b17d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231004/6279ad18/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list