diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-10 22:55:20 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-08-10 22:55:20 +0200 |
commit | 6baf211b8600218e8caa00cadf1bfc929175153f (patch) | |
tree | 1850566dcbef675b9eacf1a39f90c81984abcbc6 /data | |
parent | 9e68f9ac2d2c5974f6d429b0ec363d78902232bc (diff) |
Process some NFUs
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 80 |
1 files changed, 40 insertions, 40 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5c89fd74e5..fff4f95782 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -144,19 +144,19 @@ CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in ...) NOT-FOR-US: Ivanti CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32561 (A previously generated artifact by an administrator could be accessed ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies] - postgresql-15 15.4-1 - postgresql-13 <not-affected> (Only affects 15.x) @@ -433,7 +433,7 @@ CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...) TODO: check CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Farmakom Remote Administration Console CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Oduyo Online Collection Software CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -447,7 +447,7 @@ CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: a2 Camera Trap Tracking System CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens Solid Edge CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...) TODO: check CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...) @@ -459,7 +459,7 @@ CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All ve CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) TODO: check CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...) NOT-FOR-US: Zoom CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...) @@ -515,9 +515,9 @@ CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 al CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...) - TODO: check + NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) - TODO: check + NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) NOT-FOR-US: Siemens CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) @@ -601,13 +601,13 @@ CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cros CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...) - TODO: check + NOT-FOR-US: Bitberry File Opener CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) - TODO: check + NOT-FOR-US: ESDS Emagic Data Center Management Suit CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...) NOT-FOR-US: Microsoft CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability) @@ -689,61 +689,61 @@ CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...) NOT-FOR-US: Zoom CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...) - TODO: check + NOT-FOR-US: Diebold Nixdorf Vynamic View Console CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...) - TODO: check + NOT-FOR-US: Adiscon Aiscon LogAnalyzer CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...) - TODO: check + NOT-FOR-US: PHPJabbers CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability) TODO: check CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft .NET CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...) NOT-FOR-US: WordPress plugin CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...) TODO: check CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet] |