Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7e938aaa by Moritz Muehlenhoff at 2023-09-01T10:20:03+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,23 +1,23 @@ CVE-2023-4698 (Improper Input Validation in GitHub repository usememos/memos prior to ...) - TODO: check + NOT-FOR-US: Memos CVE-2023-4697 (Improper Privilege Management in GitHub repository usememos/memos prio ...) - TODO: check + NOT-FOR-US: Memos CVE-2023-4696 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) - TODO: check + NOT-FOR-US: Memos CVE-2023-4695 (Use of Predictable Algorithm in Random Number Generator in GitHub repo ...) - TODO: check + NOT-FOR-US: pkp-lib CVE-2023-4688 (Sensitive information leak through log files. The following products a ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-4299 (Digi RealPort Protocol is vulnerable to a replay attack that may allow ...) - TODO: check + NOT-FOR-US: Digi RealPort CVE-2023-41751 (Sensitive information disclosure due to improper token expiration vali ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-41750 (Sensitive information disclosure due to missing authorization. The fol ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-41749 (Sensitive information disclosure due to excessive collection of system ...) - TODO: check + NOT-FOR-US: Acronis CVE-2023-39912 (Zoho ManageEngine ADManager Plus through 7202 allows admin users to do ...) - TODO: check + NOT-FOR-US: Zoho CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) - gpac <unfixed> [bullseye] - gpac <ignored> (Minor issue) @@ -60,7 +60,7 @@ CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Function CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...) - TODO: check + NOT-FOR-US: Zscaler Proxy CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...) @@ -78,7 +78,7 @@ CVE-2023-41045 (Graylog is a free and open log management platform. Graylog make CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...) - graylog2 <itp> (bug #652273) CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...) - TODO: check + NOT-FOR-US: Eclipse Leshan CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 <unfixed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x @@ -185,7 +185,7 @@ CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenam CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...) TODO: check CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...) - TODO: check + NOT-FOR-US: Zip Swift CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) NOT-FOR-US: Badaso CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication ...) @@ -203,7 +203,7 @@ CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable to CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: CHP Ads Block Detector plugin for WordPress CVE-2023-4640 (The controller responsible for setting the logging level does not incl ...) - TODO: check + NOT-FOR-US: YugabyteDB CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/b ...) NOT-FOR-US: bookstack CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...) @@ -258,7 +258,6 @@ CVE-2023-41039 (RestrictedPython is a restricted execution environment for Pytho - restrictedpython <unfixed> NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 - TODO: check details CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) @@ -296,7 +295,7 @@ CVE-2023-40593 (In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a mal CVE-2023-40592 (In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attac ...) NOT-FOR-US: Splunk CVE-2023-40582 (find-exec is a utility to discover available shell commands. Versions ...) - TODO: check + NOT-FOR-US: Node find-exec CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 <unfixed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits