Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e938aaa by Moritz Muehlenhoff at 2023-09-01T10:20:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2023-4698 (Improper Input Validation in GitHub repository usememos/memos
prior to ...)
- TODO: check
+ NOT-FOR-US: Memos
CVE-2023-4697 (Improper Privilege Management in GitHub repository
usememos/memos prio ...)
- TODO: check
+ NOT-FOR-US: Memos
CVE-2023-4696 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
- TODO: check
+ NOT-FOR-US: Memos
CVE-2023-4695 (Use of Predictable Algorithm in Random Number Generator in
GitHub repo ...)
- TODO: check
+ NOT-FOR-US: pkp-lib
CVE-2023-4688 (Sensitive information leak through log files. The following
products a ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-4299 (Digi RealPort Protocol is vulnerable to a replay attack that
may allow ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2023-41751 (Sensitive information disclosure due to improper token
expiration vali ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-41750 (Sensitive information disclosure due to missing authorization.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-41749 (Sensitive information disclosure due to excessive collection
of system ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-39912 (Zoho ManageEngine ADManager Plus through 7202 allows admin
users to do ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3-D ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
@@ -60,7 +60,7 @@ CVE-2023-41739 (Uncontrolled resource consumption
vulnerability in File Function
CVE-2023-41738 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: Synology
CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions
3.6.1.25 and ...)
- TODO: check
+ NOT-FOR-US: Zscaler Proxy
CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the E ...)
NOT-FOR-US: GruppoSCAI RealGimm
CVE-2023-41640 (An improper error handling vulnerability in the component
ErroreNonGes ...)
@@ -78,7 +78,7 @@ CVE-2023-41045 (Graylog is a free and open log management
platform. Graylog make
CVE-2023-41044 (Graylog is a free and open log management platform. A partial
path tra ...)
- graylog2 <itp> (bug #652273)
CVE-2023-41034 (Eclipse Leshan is a device management server and client Java
implement ...)
- TODO: check
+ NOT-FOR-US: Eclipse Leshan
CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
- freerdp2 <unfixed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x
@@ -185,7 +185,7 @@ CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers
to spoof zip filenam
CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of
ZipArchive v ...)
TODO: check
CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a
path traver ...)
- TODO: check
+ NOT-FOR-US: Zip Swift
CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru
v.2.9.7 allo ...)
NOT-FOR-US: Badaso
CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3
Authentication ...)
@@ -203,7 +203,7 @@ CVE-2023-2353 (The CHP Ads Block Detector plugin for
WordPress is vulnerable to
CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable
to Cross ...)
NOT-FOR-US: CHP Ads Block Detector plugin for WordPress
CVE-2023-4640 (The controller responsible for setting the logging level does
not incl ...)
- TODO: check
+ NOT-FOR-US: YugabyteDB
CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository
bookstackapp/b ...)
NOT-FOR-US: bookstack
CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized
modificati ...)
@@ -258,7 +258,6 @@ CVE-2023-41039 (RestrictedPython is a restricted execution
environment for Pytho
- restrictedpython <unfixed>
NOTE:
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
NOTE: Fixed by:
https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
- TODO: check details
CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is
vulnerable to Bu ...)
NOT-FOR-US: Tenda
CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is
vulnerable to Bu ...)
@@ -296,7 +295,7 @@ CVE-2023-40593 (In Splunk Enterprise versions lower than
9.0.6 and 8.2.12, a mal
CVE-2023-40592 (In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12,
an attac ...)
NOT-FOR-US: Splunk
CVE-2023-40582 (find-exec is a utility to discover available shell commands.
Versions ...)
- TODO: check
+ NOT-FOR-US: Node find-exec
CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
- freerdp2 <unfixed>
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
