Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c4ecbee by Moritz Muehlenhoff at 2023-09-04T10:43:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -239,13 +239,13 @@ CVE-2023-41628 (An issue in O-RAN Software Community E2
G-Release allows attacke
CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not
validate the ...)
NOT-FOR-US: O-RAN
CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the
/index.php e ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several
component ...)
- rust-vm-memory <unfixed> (bug #1051101)
NOTE:
https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g
NOTE:
https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8
(v0.12.2)
CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which
deals w ...)
- TODO: check
+ NOT-FOR-US: Node @dcl/single-sign-on-client
CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and
before ...)
@@ -269,7 +269,7 @@ CVE-2023-39710 (Multiple cross-site scripting (XSS)
vulnerabilities in Free and
CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown
Editor comp ...)
NOT-FOR-US: Typora
CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause
a Denial ...)
- TODO: check
+ NOT-FOR-US: hjson-java
CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote
attacker t ...)
NOT-FOR-US: LanChain-ai Langchain
CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru
v.1.11.20 allow ...)
@@ -539,7 +539,7 @@ CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce
plugin for WordPress is
CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path
traversa ...)
TODO: check
CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute
a path t ...)
- TODO: check
+ NOT-FOR-US: ZIPFoundation
CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip
filenames whi ...)
TODO: check
CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of
ZipArchive v ...)
@@ -1063,7 +1063,7 @@ CVE-2023-39968 (jupyter-server is the backend for Jupyter
web applications. Open
CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to
contain a ...)
NOT-FOR-US: Theme Volty CMS Blog
CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote
attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Ansible Semaphore
CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a
remote a ...)
NOT-FOR-US: Badaso
CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway
1.0.19_T5 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ecbee2780aa4d941044709b6cf4db83b86887
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ecbee2780aa4d941044709b6cf4db83b86887
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
