Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
052e3688 by Moritz Muehlenhoff at 2023-06-08T19:22:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows
unprivileged users to crash
[bullseye] - dbus <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457
CVE-2023-34239 (Gradio is an open-source Python library that is used to build
machine ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2023-34238 (Gatsby is a free and open source framework based on React. The
Gatsby ...)
- gatsby <itp> (bug #922188)
CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
@@ -17,13 +17,13 @@ CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2,
9.1, CICS TX Standard,
CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
NOT-FOR-US: IBM
CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: xxl-rpc
CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is
vulner ...)
NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress
CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions
5.8.0 ...)
- TODO: check
+ NOT-FOR-US: HID SAFE
CVE-2023-2866 (If an attacker can trick an authenticated user into loading a
maliciou ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2023-3153 [service monitor MAC flow is not rate limited]
- ovn <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -57,7 +57,7 @@ CVE-2023-34237 (SABnzbd is an open source automated Usenet
download tool. A desi
CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract
development. By ...)
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator
written in typ ...)
- TODO: check
+ NOT-FOR-US: zxcvbn-ts
CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and
other ope ...)
NOT-FOR-US: mailcow
CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap
use-after-fre ...)
@@ -69,13 +69,13 @@ CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX
v1.01-CP21 allows at
CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read
arbitrary file ...)
NOT-FOR-US: Jeecg P3 Biz Chat
CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low
privileg ...)
- TODO: check
+ NOT-FOR-US: alist
CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key
for secr ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account
with de ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2023-2530 (A privilege escalation allowing remote code execution was
discovered i ...)
TODO: check
CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -331,19 +331,19 @@ CVE-2023-3120 (A vulnerability, which was classified as
critical, was found in S
CVE-2023-3119 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SourceCodester Service Provider Management System
CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before
2.37.1, t ...)
- TODO: check
+ NOT-FOR-US: Percona Monitoring and Management (PMM)
CVE-2023-34111 (The `Release PR Merged` workflow in the github repo
taosdata/grafanapl ...)
- TODO: check
+ NOT-FOR-US: taosdata/grafanaplugin
CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser.
fast-xm ...)
TODO: check
CVE-2023-33977 (Kiwi TCMS is an open source test management system for both
manual and ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and
container ...)
- TODO: check
+ NOT-FOR-US: notation
CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and
container ...)
- TODO: check
+ NOT-FOR-US: notation
CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and
container ...)
- TODO: check
+ NOT-FOR-US: notation
CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path
traversal.)
NOT-FOR-US: CloudPanel
CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni
SpA SFT DA ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
