Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3155b0c9 by Moritz Muehlenhoff at 2023-06-22T08:56:46+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -21,7 +21,7 @@ CVE-2023-33591 (User Registration & Login and User Management System v1.0 was di CVE-2023-33584 (Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Enrollment System Project CVE-2023-33289 (The urlnorm crate through 0.1.4 for Rust allows Regular Expression Den ...) - TODO: check + NOT-FOR-US: Rust crate urlnorm CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recursive ...) TODO: check CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...) @@ -236,7 +236,7 @@ CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...) TODO: check CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...) - TODO: check + NOT-FOR-US: libcoap CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active even af ...) NOT-FOR-US: Siren Investigate CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...) @@ -604,13 +604,11 @@ CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to caus CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...) NOT-FOR-US: hjson CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...) - TODO: check + NOT-FOR-US: genson CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...) - TODO: check + NOT-FOR-US: jbjson CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...) - TODO: check -CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...) - TODO: check + NOT-FOR-US: JSONUtil CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...) TODO: check CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...) @@ -810,7 +808,7 @@ CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could ca CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.) NOT-FOR-US: Nuxt CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...) - TODO: check + NOT-FOR-US: openitcockpit CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...) NOT-FOR-US: TMT Lockcell CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...) @@ -822,7 +820,7 @@ CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Satos Satos Mobile CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...) - TODO: check + NOT-FOR-US: SSPanel-Uim CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...) NOT-FOR-US: benjjvi/PyBB CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...) @@ -868,7 +866,7 @@ CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...) NOT-FOR-US: Chatwork Desktop Application CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...) - TODO: check + NOT-FOR-US: Redmine plugin CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...) TODO: check CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...) @@ -876,17 +874,17 @@ CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...) TODO: check CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...) - TODO: check + NOT-FOR-US: Wi-Fi AP UNIT CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...) - TODO: check + NOT-FOR-US: Wi-Fi AP UNIT CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...) NOT-FOR-US: ASUS Router RT-AX3000 Firmware CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...) - TODO: check + NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...) - TODO: check + NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...) - TODO: check + NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...) NOT-FOR-US: Pandora FMS CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...) @@ -1005,7 +1003,7 @@ CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Pri CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) NOT-FOR-US: Apache NiFi CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) - TODO: check + NOT-FOR-US: SRS video server CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) NOT-FOR-US: WordPress plugin CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) @@ -1021,9 +1019,9 @@ CVE-2023-33622 CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: EyouCMS CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...) - TODO: check + NOT-FOR-US: git-url-parse Rust crate CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...) - TODO: check + NOT-FOR-US: LabCollector CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) NOT-FOR-US: WordPress plugin CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...) @@ -1049,7 +1047,7 @@ CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 an CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) - TODO: check + NOT-FOR-US: Node crypto-js CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) NOT-FOR-US: WordPress plugin CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) @@ -1080,7 +1078,7 @@ CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstic CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) NOT-FOR-US: D-Link CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...) - TODO: check + NOT-FOR-US: @udecode/plate-link CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) NOT-FOR-US: Contiki-NG CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) @@ -1093,7 +1091,7 @@ CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it sk NOTE: https://github.com/grpc/grpc/pull/32309 NOTE: https://github.com/grpc/grpc/pull/33005 CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...) - TODO: check + NOT-FOR-US: UmbracoIdentityExtensions CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) NOT-FOR-US: SourceCodester CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...) @@ -5788,11 +5786,11 @@ CVE-2023-30907 CVE-2023-30906 RESERVED CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-30902 RESERVED CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) @@ -6178,15 +6176,15 @@ CVE-2022-48475 CVE-2022-48474 RESERVED CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...) - TODO: check + NOT-FOR-US: Huawei CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2022-48470 RESERVED CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...) NOT-FOR-US: I Recommend This Plugin CVE-2023-30794 @@ -6403,7 +6401,7 @@ CVE-2023-2082 CVE-2023-2081 RESERVED CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Forcepoint CVE-2023-2079 RESERVED CVE-2023-2078 @@ -6697,7 +6695,7 @@ CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software med CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...) - jellyfin <itp> (bug #994189) CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...) - TODO: check + NOT-FOR-US: rudder-server CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...) NOT-FOR-US: wasmtime CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...) @@ -7477,7 +7475,7 @@ CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...) NOT-FOR-US: ebankIT CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...) - TODO: check + NOT-FOR-US: Jira plugin CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...) NOT-FOR-US: MoroSystems EasyMind CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...) @@ -7971,9 +7969,9 @@ CVE-2023-30225 CVE-2023-30224 RESERVED CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...) - TODO: check + NOT-FOR-US: 4D SAS 4D Server CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...) - TODO: check + NOT-FOR-US: 4D SAS 4D Server CVE-2023-30221 RESERVED CVE-2023-30220 @@ -8261,7 +8259,7 @@ CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 - ming <removed> NOTE: https://github.com/libming/libming/issues/266 CVE-2023-30082 (A denial of service attack might be launched against the server if an ...) - TODO: check + NOT-FOR-US: osTicket CVE-2023-30081 RESERVED CVE-2023-30080 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3155b0c96353f08940e54c499aa111c73d885839 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3155b0c96353f08940e54c499aa111c73d885839 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits