Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bf92c732 by Moritz Muehlenhoff at 2023-06-28T15:46:54+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5,21 +5,21 @@ CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to Cr CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Subscribe2 plugin for WordPress CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS Command vuln ...) - TODO: check + NOT-FOR-US: NEC CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) - TODO: check + NOT-FOR-US: NEC CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) - TODO: check + NOT-FOR-US: NEC CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) - TODO: check + NOT-FOR-US: NEC CVE-2023-3327 REJECTED CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...) TODO: check CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 ...) - TODO: check + NOT-FOR-US: Snow Monkey Forms CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-3397 [fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions] - linux <unfixed> NOTE: https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz...@163.com/ @@ -61,9 +61,9 @@ CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld Technologies CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) NOT-FOR-US: Microworld Technologies eScan Management console CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected cross-site scrip ...) - TODO: check + NOT-FOR-US: i-doit Open CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack. Weak passwo ...) - TODO: check + NOT-FOR-US: Cloudexplorer-lite CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validation in ...) NOT-FOR-US: Shopware CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...) @@ -287,7 +287,7 @@ CVE-2023-3387 (The Lana Text to Image plugin for WordPress is vulnerable to Stor CVE-2023-3197 (The MStore API plugin for WordPress is vulnerable to Unauthenticated B ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-35932 (jcvi is a Python library to facilitate genome assembly, annotation, an ...) - TODO: check + NOT-FOR-US: jcvi CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a self-host ...) - nextcloud-server <itp> (bug #941708) CVE-2023-35927 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) @@ -1333,11 +1333,11 @@ CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to caus CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...) NOT-FOR-US: ph-json CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...) - TODO: check + NOT-FOR-US: mjson CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...) - TODO: check + NOT-FOR-US: json-io CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to cause a ...) - TODO: check + NOT-FOR-US: flexjson CVE-2023-34585 REJECTED CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.) @@ -5645,7 +5645,7 @@ CVE-2023-2292 CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...) NOT-FOR-US: Zoho CVE-2023-2290 (A potential vulnerability in the LenovoFlashDeviceInterface SMI handle ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...) @@ -5677,7 +5677,7 @@ CVE-2023-31215 CVE-2023-31214 RESERVED CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31212 RESERVED CVE-2023-31211 @@ -6359,7 +6359,7 @@ CVE-2023-30947 CVE-2023-30946 RESERVED CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and VCD(Video Clip ...) - TODO: check + NOT-FOR-US: Palantir CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...) - moodle <removed> CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...) @@ -7927,7 +7927,7 @@ CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network pr NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-439/ NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7) CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security ...) - TODO: check + NOT-FOR-US: Tenable CVE-2023-2004 REJECTED CVE-2023-2003 @@ -8059,7 +8059,7 @@ CVE-2023-1991 CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1 ...) - libressl <itp> (bug #754513) CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-30499 RESERVED CVE-2023-30498 @@ -8466,7 +8466,7 @@ CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execut CVE-2023-30348 RESERVED CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, ...) - TODO: check + NOT-FOR-US: Neox Contact Center CVE-2023-30346 RESERVED CVE-2023-30345 @@ -8642,13 +8642,13 @@ CVE-2023-30263 CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...) NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services CVE-2023-30261 (Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote at ...) - TODO: check + NOT-FOR-US: OpenWB CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earl ...) - TODO: check + NOT-FOR-US: RaspAP CVE-2023-30259 RESERVED CVE-2023-30258 (Command Injection vulnerability in MagnusSolution magnusbilling 6.x an ...) - TODO: check + NOT-FOR-US: MagnusSolution magnusbilling CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build ...) NOT-FOR-US: FiiO M6 CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 all ...) @@ -9343,7 +9343,7 @@ CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segment NOTE: https://github.com/llvm/llvm-project/commit/d35fcf0e97e7bb02381506a71e61ec282b292c50 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illumi ...) - TODO: check + NOT-FOR-US: laravel-s CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...) NOT-FOR-US: Genesys CVE-2023-29929 @@ -9485,7 +9485,7 @@ CVE-2023-29862 (An issue found in Agasio-Camera device version not specified all CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a remote att ...) NOT-FOR-US: FLIR-DVTEL CVE-2023-29860 (An insecure permissions in /Taier/API/tenant/listTenant interface in D ...) - TODO: check + NOT-FOR-US: Taier CVE-2023-29859 RESERVED CVE-2023-29858 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf92c7323e7118e80fb33a3738af7dabb02bfd9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf92c7323e7118e80fb33a3738af7dabb02bfd9c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits