Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf92c732 by Moritz Muehlenhoff at 2023-06-28T15:46:54+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,21 +5,21 @@ CVE-2023-3427 (The Salon Booking System plugin for WordPress
is vulnerable to Cr
CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site
Reques ...)
NOT-FOR-US: Subscribe2 plugin for WordPress
CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS
Command vuln ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2023-3327
REJECTED
CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected
versions ...)
TODO: check
CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms
versions v5.1.0 ...)
- TODO: check
+ NOT-FOR-US: Snow Monkey Forms
CVE-2022-48505 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-3397 [fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a
race condition between txEnd and lmLogClose functions]
- linux <unfixed>
NOTE:
https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz...@163.com/
@@ -61,9 +61,9 @@ CVE-2023-34836 (A Cross Site Scripting vulnerability in
Microworld Technologies
CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld
Technologies eScan ...)
NOT-FOR-US: Microworld Technologies eScan Management console
CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: i-doit Open
CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack.
Weak passwo ...)
- TODO: check
+ NOT-FOR-US: Cloudexplorer-lite
CVE-2023-34099 (Shopware is an open source e-commerce software. The mail
validation in ...)
NOT-FOR-US: Shopware
CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an
incorrect co ...)
@@ -287,7 +287,7 @@ CVE-2023-3387 (The Lana Text to Image plugin for WordPress
is vulnerable to Stor
CVE-2023-3197 (The MStore API plugin for WordPress is vulnerable to
Unauthenticated B ...)
NOT-FOR-US: MStore API plugin for WordPress
CVE-2023-35932 (jcvi is a Python library to facilitate genome assembly,
annotation, an ...)
- TODO: check
+ NOT-FOR-US: jcvi
CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a
self-host ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-35927 (NextCloud Server and NextCloud Enterprise Server provide file
storage ...)
@@ -1333,11 +1333,11 @@ CVE-2023-34613 (An issue was discovered sojo thru 1.1.1
allows attackers to caus
CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to
cause a ...)
NOT-FOR-US: ph-json
CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to
cause a d ...)
- TODO: check
+ NOT-FOR-US: mjson
CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers
to cause ...)
- TODO: check
+ NOT-FOR-US: json-io
CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: flexjson
CVE-2023-34585
REJECTED
CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
@@ -5645,7 +5645,7 @@ CVE-2023-2292
CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in
ManageEngine A ...)
NOT-FOR-US: Zoho
CVE-2023-2290 (A potential vulnerability in the LenovoFlashDeviceInterface SMI
handle ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some
user-co ...)
@@ -5677,7 +5677,7 @@ CVE-2023-31215
CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31212
RESERVED
CVE-2023-31211
@@ -6359,7 +6359,7 @@ CVE-2023-30947
CVE-2023-30946
RESERVED
CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and
VCD(Video Clip ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30944 (The vulnerability was found Moodle which exists due to
insufficient sa ...)
- moodle <removed>
CVE-2023-30943 (The vulnerability was found Moodle which exists because the
applicatio ...)
@@ -7927,7 +7927,7 @@ CVE-2023-2006 (A race condition was found in the Linux
kernel's RxRPC network pr
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-439/
NOTE:
https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7)
CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable
Security ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2023-2004
REJECTED
CVE-2023-2003
@@ -8059,7 +8059,7 @@ CVE-2023-1991
CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL
before 3.6.1 ...)
- libressl <itp> (bug #754513)
CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPForms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30499
RESERVED
CVE-2023-30498
@@ -8466,7 +8466,7 @@ CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to
contain a remote code execut
CVE-2023-30348
RESERVED
CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact
Center 2.3.9, ...)
- TODO: check
+ NOT-FOR-US: Neox Contact Center
CVE-2023-30346
RESERVED
CVE-2023-30345
@@ -8642,13 +8642,13 @@ CVE-2023-30263
CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and
MIMpacs serv ...)
NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services
CVE-2023-30261 (Command Injection vulnerability in OpenWB 1.6 and 1.7 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: OpenWB
CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8
and earl ...)
- TODO: check
+ NOT-FOR-US: RaspAP
CVE-2023-30259
RESERVED
CVE-2023-30258 (Command Injection vulnerability in MagnusSolution
magnusbilling 6.x an ...)
- TODO: check
+ NOT-FOR-US: MagnusSolution magnusbilling
CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO
M6 Build ...)
NOT-FOR-US: FiiO M6
CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps
v.1.5.2 all ...)
@@ -9343,7 +9343,7 @@ CVE-2023-29932 (llvm-project commit fdbc55a5 was
discovered to contain a segment
NOTE:
https://github.com/llvm/llvm-project/commit/d35fcf0e97e7bb02381506a71e61ec282b292c50
NOTE: Negligible security impact, also see
https://llvm.org/docs/Security.html#what-is-considered-a-security-issue
CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via
/src/Illumi ...)
- TODO: check
+ NOT-FOR-US: laravel-s
CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning
TFTP Serv ...)
NOT-FOR-US: Genesys
CVE-2023-29929
@@ -9485,7 +9485,7 @@ CVE-2023-29862 (An issue found in Agasio-Camera device
version not specified all
CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a
remote att ...)
NOT-FOR-US: FLIR-DVTEL
CVE-2023-29860 (An insecure permissions in /Taier/API/tenant/listTenant
interface in D ...)
- TODO: check
+ NOT-FOR-US: Taier
CVE-2023-29859
RESERVED
CVE-2023-29858
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf92c7323e7118e80fb33a3738af7dabb02bfd9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf92c7323e7118e80fb33a3738af7dabb02bfd9c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
