[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 16 Aug 2023 04:47:12 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cb47a68e by Moritz Muehlenhoff at 2023-08-16T13:46:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -127,43 +127,43 @@ CVE-2023-40028 (Ghost is an open source content 
management system. Versions prio
 CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 
built with  ...)
        NOT-FOR-US: Keystone CMS
 CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door 
Lock v1 ...)
-       TODO: check
+       NOT-FOR-US: Suleve 5-in-1 Smart Door Lock
 CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home 
Securit ...)
-       TODO: check
+       NOT-FOR-US: Digoo DG-HAMB Smart Home Security
 CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart 
Door Lock  ...)
-       TODO: check
+       NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock
 CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: llama_index
 CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: pandas-ai
 CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: langchain-ai
 CVE-2023-39438 (A missing authorization check allows an arbitrary 
authenticated user t ...)
-       TODO: check
+       NOT-FOR-US: cla-assistant
 CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: eVotingSystem-PHP
 CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: Wolf-leo EasyAdmin8
 CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain 
sensitiv ...)
        TODO: check
 CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US:  Harrison Chase langchain
 CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to 
execute a ...)
-       TODO: check
+       NOT-FOR-US: Alluxio
 CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability 
detected  ...)
-       TODO: check
+       NOT-FOR-US: COMFAST
 CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability 
detected  ...)
-       TODO: check
+       NOT-FOR-US: COMFAST
 CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: COMFAST
 CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: COMFAST
 CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: COMFAST
 CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a 
remote a ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to 
execute ar ...)
-       TODO: check
+       NOT-FOR-US: LangChain
 CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote 
attacke ...)
        TODO: check
 CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote 
attacke ...)
@@ -183,13 +183,13 @@ CVE-2023-38851 (Buffer Overflow vulnerability in 
libxlsv.1.6.2 allows a remote a
 CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 
allows an ...)
        TODO: check
 CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a 
local atta ...)
-       TODO: check
+       NOT-FOR-US: Bitwarden
 CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual 
IntranetAccess (VI ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet 
Access (V ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 
and older, ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to 
Sensitive  ...)
        NOT-FOR-US: InfiniteWP Client plugin for WordPress
 CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
librenms/l ...)
@@ -234,7 +234,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting 
for character-set name
        [bullseye] - xterm <no-dsa> (Minor issue)
        NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
 CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A 
user ent ...)
-       TODO: check
+       NOT-FOR-US: Maxscale
 CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with 
unsaniti ...)
        NOT-FOR-US: OpenMNS
 CVE-2023-40311 (Multiple stored XSS were found on different JSP files with 
unsanitized ...)
@@ -256,7 +256,7 @@ CVE-2023-3435 (The User Activity Log WordPress plugin 
before 1.6.5 does not corr
 CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 
does n ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse 
ESET\u2019s ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does 
not proper ...)
        TODO: check
 CVE-2023-39293 (A Command Injection vulnerability has been identified in the 
MiVoice O ...)
@@ -560,7 +560,7 @@ CVE-2023-4128 (A use-after-free flaw was found in 
net/sched/cls_fw.c in classifi
        NOTE: 
https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
        NOTE: 
https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
 CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count 
bounds chec ...)
-       TODO: check
+       NOT-FOR-US: OpenBSD
 CVE-2023-39966 (1Panel is an open source Linux server operation and 
maintenance manage ...)
        NOT-FOR-US: 1Panel
 CVE-2023-39965 (1Panel is an open source Linux server operation and 
maintenance manage ...)
@@ -582,9 +582,9 @@ CVE-2023-39957 (Nextcloud Talk Android allows users to 
place video and audio cal
 CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud 
platfor ...)
        NOT-FOR-US: Notes app for NextCloud
 CVE-2023-39954 (user_oidc provides the OIDC connect user backend for 
Nextcloud, an ope ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud OIDC backend
 CVE-2023-39953 (user_oidc provides the OIDC connect user backend for 
Nextcloud, an ope ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud OIDC backend
 CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open 
source c ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection 
vulnerability v ...)
@@ -739,11 +739,11 @@ CVE-2023-36672 (An issue was discovered in the Clario VPN 
client through 5.9.1.1
 CVE-2023-36671 (An issue was discovered in the Clario VPN client through 
5.9.1.1662 fo ...)
        NOT-FOR-US: Clario VPN client
 CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures 
the operat ...)
-       TODO: check
+       NOT-FOR-US: WireGuard client on Windows
 CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might 
allow an  ...)
-       TODO: check
+       NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol
 CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol 
might allow  ...)
-       TODO: check
+       NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
 CVE-2023-32559
        - nodejs <unfixed>
        [buster] - nodejs <not-affected> (v10.x doesn't support policy 
manifests)
@@ -1415,7 +1415,7 @@ CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 
v0.4.1.1, and XAVN2001v2 v
 CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior 
to vers ...)
        NOT-FOR-US: PrestaShop
 CVE-2023-39520 (Cryptomator encrypts data being stored on cloud 
infrastructure. The MS ...)
-       TODO: check
+       NOT-FOR-US: Cryptomator
 CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum 
Virtual Ma ...)
        NOT-FOR-US: Vyer
 CVE-2023-39349 (Sentry is an error tracking and performance monitoring 
platform. Start ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to