Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 539aaf27 by Moritz Muehlenhoff at 2023-08-29T15:13:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -17,11 +17,11 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is a CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) TODO: check CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) - TODO: check + NOT-FOR-US: Pagekit CMS CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) - TODO: check + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) - TODO: check + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) TODO: check CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) @@ -31,23 +31,23 @@ CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacke CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) TODO: check CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: PerfreeBlog CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) - TODO: check + - ming <removed> CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) TODO: check CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...) - TODO: check + NOT-FOR-US: Theme Volty CMS Blog CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...) TODO: check CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...) - TODO: check + NOT-FOR-US: Badaso CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) - TODO: check + NOT-FOR-US: TechView CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53 ...) - TODO: check + NOT-FOR-US: TechView CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) @@ -113,31 +113,31 @@ CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL ...) - TODO: check + NOT-FOR-US: theme volty tvcmsvideotab CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...) - TODO: check + NOT-FOR-US: Zenario CMS CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...) TODO: check CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection vulnerability via ...) - TODO: check + NOT-FOR-US: ECTouch v2 CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) - TODO: check + NOT-FOR-US: Spinnaker CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 al ...) - TODO: check + NOT-FOR-US: Spipu HTML2PDF CVE-2023-38289 REJECTED CVE-2023-38288 REJECTED CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA byp ...) - TODO: check + NOT-FOR-US: Zoho CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...) - TODO: check + NOT-FOR-US: Slive CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki ...) - TODO: check + NOT-FOR-US: glb Meetup Tag Extension CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ...) - TODO: check + NOT-FOR-US: nikooo777 ckSurf CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: Omeka S CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...) @@ -16141,7 +16141,7 @@ CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1) NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2) CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate ...) - TODO: check + NOT-FOR-US: SIMULIA CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...) NOT-FOR-US: 3ds CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...) @@ -16215,7 +16215,7 @@ CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1) NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Serv ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 @@ -29322,7 +29322,7 @@ CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unaut CVE-2023-26096 RESERVED CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6 ...) - TODO: check + NOT-FOR-US: Stormshield Network Security CVE-2023-26094 RESERVED CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injection, ...) @@ -47179,7 +47179,7 @@ CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows X CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open re ...) NOT-FOR-US: SquaredUp Dashboard Server CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If ...) - TODO: check + NOT-FOR-US: Stormshield SSL VPN Client CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A ...) NOT-FOR-US: Stormshield SSL VPN Client CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) @@ -207932,7 +207932,7 @@ CVE-2020-27368 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A CVE-2020-27367 RESERVED CVE-2020-27366 (Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Huma ...) - TODO: check + NOT-FOR-US: Humax CVE-2020-27365 RESERVED CVE-2020-27364 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539aaf2738ebd846a4d81692ea0be8e1f6240917 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539aaf2738ebd846a4d81692ea0be8e1f6240917 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits