Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7dccd943 by Moritz Muehlenhoff at 2023-06-16T11:04:46+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.2 ...)
TODO: check
CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: MOVEit
CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file
upload vuln ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2023-34800 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a
command in ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-34797 (Broken access control in the Registration page
(/Registration.aspx) of ...)
- TODO: check
+ NOT-FOR-US: Termenos CWX
CVE-2023-34165 (Unauthorized access vulnerability in the Save for later
feature provid ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-34157 (Vulnerability of HwWatchHealth being hijacked.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-34154 (Vulnerability of undefined permissions in HUAWEI VR screen
projection. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-32754 (Thinking Software Efence login function has insufficient
validation fo ...)
- TODO: check
+ NOT-FOR-US: Thinking Software Efence
CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict
upload of ...)
- TODO: check
+ NOT-FOR-US: OMICARD
CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s
file uploa ...)
- TODO: check
+ NOT-FOR-US: L7 Networks InstantScan
CVE-2023-32028 (Microsoft OLE DB Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to
bypass ...)
TODO: check
CVE-2023-2728
@@ -39,7 +39,7 @@ CVE-2023-2727
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
CVE-2023-3276 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Dromara HuTool
CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul
Rail Pa ...)
NOT-FOR-US: PHPGurukul Rail Pass Management System
CVE-2023-3274 (A vulnerability classified as critical has been found in
code-projects ...)
@@ -55,25 +55,25 @@ CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in
Phpgurukul Cyber Caf
CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users"
function.)
- piwigo <removed>
CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to
use of ...)
- TODO: check
+ NOT-FOR-US: snappy-java
CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to
uncheck ...)
- TODO: check
+ NOT-FOR-US: snappy-java
CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to
uncheck ...)
- TODO: check
+ NOT-FOR-US: snappy-java
CVE-2023-34242 (Cilium is a networking, observability, and security solution
with an e ...)
- cilium <itp> (bug #858303)
CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of
STARFACE as we ...)
- TODO: check
+ NOT-FOR-US: STARFACE
CVE-2023-32229 (Due to an error in the software interface to the secure
element chip o ...)
NOT-FOR-US: Bosch
CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume
sell" (aili ...)
NOT-FOR-US: PrestaShop
CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE)
for encr ...)
- TODO: check
+ NOT-FOR-US: silabs SGDK
CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in
Silicon La ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Gecko SDK
CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through
5.1.1 allo ...)
- TODO: check
+ NOT-FOR-US: silabs Bluetooth SDK
CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
- rust-sequoia-openpgp 1.16.0-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html
@@ -96,17 +96,17 @@ CVE-2023-35029 (Open redirect vulnerability in the Layout
module's SEO configura
CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in
the "Creat ...)
- netbox <itp> (bug #1017079)
CVE-2023-34452 (Grav is a flat-file content management system. In versions
1.7.42 and ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-34449 (ink! is an embedded domain specific language to write smart
contracts ...)
- TODO: check
+ NOT-FOR-US: ink!
CVE-2023-34448 (Grav is a flat-file content management system. Prior to
version 1.7.42 ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-34253 (Grav is a flat-file content management system. Prior to
version 1.7.42 ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-34252 (Grav is a flat-file content management system. Prior to
version 1.7.42 ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-34251 (Grav is a flat-file content management system. Versions prior
to 1.7.4 ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site
Scriptin ...)
NOT-FOR-US: SoftExpert Excellence Suite
CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100
router ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dccd943c0a99b648b60f8ff1cb0fc09bba8b63a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dccd943c0a99b648b60f8ff1cb0fc09bba8b63a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
