Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ce84d43 by Moritz Muehlenhoff at 2023-06-19T17:55:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2023-3310 (A vulnerability, which was classified as
critical, has been found
CVE-2023-3309 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Resort Reservation System
CVE-2023-3308 (A vulnerability classified as problematic has been found in
whaleal Ic ...)
- TODO: check
+ NOT-FOR-US: whaleal IceFrog
CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated
as criti ...)
- TODO: check
+ NOT-FOR-US: miniCal
CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes
to the D ...)
TODO: check
CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function
coap_parse_ ...)
@@ -17,25 +17,25 @@ CVE-2023-35857 (In Siren Investigate before 13.2.2, session
keys remain active e
CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01,
RMCJ01, a ...)
NOT-FOR-US: Nintendo Mario Kart Wii
CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game
server ...)
- TODO: check
+ NOT-FOR-US: Counter-Strike
CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an
external sourc ...)
TODO: check
CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who
controls an ...)
TODO: check
CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not
properly c ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2023-35848 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks
certain size ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2023-35847 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not
have an MS ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2023-35846 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not
check the ...)
- TODO: check
+ NOT-FOR-US: picoTCP
CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has
insecure ...)
- TODO: check
+ NOT-FOR-US: Lightdash
CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in
elFinder befor ...)
- TODO: check
+ NOT-FOR-US: elFinder
CVE-2023-35839 (Solon before 2.3.3 allows Deserialization of Untrusted Data.)
- TODO: check
+ NOT-FOR-US: Solon
CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
- linux 6.3.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -51,23 +51,23 @@ CVE-2023-34603 (JeecgBoot up to v 3.5.1 was discovered to
contain a SQL injectio
CVE-2023-34602 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL
injection vuln ...)
NOT-FOR-US: JeecgBoot
CVE-2023-32542 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0
and TELLUS ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32538 (Stack-based buffer overflow vulnerability exists in TELLUS
v4.0.15.0 a ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32288 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0
and TELLUS ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32276 (Stack-based buffer overflow vulnerability exists in TELLUS
v4.0.15.0 a ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32273 (Stack-based buffer overflow vulnerability exists in TELLUS
v4.0.15.0 a ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32270 (Access of memory location after end of buffer issue exists in
TELLUS v ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS
v4.0.15.0 a ...)
- TODO: check
+ NOT-FOR-US: TELLUS
CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server
v4.0.15.0 and V- ...)
TODO: check
CVE-2023-30759 (The driver installation package created by Printer Driver
Packager NX ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
- linux 6.3.7-1 (unimportant)
NOTE:
https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)
@@ -123,19 +123,19 @@ CVE-2023-35789 (An issue was discovered in the C AMQP
client library (aka rabbit
NOTE: https://github.com/alanxz/rabbitmq-c/issues/575
NOTE:
https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0
CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract
development. St ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters
Kluwer Te ...)
NOT-FOR-US: Wolters Kluwer TeamMate+
CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository
saleor/react-sto ...)
- TODO: check
+ NOT-FOR-US: saleor/react-storefront
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
- TODO: check
+ NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c ...)
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE:
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
CVE-2023-35784 (A double free or use after free could occur after SSL_clear in
OpenBSD ...)
- TODO: check
+ - libressl <itp> (bug #754513)
CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3,
4.1.x throu ...)
NOT-FOR-US: Typo3 extension
CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3
allows SQL ...)
@@ -143,13 +143,13 @@ CVE-2023-35782 (The ipandlanguageredirect extension
before 5.1.2 for TYPO3 allow
CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain
a buffer ...)
NOT-FOR-US: TP-Link
CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of
uninitial ...)
- TODO: check
+ NOT-FOR-US: xlsxio
CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media
Infotain ...)
NOT-FOR-US: Volkswagen Discover Media Infotainment System Software
CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload
in /jeecg ...)
- TODO: check
+ NOT-FOR-US: jjeecg-boot
CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability
the id p ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.)
NOT-FOR-US: jfinal CMS
CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to
SQL Injec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ce84d4386ac537e8f7586086de51f6e1bf16229
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ce84d4386ac537e8f7586086de51f6e1bf16229
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
