Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c05a9fa7 by Moritz Muehlenhoff at 2023-06-23T14:53:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email
claim. On ...)
- TODO: check
+ - grafana <removed>
CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement
author ...)
- TODO: check
+ NOT-FOR-US: Terraform Enterprise
CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer
overflow via t ...)
TODO: check
CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow
via the ...)
@@ -9,31 +9,31 @@ CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a
heap buffer overflow v
CVE-2023-36191 (sqlite3 v3.40.1 was discovered to contain a segmentation
violation at ...)
TODO: check
CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME
Server before ...)
- TODO: check
+ NOT-FOR-US: Safe Software FME Server
CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL
blocked h ...)
- TODO: check
+ - moodle <removed>
CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO
access con ...)
- TODO: check
+ - moodle <removed>
CVE-2023-35131 (Content on the groups page required additional sanitizing to
prevent a ...)
- TODO: check
+ - moodle <removed>
CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: WAFU Keyless Smart Lock
CVE-2023-34462 (Netty is an asynchronous event-driven network application
framework fo ...)
TODO: check
CVE-2023-34110 (Flask-AppBuilder is an application development framework,
built on top ...)
TODO: check
CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below
7.2.1, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service
Vulnerability)
- TODO: check
+ NOT-FOR-US: Yet Another Reverse Proxy
CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper
certificat ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a
denial-of-servic ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a
self-hosted ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to
0.91.0) was ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with
the pa ...)
TODO: check
CVE-2023-3256 (Advantech R-SeeNet versions 2.4.22 allows low-level users to
access ...)
@@ -76,7 +76,7 @@ CVE-2023-36239 (libming listswf 0.4.7 was discovered to
contain a buffer overflo
- ming <removed>
NOTE: https://github.com/libming/libming/issues/273
CVE-2023-36097 (funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file
upload via ...)
- TODO: check
+ NOT-FOR-US: funadmin
CVE-2023-36093 (There is a storage type cross site scripting (XSS)
vulnerability in th ...)
NOT-FOR-US: EyouCMS
CVE-2023-35926 (Backstage is an open platform for building developer portals.
The Back ...)
@@ -86,7 +86,7 @@ CVE-2023-35918 (Unauth. Reflected Cross-Site Scripting (XSS)
vulnerability in Wo
CVE-2023-35917 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
PayPal ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35174 (Livebook is a web application for writing interactive and
collaborativ ...)
- TODO: check
+ NOT-FOR-US: Livebook
CVE-2023-35093 (Broken Access Control vulnerability in StylemixThemes
MasterStudy LMS ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -94,13 +94,13 @@ CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-34939 (Onlyoffice Community Server before v12.5.2 was discovered to
contain a ...)
NOT-FOR-US: Onlyoffice Community Server
CVE-2023-34927 (Casdoor v1.331.0 and below was discovered to contain a
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Casdoor
CVE-2023-34923 (XML Signature Wrapping (XSW) in SAML-based Single Sign-on
feature in T ...)
NOT-FOR-US: TOPdesk
CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in
dmarcts-report-viewer dashb ...)
- TODO: check
+ NOT-FOR-US: dmarcts-report-viewer
CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Jeesite
CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kanb ...)
NOT-FOR-US: WordPress plugin
CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP O ...)
@@ -118,27 +118,27 @@ CVE-2023-33323 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-32960 (Cross-Site Request Forgery (CSRF) vulnerability in
UpdraftPlus.Com, Da ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32571 (Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Dynamic Linq
CVE-2023-32239 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
NOT-FOR-US: WordPress theme
CVE-2023-31868 (Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site
Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2023-31867 (Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2023-2991 (Fortra Globalscape EFT's administration server suffers from an
informa ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2990 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from a
denial o ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2989 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from an
out of ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2611 (Advantech R-SeeNet versions 2.4.22 is installed with a
hidden root- ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: jmarsden/jsonij
CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4,
and 18.5 r ...)
NOT-FOR-US: IBM
CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open
Redirect.)
- TODO: check
+ NOT-FOR-US: Blogengine.net
CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper
verification ...)
NOT-FOR-US: Dell
CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro
for Woo ...)
@@ -777,9 +777,9 @@ CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0
allows attackers to ca
CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to
cause a ...)
NOT-FOR-US: JSONUtil
CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to
cause a de ...)
- TODO: check
+ NOT-FOR-US: sojo
CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: ph-json
CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to
cause a d ...)
TODO: check
CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers
to cause ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05a9fa74c9bb70cf0ce343d6a49b03cb8d54705
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05a9fa74c9bb70cf0ce343d6a49b03cb8d54705
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
