Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e004b89e by Salvatore Bonaccorso at 2023-07-26T22:47:27+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2023-3242 (Allocation of Resources Without Limits or
Throttling, Improper In
CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was
requesti ...)
TODO: check
CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py.
This resul ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw
can cause ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before
2.5.0. Thi ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before
2.5.0. ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before
2.5.0. This r ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open
redirect v ...)
NOT-FOR-US: Netdisco
CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a
cross-site scrip ...)
@@ -91,11 +91,11 @@ CVE-2023-38503 (Directus is a real-time API and App
dashboard for managing SQL d
CVE-2023-38502 (TDengine is an open source, time-series database optimized for
Interne ...)
- tdengine <itp> (bug #992514)
CVE-2023-38501 (copyparty is file server software. Prior to version 1.8.7, the
applica ...)
- TODO: check
+ NOT-FOR-US: copyparty
CVE-2023-38500 (TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP,
aiming to p ...)
- TODO: check
+ NOT-FOR-US: TYPO3 HTML Sanitizer
CVE-2023-38499 (TYPO3 is an open source PHP based web content management
system. Start ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2023-38496 (Apptainer is an open source container platform. Version
1.2.0-rc.2 int ...)
TODO: check
CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix
variables. ...)
@@ -117,7 +117,7 @@ CVE-2023-37902 (Vyper is a Pythonic programming language
that targets the Ethere
CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to
contain a re ...)
NOT-FOR-US: Pligg CMS
CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create
archive ...)
- TODO: check
+ NOT-FOR-US: Plexis Archiver
CVE-2023-37258 (DataEase is an open source data visualization analysis tool.
Prior to ...)
TODO: check
CVE-2023-37257 (DataEase is an open source data visualization analysis tool.
Prior to ...)
@@ -125,7 +125,7 @@ CVE-2023-37257 (DataEase is an open source data
visualization analysis tool. Pri
CVE-2023-36826 (Sentry is an error tracking and performance monitoring
platform. Start ...)
TODO: check
CVE-2023-36806 (Contao is an open source content management system. Starting
in versio ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Max F ...)
NOT-FOR-US: WordPress plugin
CVE-2023-36502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -149,27 +149,27 @@ CVE-2023-35942 (Envoy is an open source edge and service
proxy designed for clou
CVE-2023-35941 (Envoy is an open source edge and service proxy designed for
cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2023-35929 (Tuleap is a free and open source suite to improve management
of softwa ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2023-35043 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Neha Goel R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34798 (An arbitrary file upload vulnerability in eoffice before v9.5
allows a ...)
- TODO: check
+ NOT-FOR-US: eoffice
CVE-2023-34369 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34235 (Strapi is an open-source headless content management system.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-34093 (Strapi is an open-source headless content management system.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-34017 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FiveStar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33925 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
PluginFo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32629 (Local privilege escalation vulnerability in Ubuntu Kernels
overlayfs o ...)
TODO: check
CVE-2023-32468 (Dell ECS Streamer, versions prior to 2.0.7.1, contain an
insertion of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket Hijacking
vulnerability d ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU:
SAUCE: overl ...)
TODO: check
CVE-2023-2626 (There exists an authentication bypass vulnerability in
OpenThread bord ...)
@@ -22670,7 +22670,7 @@ CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging)
< 6.21.5 is vulnerable to
CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm
thru commi ...)
NOT-FOR-US: S-mall-ssm
CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0
contain ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-26910
RESERVED
CVE-2023-26909
@@ -22774,7 +22774,7 @@ CVE-2023-26861 (SQL injection vulnerability found in
PrestaShop vivawallet v.1.7
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget
v.1.0.3 and b ...)
NOT-FOR-US: PrestaShop Igbudget
CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue
v.4.0.15 an ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6
allows a r ...)
NOT-FOR-US: prestashop
CVE-2023-26857 (An arbitrary file upload vulnerability in
/admin/ajax.php?action=save_ ...)
@@ -31615,11 +31615,11 @@ CVE-2023-23846 (Due to insufficient length validation
in the Open5GS GTP library
CVE-2023-23845
RESERVED
CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect
Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect
Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible
to the Di ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing
or updat ...)
NOT-FOR-US: SolarWinds
CVE-2023-23840
@@ -31671,7 +31671,7 @@ CVE-2023-23835 (A vulnerability has been identified in
Mendix Applications using
CVE-2023-23834
RESERVED
CVE-2023-23833 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Steve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in TC Ul ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -38994,7 +38994,7 @@ CVE-2022-4610 (A vulnerability, which was classified as
problematic, has been fo
CVE-2022-4609 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4608 (A vulnerability exists in HCI IEC 60870-5-104 function included
in cer ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-4262 (A vulnerability classified as critical was found in
laravel-jqgrid. Af ...)
NOT-FOR-US: laravel-jqgrid.
CVE-2021-4261 (A vulnerability classified as critical has been found in
pacman-canvas ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e004b89ed6d127a13b49223229a886720efdef14
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e004b89ed6d127a13b49223229a886720efdef14
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
