Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bdc32c7 by Moritz Muehlenhoff at 2023-07-27T10:29:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,93 +1,93 @@
CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable
to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3451
REJECTED
CVE-2023-38611 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38608 (The issue was addressed with additional permissions checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38606 (This issue was addressed with improved state management. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38603 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38602 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38600 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38597 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38595 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38594 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38580 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38572 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38565 (A path handling issue was addressed with improved validation.
This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38564 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38425 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38424 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38421 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38410 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient
Algorithmic Co ...)
TODO: check
CVE-2023-38261 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38259 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38258 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38136 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38133 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in
/libyasm ...)
TODO: check
CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4
allows at ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-36854 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35993 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35983 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32734 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper
Access C ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32443 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32442 (An access issue was addressed with improved access
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32441 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32437 (The issue was addressed with improvements to the file handling
protoco ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32433 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32429 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32418 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32416 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32381 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32364 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform
that al ...)
NOT-FOR-US: SolarWinds
CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper
Initial ...)
@@ -143,7 +143,7 @@ CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and
earlier does not sani
CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress
CVE-2023-3946 (A reflected cross-site scripting (XSS) vulnerability in ePO
prior to 5 ...)
- TODO: check
+ NOT-FOR-US: ePO
CVE-2023-3945 (A vulnerability was found in phpscriptpoint Lawyer 1.6. It has
been cl ...)
NOT-FOR-US: phpscriptpoint
CVE-2023-3944 (A vulnerability was found in phpscriptpoint Lawyer 1.6 and
classified ...)
@@ -153,7 +153,7 @@ CVE-2023-3897 (Username enumeration is possible through
Bypassing CAPTCHA in On-
CVE-2023-3890 (A vulnerability classified as problematic has been found in
Campcodes ...)
NOT-FOR-US: Campcodes Beauty Salon Management System
CVE-2023-3548 (An unauthorized user could gain account access to IQ Wifi 6
versions p ...)
- TODO: check
+ NOT-FOR-US: IQ Wifi
CVE-2023-3486 (An authentication bypass exists in PaperCut NG versions 22.0.12
and pr ...)
NOT-FOR-US: PaperCut NG
CVE-2023-39175 (In JetBrains TeamCity before 2023.05.2 reflected XSS via
GitHub integr ...)
@@ -191,7 +191,7 @@ CVE-2023-38496 (Apptainer is an open source container
platform. Version 1.2.0-rc
NOTE:
https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx
NOTE: Specific to Apptainer and not in singularity-container
CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix
variables. ...)
- TODO: check
+ NOT-FOR-US: Armeria
CVE-2023-38435 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Apache Felix Healthcheck Webconsole Plugin
CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use
hard-coded c ...)
@@ -201,9 +201,9 @@ CVE-2023-37920 (Certifi is a curated collection of Root
Certificates for validat
NOTE:
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
NOTE: Debian's python-certifi is patched to return the location of
Debian-provided CA certificates
CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability
allows act ...)
- TODO: check
+ NOT-FOR-US: Cal.com
CVE-2023-37907 (Cryptomator is data encryption software for users who store
their file ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2023-37902 (Vyper is a Pythonic programming language that targets the
Ethereum Vir ...)
NOT-FOR-US: Vyper
CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to
contain a re ...)
@@ -211,11 +211,11 @@ CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi)
was discovered to contai
CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create
archive ...)
NOT-FOR-US: Plexis Archiver
CVE-2023-37258 (DataEase is an open source data visualization analysis tool.
Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-37257 (DataEase is an open source data visualization analysis tool.
Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-36826 (Sentry is an error tracking and performance monitoring
platform. Start ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2023-36806 (Contao is an open source content management system. Starting
in versio ...)
NOT-FOR-US: Contao CMS
CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Max F ...)
@@ -265,7 +265,7 @@ CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket
Hijacking vulnerabil
CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU:
SAUCE: overl ...)
TODO: check
CVE-2023-2626 (There exists an authentication bypass vulnerability in
OpenThread bord ...)
- TODO: check
+ NOT-FOR-US: OpenThread
CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for
transform ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -10207,7 +10207,7 @@ CVE-2023-30951
CVE-2023-30950
RESERVED
CVE-2023-30949 (A missing origin validation in Slate sandbox could be
exploited by a m ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted
in the ...)
NOT-FOR-US: Palantir
CVE-2023-30947
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdc32c7ab834fa689c0113c2d1d56516dc5d629
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdc32c7ab834fa689c0113c2d1d56516dc5d629
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
