Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e68cbe93 by Moritz Mühlenhoff at 2023-08-02T09:08:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-3301 [net: triggerable assertion due to race condition
in hot-unplug]
CVE-2023-3718 (An authenticated command injection vulnerability exists in the
AOS-CX ...)
NOT-FOR-US: Aruba
CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Uvdesk
CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request
Forgery ...)
NOT-FOR-US: rConfig
CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request
Forgery ...)
@@ -23,21 +23,21 @@ CVE-2023-38559 (A buffer overflow flaw was found in
base/gdevdevn.c:1973 in devn
CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a
low entrop ...)
NOT-FOR-US: RWS WorldServer
CVE-2023-37478 (pnpm is a package manager. It is possible to construct a
tarball that, ...)
- TODO: check
+ NOT-FOR-US: pnpm
CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site
Scripting ...)
NOT-FOR-US: Barebones CMS
CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered
to contai ...)
NOT-FOR-US: MotoCMS
CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution
because .NE ...)
- TODO: check
+ NOT-FOR-US: Greenshot
CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in
mulicas ...)
- TODO: check
+ NOT-FOR-US: EZVIZ
CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in
netClientSetW ...)
- TODO: check
+ NOT-FOR-US: EZVIZ
CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Prestashop addon
CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers
Silverstripe C ...)
- TODO: check
+ NOT-FOR-US: Silverstripe Framework
CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and
AX21(US)_V3.6_1.1. ...)
NOT-FOR-US: TP-Link
CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs
showed e ...)
@@ -32518,7 +32518,7 @@ CVE-2023-23775
CVE-2023-23549
RESERVED
CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8,
<2.1.0p32, ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated
attacker ...)
- check-mk <removed>
CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk
versions < ...)
@@ -53091,7 +53091,7 @@ CVE-2023-20585
CVE-2023-20584
RESERVED
CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors
may all ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20582
RESERVED
CVE-2023-20581
@@ -65122,9 +65122,9 @@ CVE-2022-39989 (An issue was discovered in Fighting
Cock Information System 1.0,
CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0
allows ...)
- centreon-web <itp> (bug #913903)
CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2
allows an ...)
- TODO: check
+ NOT-FOR-US: RaspAP
CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7
allows un ...)
- TODO: check
+ NOT-FOR-US: RaspAP
CVE-2022-39985
RESERVED
CVE-2022-39984
@@ -160540,9 +160540,9 @@ CVE-2021-31683
CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM
web appli ...)
NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3
allows attac ...)
- TODO: check
+ NOT-FOR-US: yolo
CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5
allows attac ...)
- TODO: check
+ NOT-FOR-US: yolo
CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
NOT-FOR-US: PESCMS Team
CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
@@ -160600,7 +160600,7 @@ CVE-2021-31653
CVE-2021-31652
RESERVED
CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3
allows r ...)
- TODO: check
+ NOT-FOR-US: neofarg-cms
CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading
System ...)
NOT-FOR-US: Sourcecodester Online Grading System
CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a
deserializat ...)
@@ -216409,7 +216409,7 @@ CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise
Series 2.4 and UniBox Camp
CVE-2020-21882
RESERVED
CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php
in DuxCMS ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2020-21880
RESERVED
CVE-2020-21879
@@ -216901,7 +216901,7 @@ CVE-2020-21664
CVE-2020-21663
RESERVED
CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: yunyecms
CVE-2020-21661
RESERVED
CVE-2020-21660
@@ -243997,7 +243997,7 @@ CVE-2020-10964 (Serendipity before 2.3.4 on Windows
allows remote attackers to e
CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows
unrestricted fi ...)
NOT-FOR-US: FrozenNode Laravel-Administrator
CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit)
through ...)
- TODO: check
+ NOT-FOR-US: PSAppDeployToolkit
CVE-2020-10961
RESERVED
CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading
Style Shee ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e68cbe93062029f4f36b6297612899dbe03f27bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e68cbe93062029f4f36b6297612899dbe03f27bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
