Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7a9ff94 by Moritz Mühlenhoff at 2023-08-04T16:34:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2023-4139 (The WP Ultimate CSV Importer plugin for
WordPress is vulnerable t
CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in
Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2023-39343 (Sulu is an open-source PHP content management system based on
the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2023-38991 (An issue in the delete function in the ActModelController
class of jee ...)
NOT-FOR-US: jeesite
CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows
unauthenticate ...)
@@ -21,7 +21,7 @@ CVE-2023-38950 (A path traversal vulnerability in the iclock
API of ZKTeco BioTi
CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows
unauthenticat ...)
NOT-FOR-US: ZKTeco BioTime
CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote
command ex ...)
- TODO: check
+ NOT-FOR-US: django-sspanel
CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management
Platform: PIM, ...)
NOT-FOR-US: Pimcore
CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain
field o ...)
@@ -45,7 +45,7 @@ CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0,
lack of verificati
CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to
Cross Site ...)
NOT-FOR-US: PHPJabbers
CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the
"theme" par ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Class Scheduling System
CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling
System v1. ...)
NOT-FOR-US: PHPJabbers
CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of
verification when ...)
@@ -57,7 +57,7 @@ CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0
is vulnerable to I
CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to
Incorrec ...)
NOT-FOR-US: PHPJabbers
CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: ai-dev aitable
CVE-2023-38497 [Cargo does not respect umask when extracting packages]
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -99,7 +99,7 @@ CVE-2023-4120 (A vulnerability was found in Beijing Baichuo
Smart S85F Managemen
CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and
classified as pr ...)
NOT-FOR-US: Academy LMS
CVE-2023-4118 (A vulnerability, which was classified as problematic, was found
in Cut ...)
- TODO: check
+ NOT-FOR-US: Cute HTTP File Server
CVE-2023-4117 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: PHP Jabbers Rental Property Booking
CVE-2023-4116 (A vulnerability classified as problematic was found in PHP
Jabbers Tax ...)
@@ -119,47 +119,47 @@ CVE-2023-4110 (A vulnerability has been found in PHP
Jabbers Availability Bookin
CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all
versions start ...)
TODO: check
CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that
stems fr ...)
- TODO: check
+ NOT-FOR-US: odoh-rs Rust crate
CVE-2023-3749 (A local user could edit the VideoEdge configuration file and
interfere ...)
- TODO: check
+ NOT-FOR-US: VideoEdge
CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System
prior t ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and
before 3.5.1 ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior
to 3.5. ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3348 (The Wrangler command line tool (<[email protected]) was affected
by a di ...)
TODO: check
CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SpiderControl SCADA Webserver
CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while
handling data ...)
- qemu <unfixed>
NOTE: Introduced by:
https://gitlab.com/qemu-project/qemu/-/commit/04b9b37edda85964cca033a48dcc0298036782f2
(v2.8.0-rc0)
NOTE: Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-08/msg00401.html
CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was
discovered to s ...)
- TODO: check
+ NOT-FOR-US: Element55
CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation
violatio ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation
violatio ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: WebBoss.io CMS
CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: WebBoss.io CMS
CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions
283C35202R ...)
- TODO: check
+ NOT-FOR-US: Renault
CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows
unauthen ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1
allows u ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers
to obtain ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38948 (An arbitrary file download vulnerability in the
/c/PluginsController.p ...)
TODO: check
CVE-2023-38947 (An arbitrary file upload vulnerability in the
/languages/install.php c ...)
@@ -179,35 +179,35 @@ CVE-2023-38744 (Denial-of-service (DoS) vulnerability due
to improper validation
CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen
Mirth Connec ...)
TODO: check
CVE-2023-37559 (After successful authentication as a user in multiple Codesys
products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37558 (After successful authentication as a user in multiple Codesys
products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37557 (After successful authentication as a user in multiple Codesys
products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37556 (In multiple versions of multiple Codesys products, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37555 (In multiple versions of multiple Codesys products, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37554 (In multiple versions of multiple Codesys products, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37553 (In multiple versions of multiple Codesys products, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37552 (In multiple versions of multiple Codesys products, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37551 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37550 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37549 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37548 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37547 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37546 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37545 (In multiple Codesys products in multiple versions, after
successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML
protocol adapt ...)
TODO: check
CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote
attacke ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a9ff94959d66c65beac21fcf8f6e213dcc8d97
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a9ff94959d66c65beac21fcf8f6e213dcc8d97
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
