Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb47a68e by Moritz Muehlenhoff at 2023-08-16T13:46:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -127,43 +127,43 @@ CVE-2023-40028 (Ghost is an open source content
management system. Versions prio
CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014
built with ...)
NOT-FOR-US: Keystone CMS
CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door
Lock v1 ...)
- TODO: check
+ NOT-FOR-US: Suleve 5-in-1 Smart Door Lock
CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home
Securit ...)
- TODO: check
+ NOT-FOR-US: Digoo DG-HAMB Smart Home Security
CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart
Door Lock ...)
- TODO: check
+ NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock
CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote
attacker t ...)
- TODO: check
+ NOT-FOR-US: llama_index
CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote
attacker to e ...)
- TODO: check
+ NOT-FOR-US: pandas-ai
CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows
a remot ...)
- TODO: check
+ NOT-FOR-US: langchain-ai
CVE-2023-39438 (A missing authorization check allows an arbitrary
authenticated user t ...)
- TODO: check
+ NOT-FOR-US: cla-assistant
CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: eVotingSystem-PHP
CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: Wolf-leo EasyAdmin8
CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain
sensitiv ...)
TODO: check
CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Harrison Chase langchain
CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to
execute a ...)
- TODO: check
+ NOT-FOR-US: Alluxio
CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability
detected ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability
detected ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to
execute ar ...)
- TODO: check
+ NOT-FOR-US: LangChain
CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote
attacke ...)
TODO: check
CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote
attacke ...)
@@ -183,13 +183,13 @@ CVE-2023-38851 (Buffer Overflow vulnerability in
libxlsv.1.6.2 allows a remote a
CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7
allows an ...)
TODO: check
CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a
local atta ...)
- TODO: check
+ NOT-FOR-US: Bitwarden
CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual
IntranetAccess (VI ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet
Access (V ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10
and older, ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to
Sensitive ...)
NOT-FOR-US: InfiniteWP Client plugin for WordPress
CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository
librenms/l ...)
@@ -234,7 +234,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting
for character-set name
[bullseye] - xterm <no-dsa> (Minor issue)
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A
user ent ...)
- TODO: check
+ NOT-FOR-US: Maxscale
CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with
unsaniti ...)
NOT-FOR-US: OpenMNS
CVE-2023-40311 (Multiple stored XSS were found on different JSP files with
unsanitized ...)
@@ -256,7 +256,7 @@ CVE-2023-3435 (The User Activity Log WordPress plugin
before 1.6.5 does not corr
CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse
ESET\u2019s ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does
not proper ...)
TODO: check
CVE-2023-39293 (A Command Injection vulnerability has been identified in the
MiVoice O ...)
@@ -560,7 +560,7 @@ CVE-2023-4128 (A use-after-free flaw was found in
net/sched/cls_fw.c in classifi
NOTE:
https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
NOTE:
https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count
bounds chec ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2023-39966 (1Panel is an open source Linux server operation and
maintenance manage ...)
NOT-FOR-US: 1Panel
CVE-2023-39965 (1Panel is an open source Linux server operation and
maintenance manage ...)
@@ -582,9 +582,9 @@ CVE-2023-39957 (Nextcloud Talk Android allows users to
place video and audio cal
CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud
platfor ...)
NOT-FOR-US: Notes app for NextCloud
CVE-2023-39954 (user_oidc provides the OIDC connect user backend for
Nextcloud, an ope ...)
- TODO: check
+ NOT-FOR-US: Nextcloud OIDC backend
CVE-2023-39953 (user_oidc provides the OIDC connect user backend for
Nextcloud, an ope ...)
- TODO: check
+ NOT-FOR-US: Nextcloud OIDC backend
CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection
vulnerability v ...)
@@ -739,11 +739,11 @@ CVE-2023-36672 (An issue was discovered in the Clario VPN
client through 5.9.1.1
CVE-2023-36671 (An issue was discovered in the Clario VPN client through
5.9.1.1662 fo ...)
NOT-FOR-US: Clario VPN client
CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures
the operat ...)
- TODO: check
+ NOT-FOR-US: WireGuard client on Windows
CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might
allow an ...)
- TODO: check
+ NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol
CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol
might allow ...)
- TODO: check
+ NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
CVE-2023-32559
- nodejs <unfixed>
[buster] - nodejs <not-affected> (v10.x doesn't support policy
manifests)
@@ -1415,7 +1415,7 @@ CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001
v0.4.1.1, and XAVN2001v2 v
CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior
to vers ...)
NOT-FOR-US: PrestaShop
CVE-2023-39520 (Cryptomator encrypts data being stored on cloud
infrastructure. The MS ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum
Virtual Ma ...)
NOT-FOR-US: Vyer
CVE-2023-39349 (Sentry is an error tracking and performance monitoring
platform. Start ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
