Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
099b08da by Salvatore Bonaccorso at 2023-08-24T10:40:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark
4.0.0 to 4.0.7 and 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html
CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series
(ioLogik E4 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2023-4229 (A vulnerability has been identified in ioLogik 4000 Series
(ioLogik E4 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2023-4228 (A vulnerability has been identified in ioLogik 4000 Series
(ioLogik E4 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2023-4227 (A vulnerability has been identified in the ioLogik 4000 Series
(ioLogi ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2023-4042 (A flaw was found in ghostscript. The fix for CVE-2020-16305 in
ghostsc ...)
TODO: check
CVE-2023-41126
@@ -31,13 +31,13 @@ CVE-2023-41123
CVE-2023-41122
REJECTED
CVE-2023-41028 (A stack-based buffer overflow exists in Juplink RX4-1500, a
WiFi route ...)
- TODO: check
+ NOT-FOR-US: Juplink router
CVE-2023-40612 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2,
the file e ...)
- TODO: check
+ NOT-FOR-US: OpenMNS
CVE-2023-40573 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-40572 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-40273 (The session fixation vulnerability allowed the authenticated
user to c ...)
TODO: check
CVE-2023-40270
@@ -47,19 +47,19 @@ CVE-2023-40185 (shescape is simple shell escape library for
JavaScript. This may
CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks
that runs ...)
TODO: check
CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2023-40035 (Craft is a CMS for creating custom digital experiences on the
web and ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-40025 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-3705 (The vulnerability exists in CP-Plus NVR due to an improper
input handl ...)
- TODO: check
+ NOT-FOR-US: CP-Plus NVR
CVE-2023-3704 (The vulnerability exists in CP-Plus DVR due to an improper
input valid ...)
- TODO: check
+ NOT-FOR-US: CP-Plus DVR
CVE-2023-3453 (ETIC Telecom RAS versions 4.7.0 and prior the web management
portal au ...)
- TODO: check
+ NOT-FOR-US: ETIC Telecom RAS
CVE-2023-39583
REJECTED
CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP
Provide ...)
@@ -67,31 +67,31 @@ CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0,
Apache Airflow IMAP P
CVE-2023-38831 (RARLabs WinRAR before 6.23 allows attackers to execute
arbitrary code ...)
TODO: check
CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are
missing authe ...)
- TODO: check
+ NOT-FOR-US: Walchem Intuition 9 firmware
CVE-2023-37379 (Apache Airflow, in versions prior to 2.7.0, contains a
security vulner ...)
TODO: check
CVE-2023-36317 (Cross Site Scripting (XSS) vulnerability in sourcecodester
Student Stu ...)
- TODO: check
+ NOT-FOR-US: sourcecodester Student Study Center Desk Management System
CVE-2023-32509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Rolf van ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32505 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Arsh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Tony Zeo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32498 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Easy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32497 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Supe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bill ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32300 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Yoast Yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32202 (Walchem Intuition 9 firmware versions prior to v4.21 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Walchem Intuition 9 firmware
CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPO365 | ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3893
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/099b08da099d4f0e3b81a408cdd99aa6993fdea4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/099b08da099d4f0e3b81a408cdd99aa6993fdea4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
