Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
53c37299 by Salvatore Bonaccorso at 2023-08-25T22:51:42+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,9 +64,9 @@ CVE-2023-40022 (Rizin is a UNIX-like reverse engineering
framework and command-l
CVE-2023-40017 (GeoNode is an open source platform that facilitates the
creation, shar ...)
TODO: check
CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below
23.8.12892.6 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below
23.6.12695. ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault
via the c ...)
TODO: check
CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and
Open Sou ...)
@@ -80,7 +80,7 @@ CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a
cross-site scriptin
CVE-2023-39521 (Tuleap is an open source suite to improve management of
software devel ...)
TODO: check
CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Cloud Explorer Lite
CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit
Category ...)
TODO: check
CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add
Tag funct ...)
@@ -90,7 +90,7 @@ CVE-2023-38508 (Tuleap is an open source suite to improve
management of software
CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a
bypass of ...)
TODO: check
CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to
version 0.4.4 ...)
- TODO: check
+ NOT-FOR-US: CasaOS
CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that
accepts malici ...)
TODO: check
CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an
attacke ...)
@@ -98,41 +98,41 @@ CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0
and below allows an a
CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet
v.1.9.0 allows ...)
TODO: check
CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not
restrict ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force file uploading function
CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability
within ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force
CVE-2023-32755 (e-Excellence U-Office Force generates an error message in
webiste serv ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force
CVE-2023-32678 (Zulip is an open-source team collaboration tool with
topic-based threa ...)
TODO: check
CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RedNao D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
A. R. Jo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wolf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pala ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Clou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in John ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eji ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting')
vulnerability in Pla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in PI W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ono Ooga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct
Object Refe ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions
0.17.1 and 0 ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before
3.9.18, ...)
- python3.12 <unfixed>
- python3.11 3.11.5-1
@@ -29423,7 +29423,7 @@ CVE-2023-25983
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25980
RESERVED
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Vide ...)
@@ -29805,7 +29805,7 @@ CVE-2023-25850
CVE-2023-25849
RESERVED
CVE-2023-25848 (ArcGIS Enterprise Server versions 11.0 and below have an
information d ...)
- TODO: check
+ NOT-FOR-US: ArcGIS Enterprise Server
CVE-2023-25847
RESERVED
CVE-2023-25846
@@ -30695,7 +30695,7 @@ CVE-2023-25651
CVE-2023-25650
RESERVED
CVE-2023-25649 (There is a command injection vulnerability in a mobile
internet produc ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25648
RESERVED
CVE-2023-25647 (There is a permission and access control vulnerability in some
ZTE mob ...)
@@ -33572,9 +33572,9 @@ CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF
because [::] is equivalent
CVE-2023-24622 (isInList in the safeurl-python package before 1.2 for Python
has an in ...)
NOT-FOR-US: safeurl-python
CVE-2023-24621 (An issue was discovered in Esoteric YamlBeans through 1.15. It
allows ...)
- TODO: check
+ NOT-FOR-US: Esoteric YamlBeans
CVE-2023-24620 (An issue was discovered in Esoteric YamlBeans through 1.15. A
crafted ...)
- TODO: check
+ NOT-FOR-US: Esoteric YamlBeans
CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials.
The impor ...)
NOT-FOR-US: Redpanda
CVE-2023-24618
@@ -34542,7 +34542,7 @@ CVE-2023-24396 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott
Paterson Cont ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24394 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Sk. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
@@ -245769,7 +245769,7 @@ CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in
wc_ecc_mulmod_ex in ecc.c that
CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u
and the fi ...)
NOT-FOR-US: Open Upload
CVE-2020-11711 (An issue was discovered in Stormshield SNS 3.8.0.
Authenticated Stored ...)
- TODO: check
+ NOT-FOR-US: Stormshield SNS
CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through
2.0.3. The a ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters
passed in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53c3729993301cb835c9b6ed9e58ec1030e8609f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53c3729993301cb835c9b6ed9e58ec1030e8609f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
