Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
539aaf27 by Moritz Muehlenhoff at 2023-08-29T15:13:57+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,11 +17,11 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR
through 9.0. There is a
CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0.
bgpd/bgp_packet. ...)
TODO: check
CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker
to execut ...)
- TODO: check
+ NOT-FOR-US: Pagekit CMS
CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community
ric-plt-lib- ...)
- TODO: check
+ NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr
CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community
ric-plt-lib- ...)
- TODO: check
+ NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr
CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2
allows a remo ...)
TODO: check
CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote
attacker to o ...)
@@ -31,23 +31,23 @@ CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before
allows a remote attacke
CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote
attacker to o ...)
TODO: check
CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: PerfreeBlog
CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8
allows a remo ...)
- TODO: check
+ - ming <removed>
CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications.
Open Redir ...)
TODO: check
CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: Theme Volty CMS Blog
CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote
attacker to exe ...)
TODO: check
CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Badaso
CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway
1.0.19_T5 ...)
- TODO: check
+ NOT-FOR-US: TechView
CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway
1.0.19_T53 ...)
- TODO: check
+ NOT-FOR-US: TechView
CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an
improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in
net/netfilte ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
@@ -113,31 +113,31 @@ CVE-2023-39709 (Multiple cross-site scripting (XSS)
vulnerabilities in Free and
CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and
Open Sou ...)
NOT-FOR-US: Free and Open Source Inventory Management System
CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to
contain a SQL ...)
- TODO: check
+ NOT-FOR-US: theme volty tvcmsvideotab
CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the
Create functi ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to
contain a hea ...)
TODO: check
CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection
vulnerability via ...)
- TODO: check
+ NOT-FOR-US: ECTouch v2
CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before
v.5.2.8 al ...)
- TODO: check
+ NOT-FOR-US: Spipu HTML2PDF
CVE-2023-38289
REJECTED
CVE-2023-38288
REJECTED
CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and
Wearabl ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to
2FA byp ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic
implementa ...)
- TODO: check
+ NOT-FOR-US: Slive
CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on
MediaWiki ...)
- TODO: check
+ NOT-FOR-US: glb Meetup Tag Extension
CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
nikooo777 ...)
- TODO: check
+ NOT-FOR-US: nikooo777 ckSurf
CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository
omeka/omeka-s ...)
NOT-FOR-US: Omeka S
CVE-2023-4560 (Improper Authorization of Index Containing Sensitive
Information in Gi ...)
@@ -16141,7 +16141,7 @@ CVE-2023-1999 (There exists a use after free/double
free in libwebp. An attacker
NOTE: Introduced by:
https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c
(v0.5.0-rc1)
NOTE: Introduced by:
https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f
(backport; v0.4.2-rc2)
CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA
3DOrchestrate ...)
- TODO: check
+ NOT-FOR-US: SIMULIA
CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release
3DEXPE ...)
NOT-FOR-US: 3ds
CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3
and earli ...)
@@ -16215,7 +16215,7 @@ CVE-2023-1998 (The Linux kernel allows userspace
processes to enable mitigations
NOTE:
https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1)
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server,
HiRDB Serv ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to
3.6.12 ...)
{DSA-5429-1 DLA-3402-1}
[experimental] - wireshark 4.0.5-1~exp1
@@ -29322,7 +29322,7 @@ CVE-2023-26097 (An issue was discovered in Telindus
Apsal 3.14.2022.235 b. Unaut
CVE-2023-26096
RESERVED
CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16
and 4.6 ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security
CVE-2023-26094
RESERVED
CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL)
injection, ...)
@@ -47179,7 +47179,7 @@ CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition
before 5.7.1 GA allows X
CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
open re ...)
NOT-FOR-US: SquaredUp Dashboard Server
CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before
3.2.0. If ...)
- TODO: check
+ NOT-FOR-US: Stormshield SSL VPN Client
CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before
3.2.0. A ...)
NOT-FOR-US: Stormshield SSL VPN Client
CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
@@ -207932,7 +207932,7 @@ CVE-2020-27368 (Directory Indexing in Login Portal of
Login Portal of TOTOLINK-A
CVE-2020-27367
RESERVED
CVE-2020-27366 (Cross Site Scripting (XSS) vulnerability in wlscanresults.html
in Huma ...)
- TODO: check
+ NOT-FOR-US: Humax
CVE-2020-27365
RESERVED
CVE-2020-27364
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539aaf2738ebd846a4d81692ea0be8e1f6240917
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539aaf2738ebd846a4d81692ea0be8e1f6240917
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
