Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f151086 by Moritz Muehlenhoff at 2023-09-08T12:26:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
CVE-2023-41775 (Improper access control vulnerability in 'direct' Desktop App
for macO ...)
- TODO: check
+ NOT-FOR-US: 'direct Desktop App for macOS
CVE-2023-41646 (Buttercup v2.20.3 allows attackers to obtain the hash of the
master pa ...)
- TODO: check
+ NOT-FOR-US: Buttercup
CVE-2023-41615 (Zoo Management System v1.0 was discovered to contain multiple
SQL inje ...)
- TODO: check
+ NOT-FOR-US: Zoo Management System
CVE-2023-41594 (Dairy Farm Shop Management System Using PHP and MySQL v1.1 was
discove ...)
- TODO: check
+ NOT-FOR-US: Dairy Farm Shop Management System
CVE-2023-41161 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Usermin ...)
- TODO: check
+ NOT-FOR-US: Usermin
CVE-2023-40953 (icms 7.0.16 is vulnerable to Cross Site Request Forgery
(CSRF).)
- TODO: check
+ NOT-FOR-US: icms
CVE-2023-40584 (Argo CD is a declarative continuous deployment for Kubernetes.
All ver ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-40353 (An issue was discovered in Exynos Mobile Processor 980 and
2100. An in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-40271 (In Trusted Firmware-M through TF-Mv1.8.0, for platforms that
integrate ...)
TODO: check
CVE-2023-40029 (Argo CD is a declarative continuous deployment for Kubernetes.
Argo CD ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-39620 (An Issue in Buffalo America, Inc. TeraStation NAS TS5410R
v.5.00 thru ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2023-37759 (Incorrect access control in the User Registration page of
Crypto Curre ...)
- TODO: check
+ NOT-FOR-US: Crypto Currency Tracker
CVE-2023-37377 (An issue was discovered in Samsung Exynos Mobile Processor and
Wearabl ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-37368 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-37367 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-36184 (CMysten Labs Sui blockchain v1.2.0 was discovered to contain a
stack o ...)
- TODO: check
+ NOT-FOR-US: CMysten Labs Sui
CVE-2023-34041 (Cloud foundry routing release versions prior to 0.278.0 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Cloud foundry routing
CVE-2023-32470 (Dell Digital Delivery versions prior to 5.0.82.0 contain an
Insecure O ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft
versions 4.0. ...)
NOT-FOR-US: Delta Electronics
CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior
to2023.1.9 ...)
NOT-FOR-US: JSCAPE MFT Server
CVE-2023-41316 (Tolgee is an open-source localization platform. Due to lack of
validat ...)
- TODO: check
+ NOT-FOR-US: Tolgee
CVE-2023-41064 (A buffer overflow issue was addressed with improved memory
handling. T ...)
NOT-FOR-US: Apple
CVE-2023-41061 (A validation issue was addressed with improved logic. This
issue is fi ...)
@@ -49,7 +49,7 @@ CVE-2023-40942 (Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was
discovered stack ov
CVE-2023-40060 (A vulnerability has been identified within Serv-U 15.4 and
15.4 Hotfix ...)
NOT-FOR-US: SolarWinds Serv-U
CVE-2023-3747 (Zero Trust Administrators have the ability to disallow end
users from ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Warp
CVE-2023-39711 (Multiple cross-site scripting (XSS) vulnerabilities in Free
and Open S ...)
NOT-FOR-US: Free and Open Source Inventory Management System
CVE-2023-39424 (A vulnerability inRDPngFileUpload.dll, as used in theIRM Next
Generati ...)
@@ -112,7 +112,7 @@ CVE-2023-38031 (ASUS RT-AC86U Adaptive QoS - Web History
function has insufficie
CVE-2023-34357 (Soar Cloud Ltd. HR Portal has a weak Password Recovery
Mechanism for F ...)
NOT-FOR-US: Soar Cloud Ltd. HR Portal
CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble'
rule, a pac ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable
to Loca ...)
NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched:
sch_hf ...)
@@ -146,7 +146,7 @@ CVE-2023-4206 (A use-after-free vulnerability in the Linux
kernel's net/sched: c
CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in
install/index.p ...)
NOT-FOR-US: CSZ CMS
CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail,
snapshot or PD ...)
- TODO: check
+ NOT-FOR-US: knplabs/knp-snappy
CVE-2023-41328 (Frappe is a low code web framework written in Python and
Javascript. A ...)
NOT-FOR-US: Frappe Framework
CVE-2023-41319 (Fides is an open-source privacy engineering platform for
managing the ...)
@@ -544,7 +544,7 @@ CVE-2023-41908 (Cerebrate before 1.15 lacks the Secure
attribute for the session
CVE-2023-41058 (Parse Server is an open source backend server. In affected
versions th ...)
NOT-FOR-US: Node parse-server
CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version
in proje ...)
- TODO: check
+ NOT-FOR-US: hyper-bump-it
CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and
javascript-free priva ...)
NOT-FOR-US: LibreY
CVE-2023-41054 (LibreY is a fork of LibreX, a framework-less and
javascript-free priva ...)
@@ -612,7 +612,7 @@ CVE-2023-36492 (Reflected cross-site scripting
vulnerability in SHIRASAGI prior
CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
NOT-FOR-US: WordPress plugin
CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic
(becaus ...)
- TODO: check
+ NOT-FOR-US: disintegration Imaging
CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an
integer ...)
NOT-FOR-US: ZPLGFA
CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to
bypass IP res ...)
@@ -16476,7 +16476,7 @@ CVE-2023-30910
CVE-2023-30909
RESERVED
CVE-2023-30908 (Potential security vulnerabilities have been identified in
Hewlett Pac ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-30907
RESERVED
CVE-2023-30906 (The vulnerability could be locally exploited to allow
escalation of pr ...)
@@ -31156,7 +31156,7 @@ CVE-2023-26102 (All versions of the package rangy are
vulnerable to Prototype Po
CVE-2023-0926
RESERVED
CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance
of Azul ...)
- TODO: check
+ NOT-FOR-US: webMethods OneData
CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate
the typ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0923
@@ -59763,9 +59763,9 @@ CVE-2023-20196
CVE-2023-20195
RESERVED
CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an
authenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco
ISE coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco
TelePres ...)
NOT-FOR-US: Cisco
CVE-2023-20191
@@ -106302,7 +106302,7 @@ CVE-2022-27601
CVE-2022-27600
RESERVED
CVE-2022-27599 (An insertion of sensitive information into Log file
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating
systems. If ...)
NOT-FOR-US: QNAP
CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating
systems. If ...)
@@ -124873,7 +124873,7 @@ CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected
by a Cross Site Scripting (X
CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a
Cross Site ...)
NOT-FOR-US: NUUO Network Video Recorder NVRsolo
CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of
"ticket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by
incorre ...)
NOT-FOR-US: GlobalProtect-openconnect
CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected
by inco ...)
@@ -160693,7 +160693,7 @@ CVE-2021-33836
CVE-2021-33835
RESERVED
CVE-2021-33834 (An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde
H2OFFT 6. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a
stack-based b ...)
{DLA-2915-1}
- connman 1.36-2.2 (bug #989662)
@@ -177064,7 +177064,7 @@ CVE-2021-27717
CVE-2021-27716
RESERVED
CVE-2021-27715 (An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2
3.5.6-xnet ...)
- TODO: check
+ NOT-FOR-US: MoFi Network MOFI4500-4GXeLTE-V2
CVE-2021-27714
RESERVED
CVE-2021-27713
@@ -508620,7 +508620,7 @@ CVE-2014-5331 (Cross-site scripting (XSS)
vulnerability in Aflax allows remote a
CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows
remote att ...)
NOT-FOR-US: BirdBlog
CVE-2014-5329 (GIGAPOD file servers (Appliance model and Software model)
provide two ...)
- TODO: check
+ NOT-FOR-US: GIGAPOD
CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332
router ...)
NOT-FOR-US: Huawei router
CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332
router ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f151086d555d343e578b050ef218e538a66ea0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f151086d555d343e578b050ef218e538a66ea0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
