Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed083f93 by Moritz Muehlenhoff at 2023-09-19T11:04:33+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
CVE-2023-4998
- gitlab <not-affected> (Specific to EE)
CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository
librenms/librenm ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to
unauthent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5009 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-42454 (SQLpage is a SQL-only webapp builder. Someone using SQLpage
versions p ...)
- TODO: check
+ NOT-FOR-US: SQLpage
CVE-2023-42446 (Pow is a authentication and user management solution for
Phoenix and P ...)
- TODO: check
+ NOT-FOR-US: Pow
CVE-2023-42443 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2023-42441 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2023-42399 (Cross Site Scripting vulnerability in xdsoft.net Jodit Editor
v.4.0.0- ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2023-41599 (An issue in the component /common/DownController.java of
JFinalCMS v5. ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2023-41443 (SQL injection vulnerability in Novel-Plus v.4.1.0 allows a
remote atta ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2023-40788 (SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control
due to ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2023-39058 (An information leak in THE_B_members card v13.6.1 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: THE_B_members
CVE-2023-39056 (An information leak in Coffee-jumbo v13.6.1 allows attackers
to obtain ...)
- TODO: check
+ NOT-FOR-US: Coffee-jumbo
CVE-2023-39049 (An information leak in youmart-tokunaga v13.6.1 allows
attackers to ob ...)
- TODO: check
+ NOT-FOR-US: youmart-tokunaga
CVE-2023-39046 (An information leak in TonTon-Tei_waiting Line v13.6.1 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: TonTon-Tei_waiting Line
CVE-2023-39043 (An information leak in YKC Tokushima_awayokocho Line v13.6.1
allows at ...)
- TODO: check
+ NOT-FOR-US: YKC Tokushima_awayokocho Line
CVE-2023-39040 (An information leak in Cheese Cafe Line v13.6.1 allows
attackers to ob ...)
- TODO: check
+ NOT-FOR-US: Cheese Cafe Line
CVE-2023-39039 (An information leak in Camp Style Project Line v13.6.1 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Camp Style Project Line
CVE-2023-38582 (Persistent cross-site scripting (XSS) in the web application
of MOD3GP ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-38255 (A potential attacker with or without (cookie theft) access to
the devi ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3
allows a re ...)
- TODO: check
+ NOT-FOR-US: Neos CMS
CVE-2023-4237 [ec2_key module prints out the private key directly to the
standard output]
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
@@ -65,27 +65,27 @@ CVE-2023-42320 (Buffer Overflow vulnerability in Tenda
AC10V4 v.US_AC10V4.0si_V1
CVE-2023-42253 (Code-Projects Vehicle Management 1.0 is vulnerable to Cross
Site Scrip ...)
NOT-FOR-US: Code-Projects Vehicle Management
CVE-2023-41965 (Sending some requests in the web application of the vulnerable
device ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-41929 (A DLL hijacking vulnerability in Samsung Memory Card & UFD
Authenticat ...)
NOT-FOR-US: Samsung
CVE-2023-41595 (An issue in xui-xray v1.8.3 allows attackers to obtain
sensitive infor ...)
NOT-FOR-US: xui-xray
CVE-2023-41084 (Session management within the web application is incorrect and
allows ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-41030 (Hard-coded credentials inJuplink RX4-1500 versions V1.0.2
through V1.0 ...)
NOT-FOR-US: Juplink RX4-1500
CVE-2023-40221 (The absence of filters when loading some sections in the web
applicati ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-39452 (The web application that owns the device clearly stores the
credential ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-39446 (Thanks to the weaknesses that the web application has at the
user mana ...)
- TODO: check
+ NOT-FOR-US: MODULYS GP
CVE-2023-34999 (A command injection vulnerability exists in RTS VLink Virtual
Matrix S ...)
NOT-FOR-US: RTS VLink Virtual Matrix Software
CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe
in Insyd ...)
NOT-FOR-US: Insyde InsydeH2O
CVE-2023-33831 (A remote command execution (RCE) vulnerability in the
/api/runscript e ...)
- TODO: check
+ NOT-FOR-US: FUXA
CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling
vulnerability ...)
TODO: check
CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6.
drivers/medi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed083f93867a72b8a87e42b2ef698d24f87d39c0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed083f93867a72b8a87e42b2ef698d24f87d39c0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
