Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1562d165 by Salvatore Bonaccorso at 2023-09-21T22:21:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb
prior to ...)
- TODO: check
+ NOT-FOR-US: nocodb
CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may
crash c ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to
version 7.10, ...)
TODO: check
CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of
PCRs is us ...)
@@ -15,35 +15,35 @@ CVE-2023-43631 (On boot, the Pillar eve container checks
for the existence and c
CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in
Webmin 2 ...)
TODO: check
CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL
Injection via th ...)
- TODO: check
+ NOT-FOR-US: Phpjabbers
CVE-2023-43242 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43241 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack
overflow v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43240 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43239 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43238 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43237 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack
overflo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack
overflow v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-42810 (systeminformation is a System Information Library for Node.JS.
Version ...)
TODO: check
CVE-2023-42807 (Frappe LMS is an open source learning management system. In
versions 1 ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior
to vers ...)
TODO: check
CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport
protocol. Prior ...)
TODO: check
CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After
Free.)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-42458 (Zope is an open-source web application server. Prior to
versions 4.8.1 ...)
- TODO: check
+ NOT-FOR-US: Zope
CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST,
PUT, DELE ...)
TODO: check
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows
users to ...)
@@ -51,7 +51,7 @@ CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo
and su, allows use
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The
download metho ...)
TODO: check
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
- TODO: check
+ NOT-FOR-US: Dreamer CMS
CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in S ...)
TODO: check
CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in i ...)
@@ -63,11 +63,11 @@ CVE-2023-41048 (plone.namedfile allows users to handle
`File` and `Image` fields
CVE-2023-40183 (DataEase is an open source data visualization and analysis
tool. Prior ...)
TODO: check
CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup
1.4.11 and ...)
- TODO: check
+ NOT-FOR-US: Prestashop opartplannedpopup
CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop
opartfaq th ...)
TODO: check
CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0,
Remote ...)
- TODO: check
+ NOT-FOR-US: Eclipse RAP
CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and
all pre ...)
NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi
CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and
all pre ...)
@@ -104,9 +104,9 @@ CVE-2023-34575 (SQL injection vulnerability in PrestaShop
opartsavecart through
CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository
hestiacp/h ...)
TODO: check
CVE-2023-5074 (Use of a static key to protect a JWT token used in user
authentication ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-5042 (Sensitive information disclosure due to insecure folder
permissions. T ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a
compromi ...)
TODO: check
CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot
solution imple ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1562d1654ad4436f2234c48c32b12a9c59a2c77e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1562d1654ad4436f2234c48c32b12a9c59a2c77e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
