Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2aa4f499 by Moritz Muehlenhoff at 2023-11-17T10:18:27+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any
file on t ...)
- TODO: check
+ NOT-FOR-US: Ray
CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow
bypassi ...)
NOT-FOR-US: mlflow
CVE-2023-48659 (An issue was discovered in MISP before 2.4.176.
app/Controller/AppCont ...)
@@ -52,71 +52,71 @@ CVE-2023-48231 (Vim is an open source command line text
editor. When closing a w
NOTE:
https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a
(v9.0.2106)
NOTE: Self-inflicted crash, no security impact
CVE-2023-48222 (Rundeck is an open source automation service with a web
console, comma ...)
- TODO: check
+ NOT-FOR-US: Rundeck
CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD
Functionality v1 ...)
- TODO: check
+ NOT-FOR-US: Simple CRUD Functionality
CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of
File with ...)
- TODO: check
+ NOT-FOR-US: OpenSupports
CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a
content page\u ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo
Youtube Spe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin#
CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech
Woo Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin#
CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs
Arigato ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin#
CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker
with an ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was
discovered by ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3
allows a ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2023-47112 (Rundeck is an open source automation service with a web
console, comma ...)
- TODO: check
+ NOT-FOR-US: Rundeck
CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Free5gc
CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2,
ineffective escap ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO"
(exportpr ...)
- TODO: check
+ NOT-FOR-US: PrestaShop addon
CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version
2.1.0 from ...)
- TODO: check
+ NOT-FOR-US: PrestaShop addon
CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3
allows a ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS
before versio ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS
before versio ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of
OpenNMS ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: CLUSTERPRO
CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: CLUSTERPRO
CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: CLUSTERPRO
CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: CLUSTERPRO
CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: CLUSTERPRO
CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before
10.1.2. it ha ...)
- TODO: check
+ NOT-FOR-US: OpenNDS
CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart
prior to 6 ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel
API for ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
@@ -143,7 +143,7 @@ CVE-2023-6038 (An attacker is able to read any file on the
server hosting the H2
CVE-2023-6023 (An attacker can read any file on the filesystem on the server
hosting ...)
NOT-FOR-US: ModelDB
CVE-2023-6022 (An attacker is able to steal secrets and potentially gain
remote code ...)
- TODO: check
+ NOT-FOR-US: Prefect
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file
on the ...)
NOT-FOR-US: Ray's log API endpoint
CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter
allowing ...)
@@ -359,7 +359,7 @@ CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg
before github commit 456
NOTE: Introduced in:
https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819
(n6.1)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60
(n6.1)
CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows
authenticate ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows
attackers to cau ...)
NOT-FOR-US: free5GC
CVE-2023-47345 (Buffer Overflow vulnerability in free5gc 3.3.0 allows
attackers to cau ...)
@@ -107716,7 +107716,7 @@ CVE-2022-31046 (TYPO3 is an open source web content
management system. Prior to
CVE-2022-31045 (Istio is an open platform to connect, manage, and secure
microservices ...)
NOT-FOR-US: Istio
CVE-2022-31044 (Rundeck is an open source automation service with a web
console, comma ...)
- NOT-FOR-US: Rundesk
+ NOT-FOR-US: Rundeck
CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions
`Author ...)
{DSA-5246-1}
- guzzle 7.4.4-1 (bug #1012821)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa4f499ba9df3d815ef1794255dd10f8de96cf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa4f499ba9df3d815ef1794255dd10f8de96cf7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
