[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 4 15:40:29 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7a9ff94 by Moritz Mühlenhoff at 2023-08-04T16:34:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2023-4139 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable t
CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in Mitsubis ...)
NOT-FOR-US: Mitsubishi
CVE-2023-39343 (Sulu is an open-source PHP content management system based on the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2023-38991 (An issue in the delete function in the ActModelController class of jee ...)
NOT-FOR-US: jeesite
CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticate ...)
@@ -21,7 +21,7 @@ CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco BioTi
CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticat ...)
NOT-FOR-US: ZKTeco BioTime
CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote command ex ...)
- TODO: check
+ NOT-FOR-US: django-sspanel
CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...)
NOT-FOR-US: Pimcore
CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain field o ...)
@@ -45,7 +45,7 @@ CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0, lack of verificati
CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site ...)
NOT-FOR-US: PHPJabbers
CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Class Scheduling System
CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling System v1. ...)
NOT-FOR-US: PHPJabbers
CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of verification when ...)
@@ -57,7 +57,7 @@ CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to I
CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrec ...)
NOT-FOR-US: PHPJabbers
CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: ai-dev aitable
CVE-2023-38497 [Cargo does not respect umask when extracting packages]
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -99,7 +99,7 @@ CVE-2023-4120 (A vulnerability was found in Beijing Baichuo Smart S85F Managemen
CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and classified as pr ...)
NOT-FOR-US: Academy LMS
CVE-2023-4118 (A vulnerability, which was classified as problematic, was found in Cut ...)
- TODO: check
+ NOT-FOR-US: Cute HTTP File Server
CVE-2023-4117 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: PHP Jabbers Rental Property Booking
CVE-2023-4116 (A vulnerability classified as problematic was found in PHP Jabbers Tax ...)
@@ -119,47 +119,47 @@ CVE-2023-4110 (A vulnerability has been found in PHP Jabbers Availability Bookin
CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all versions start ...)
TODO: check
CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that stems fr ...)
- TODO: check
+ NOT-FOR-US: odoh-rs Rust crate
CVE-2023-3749 (A local user could edit the VideoEdge configuration file and interfere ...)
- TODO: check
+ NOT-FOR-US: VideoEdge
CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System prior t ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before 3.5.1 ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-3348 (The Wrangler command line tool (<=wrangler at 3.1.0) was affected by a di ...)
TODO: check
CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SpiderControl SCADA Webserver
CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while handling data ...)
- qemu <unfixed>
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/04b9b37edda85964cca033a48dcc0298036782f2 (v2.8.0-rc0)
NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-08/msg00401.html
CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was discovered to s ...)
- TODO: check
+ NOT-FOR-US: Element55
CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection vulnerability v ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation violatio ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation violatio ...)
- TODO: check
+ NOT-FOR-US: ngiflib
CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) v ...)
- TODO: check
+ NOT-FOR-US: WebBoss.io CMS
CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) v ...)
- TODO: check
+ NOT-FOR-US: WebBoss.io CMS
CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions 283C35202R ...)
- TODO: check
+ NOT-FOR-US: Renault
CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthen ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows u ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioAccess
CVE-2023-38948 (An arbitrary file download vulnerability in the /c/PluginsController.p ...)
TODO: check
CVE-2023-38947 (An arbitrary file upload vulnerability in the /languages/install.php c ...)
@@ -179,35 +179,35 @@ CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation
CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...)
TODO: check
CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37558 (After successful authentication as a user in multiple Codesys products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37557 (After successful authentication as a user in multiple Codesys products ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37556 (In multiple versions of multiple Codesys products, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37555 (In multiple versions of multiple Codesys products, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37554 (In multiple versions of multiple Codesys products, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37553 (In multiple versions of multiple Codesys products, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37552 (In multiple versions of multiple Codesys products, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37551 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37550 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37549 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37548 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37547 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37546 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37545 (In multiple Codesys products in multiple versions, after successful au ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...)
TODO: check
CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a9ff94959d66c65beac21fcf8f6e213dcc8d97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a9ff94959d66c65beac21fcf8f6e213dcc8d97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230804/96fcf6da/attachment.htm>
More information about the debian-security-tracker-commits
mailing list