[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Aug 16 12:47:04 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb47a68e by Moritz Muehlenhoff at 2023-08-16T13:46:41+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -127,43 +127,43 @@ CVE-2023-40028 (Ghost is an open source content management system. Versions prio
CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 built with ...)
NOT-FOR-US: Keystone CMS
CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1 ...)
- TODO: check
+ NOT-FOR-US: Suleve 5-in-1 Smart Door Lock
CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Securit ...)
- TODO: check
+ NOT-FOR-US: Digoo DG-HAMB Smart Home Security
CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock ...)
- TODO: check
+ NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock
CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote attacker t ...)
- TODO: check
+ NOT-FOR-US: llama_index
CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote attacker to e ...)
- TODO: check
+ NOT-FOR-US: pandas-ai
CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows a remot ...)
- TODO: check
+ NOT-FOR-US: langchain-ai
CVE-2023-39438 (A missing authorization check allows an arbitrary authenticated user t ...)
- TODO: check
+ NOT-FOR-US: cla-assistant
CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: eVotingSystem-PHP
CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Wolf-leo EasyAdmin8
CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...)
TODO: check
CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...)
- TODO: check
+ NOT-FOR-US: Harrison Chase langchain
CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...)
- TODO: check
+ NOT-FOR-US: Alluxio
CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
- TODO: check
+ NOT-FOR-US: COMFAST
CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to execute ar ...)
- TODO: check
+ NOT-FOR-US: LangChain
CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
TODO: check
CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
@@ -183,13 +183,13 @@ CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote a
CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...)
TODO: check
CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a local atta ...)
- TODO: check
+ NOT-FOR-US: Bitwarden
CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...)
NOT-FOR-US: InfiniteWP Client plugin for WordPress
CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...)
@@ -234,7 +234,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set name
[bullseye] - xterm <no-dsa> (Minor issue)
NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...)
- TODO: check
+ NOT-FOR-US: Maxscale
CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with unsaniti ...)
NOT-FOR-US: OpenMNS
CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...)
@@ -256,7 +256,7 @@ CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not corr
CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse ESET\u2019s ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not proper ...)
TODO: check
CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiVoice O ...)
@@ -560,7 +560,7 @@ CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifi
NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count bounds chec ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2023-39966 (1Panel is an open source Linux server operation and maintenance manage ...)
NOT-FOR-US: 1Panel
CVE-2023-39965 (1Panel is an open source Linux server operation and maintenance manage ...)
@@ -582,9 +582,9 @@ CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio cal
CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...)
NOT-FOR-US: Notes app for NextCloud
CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
- TODO: check
+ NOT-FOR-US: Nextcloud OIDC backend
CVE-2023-39953 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
- TODO: check
+ NOT-FOR-US: Nextcloud OIDC backend
CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...)
@@ -739,11 +739,11 @@ CVE-2023-36672 (An issue was discovered in the Clario VPN client through 5.9.1.1
CVE-2023-36671 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...)
NOT-FOR-US: Clario VPN client
CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures the operat ...)
- TODO: check
+ NOT-FOR-US: WireGuard client on Windows
CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might allow an ...)
- TODO: check
+ NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol
CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow ...)
- TODO: check
+ NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
CVE-2023-32559
- nodejs <unfixed>
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -1415,7 +1415,7 @@ CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v
CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior to vers ...)
NOT-FOR-US: PrestaShop
CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Ma ...)
NOT-FOR-US: Vyer
CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/5e2725fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list