[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 16 12:47:04 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb47a68e by Moritz Muehlenhoff at 2023-08-16T13:46:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -127,43 +127,43 @@ CVE-2023-40028 (Ghost is an open source content management system. Versions prio
 CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 built with  ...)
 	NOT-FOR-US: Keystone CMS
 CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1 ...)
-	TODO: check
+	NOT-FOR-US: Suleve 5-in-1 Smart Door Lock
 CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Securit ...)
-	TODO: check
+	NOT-FOR-US: Digoo DG-HAMB Smart Home Security
 CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock  ...)
-	TODO: check
+	NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock
 CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: llama_index
 CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: pandas-ai
 CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows a remot ...)
-	TODO: check
+	NOT-FOR-US: langchain-ai
 CVE-2023-39438 (A missing authorization check allows an arbitrary authenticated user t ...)
-	TODO: check
+	NOT-FOR-US: cla-assistant
 CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: eVotingSystem-PHP
 CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: Wolf-leo EasyAdmin8
 CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...)
 	TODO: check
 CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...)
-	TODO: check
+	NOT-FOR-US:  Harrison Chase langchain
 CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...)
-	TODO: check
+	NOT-FOR-US: Alluxio
 CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected  ...)
-	TODO: check
+	NOT-FOR-US: COMFAST
 CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected  ...)
-	TODO: check
+	NOT-FOR-US: COMFAST
 CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: COMFAST
 CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: COMFAST
 CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: COMFAST
 CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to execute ar ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
 	TODO: check
 CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
@@ -183,13 +183,13 @@ CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote a
 CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...)
 	TODO: check
 CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a local atta ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive  ...)
 	NOT-FOR-US: InfiniteWP Client plugin for WordPress
 CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...)
@@ -234,7 +234,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set name
 	[bullseye] - xterm <no-dsa> (Minor issue)
 	NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380
 CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...)
-	TODO: check
+	NOT-FOR-US: Maxscale
 CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with unsaniti ...)
 	NOT-FOR-US: OpenMNS
 CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...)
@@ -256,7 +256,7 @@ CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not corr
 CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse ESET\u2019s ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not proper ...)
 	TODO: check
 CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiVoice O ...)
@@ -560,7 +560,7 @@ CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifi
 	NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
 	NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
 CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count bounds chec ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD
 CVE-2023-39966 (1Panel is an open source Linux server operation and maintenance manage ...)
 	NOT-FOR-US: 1Panel
 CVE-2023-39965 (1Panel is an open source Linux server operation and maintenance manage ...)
@@ -582,9 +582,9 @@ CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio cal
 CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...)
 	NOT-FOR-US: Notes app for NextCloud
 CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud OIDC backend
 CVE-2023-39953 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud OIDC backend
 CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...)
@@ -739,11 +739,11 @@ CVE-2023-36672 (An issue was discovered in the Clario VPN client through 5.9.1.1
 CVE-2023-36671 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...)
 	NOT-FOR-US: Clario VPN client
 CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures the operat ...)
-	TODO: check
+	NOT-FOR-US: WireGuard client on Windows
 CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might allow an  ...)
-	TODO: check
+	NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol
 CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow  ...)
-	TODO: check
+	NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
 CVE-2023-32559
 	- nodejs <unfixed>
 	[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -1415,7 +1415,7 @@ CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v
 CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior to vers ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...)
-	TODO: check
+	NOT-FOR-US: Cryptomator
 CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Ma ...)
 	NOT-FOR-US: Vyer
 CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb47a68e5cc11a55d16002d090ef5e85f4d0d460
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/5e2725fd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list