[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 18 13:06:39 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7bcc269e by Moritz Muehlenhoff at 2023-08-18T14:06:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to
CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...)
NOT-FOR-US: D-Link
CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...)
- TODO: check
+ NOT-FOR-US: NTSC-CRT
CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus Build 718 ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...)
@@ -44,7 +44,7 @@ CVE-2023-40313 (A BeanShell interpreter in remote server mode runs in OpenMNS Ho
CVE-2023-40272 (Apache Airflow Spark Provider, versions before 4.1.3, is affected by a ...)
NOT-FOR-US: Apache Airflow Spark Provider
CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch projects to J ...)
- TODO: check
+ NOT-FOR-US: TurboWarp
CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library) hosting ser ...)
TODO: check
CVE-2023-3698 (Printer service fails to adequately handle user input, allowing an rem ...)
@@ -87,7 +87,7 @@ CVE-2023-36845 (A PHP External Variable Modification vulnerability in J-Web of J
CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...)
NOT-FOR-US: Juniper
CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2 and earlie ...)
- TODO: check
+ NOT-FOR-US: powerjob
CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility driver in so ...)
NOT-FOR-US: Lenovo
CVE-2023-34412 (A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX ...)
@@ -129,7 +129,7 @@ CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulner
CVE-2023-40251 (Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Ge ...)
NOT-FOR-US: Genians
CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...)
- TODO: check
+ NOT-FOR-US: Woodpecker
CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...)
NOT-FOR-US: Flarum
CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...)
@@ -615,7 +615,7 @@ CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation because
NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in R ...)
- TODO: check
+ NOT-FOR-US: async-sockets-cpp
CVE-2023-40295 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInit ...)
NOT-FOR-US: libboron
CVE-2023-40294 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBl ...)
@@ -1242,7 +1242,7 @@ CVE-2023-4239 (The Real Estate Manager plugin for WordPress is vulnerable to pri
CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Educati ...)
NOT-FOR-US: Sifir Bes Education and Informatics Kunduz Homework Helper App
CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrum ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry Java Instrumentation
CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin ...)
NOT-FOR-US: Libbitcoin Explorer
CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM pro ...)
@@ -1293,7 +1293,7 @@ CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Found
- trafficserver <unfixed> (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
CVE-2023-3223
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
@@ -1330,9 +1330,9 @@ CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
NOT-FOR-US: Siemens Solid Edge
CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...)
- TODO: check
+ NOT-FOR-US: go-libp2pC
CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...)
- TODO: check
+ NOT-FOR-US: SES
CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...)
NOT-FOR-US: social-media-skeleton
CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -1781,7 +1781,7 @@ CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v
CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain ...)
NOT-FOR-US: Netgear
CVE-2023-38704 (import-in-the-middle is a module loading interceptor specifically for ...)
- TODO: check
+ NOT-FOR-US: Node import-in-the-middle
CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer o ...)
NOT-FOR-US: Netgear
CVE-2023-38412 (Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer ov ...)
@@ -1959,7 +1959,7 @@ CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path
CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...)
NOT-FOR-US: ECShop
CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free Edition an ...)
- TODO: check
+ NOT-FOR-US: NoMachine Free Edition
CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a cross-site s ...)
NOT-FOR-US: Creative Item Academy LMS
CVE-2023-38707
@@ -1989,7 +1989,7 @@ CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up bridges.
CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the computer game M ...)
- TODO: check
+ NOT-FOR-US: Logistics Pipes
CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, ...)
NOT-FOR-US: twitch-tui
CVE-2023-38686 (Sydent is an identity server for the Matrix communications protocol. P ...)
@@ -2004,11 +2004,11 @@ CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative markdo
CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow authenticated user ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security ...)
- TODO: check
+ NOT-FOR-US: Nuclei
CVE-2023-37470 (Metabase is an open-source business intelligence and analytics platfor ...)
NOT-FOR-US: Metabase
CVE-2023-36480 (The Aerospike Java client is a Java application that implements a netw ...)
- TODO: check
+ NOT-FOR-US: Aerospike Java client
CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnerability ...)
NOT-FOR-US: VMware
CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...)
@@ -2170,7 +2170,7 @@ CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before
CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...)
NOT-FOR-US: Codesys
CVE-2023-3348 (The Wrangler command line tool (<=wrangler at 3.1.0) was affected by a di ...)
- TODO: check
+ NOT-FOR-US: Wrangler
CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
NOT-FOR-US: Mitsubishi
CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...)
@@ -13636,7 +13636,7 @@ CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ma
CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30873
@@ -18709,7 +18709,7 @@ CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before versi
CVE-2023-28717
RESERVED
CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library maintain ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) ...)
NOT-FOR-US: Intel
CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon software before ...)
@@ -20388,7 +20388,7 @@ CVE-2023-28692
CVE-2023-28691
RESERVED
CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28689
RESERVED
CVE-2023-28688
@@ -27104,7 +27104,7 @@ CVE-2023-25779
CVE-2023-25777
RESERVED
CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-25075
RESERVED
CVE-2023-25073
@@ -223367,7 +223367,7 @@ CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /ap
CVE-2020-19953
RESERVED
CVE-2020-19952 (Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Ma ...)
- TODO: check
+ NOT-FOR-US: jbt Markdown Editor
CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...)
NOT-FOR-US: YzmCMS
CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcc269e5b4cfe3b523e5e522b31b55c3782289c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcc269e5b4cfe3b523e5e522b31b55c3782289c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230818/f3cb7bd4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list