[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 25 21:52:10 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53c37299 by Salvatore Bonaccorso at 2023-08-25T22:51:42+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,9 +64,9 @@ CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-l
CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...)
TODO: check
CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...)
TODO: check
CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...)
@@ -80,7 +80,7 @@ CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scriptin
CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...)
TODO: check
CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Cloud Explorer Lite
CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...)
TODO: check
CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...)
@@ -90,7 +90,7 @@ CVE-2023-38508 (Tuleap is an open source suite to improve management of software
CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...)
TODO: check
CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...)
- TODO: check
+ NOT-FOR-US: CasaOS
CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...)
TODO: check
CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...)
@@ -98,41 +98,41 @@ CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an a
CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...)
TODO: check
CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not restrict ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force file uploading function
CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability within ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force
CVE-2023-32755 (e-Excellence U-Office Force generates an error message in webiste serv ...)
- TODO: check
+ NOT-FOR-US: e-Excellence U-Office Force
CVE-2023-32678 (Zulip is an open-source team collaboration tool with topic-based threa ...)
TODO: check
CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pala ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Clou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Pla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Ooga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Object Refe ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...)
- python3.12 <unfixed>
- python3.11 3.11.5-1
@@ -29423,7 +29423,7 @@ CVE-2023-25983
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25980
RESERVED
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
@@ -29805,7 +29805,7 @@ CVE-2023-25850
CVE-2023-25849
RESERVED
CVE-2023-25848 (ArcGIS Enterprise Server versions 11.0 and below have an information d ...)
- TODO: check
+ NOT-FOR-US: ArcGIS Enterprise Server
CVE-2023-25847
RESERVED
CVE-2023-25846
@@ -30695,7 +30695,7 @@ CVE-2023-25651
CVE-2023-25650
RESERVED
CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25648
RESERVED
CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
@@ -33572,9 +33572,9 @@ CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent
CVE-2023-24622 (isInList in the safeurl-python package before 1.2 for Python has an in ...)
NOT-FOR-US: safeurl-python
CVE-2023-24621 (An issue was discovered in Esoteric YamlBeans through 1.15. It allows ...)
- TODO: check
+ NOT-FOR-US: Esoteric YamlBeans
CVE-2023-24620 (An issue was discovered in Esoteric YamlBeans through 1.15. A crafted ...)
- TODO: check
+ NOT-FOR-US: Esoteric YamlBeans
CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...)
NOT-FOR-US: Redpanda
CVE-2023-24618
@@ -34542,7 +34542,7 @@ CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24394 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
@@ -245769,7 +245769,7 @@ CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that
CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...)
NOT-FOR-US: Open Upload
CVE-2020-11711 (An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored ...)
- TODO: check
+ NOT-FOR-US: Stormshield SNS
CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53c3729993301cb835c9b6ed9e58ec1030e8609f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53c3729993301cb835c9b6ed9e58ec1030e8609f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230825/e3dce6a4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list