[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 26 21:47:59 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e004b89e by Salvatore Bonaccorso at 2023-07-26T22:47:27+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,15 +5,15 @@ CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper In
CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...)
TODO: check
CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Thi ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This r ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open redirect v ...)
NOT-FOR-US: Netdisco
CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a cross-site scrip ...)
@@ -91,11 +91,11 @@ CVE-2023-38503 (Directus is a real-time API and App dashboard for managing SQL d
CVE-2023-38502 (TDengine is an open source, time-series database optimized for Interne ...)
- tdengine <itp> (bug #992514)
CVE-2023-38501 (copyparty is file server software. Prior to version 1.8.7, the applica ...)
- TODO: check
+ NOT-FOR-US: copyparty
CVE-2023-38500 (TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to p ...)
- TODO: check
+ NOT-FOR-US: TYPO3 HTML Sanitizer
CVE-2023-38499 (TYPO3 is an open source PHP based web content management system. Start ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2023-38496 (Apptainer is an open source container platform. Version 1.2.0-rc.2 int ...)
TODO: check
CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix variables. ...)
@@ -117,7 +117,7 @@ CVE-2023-37902 (Vyper is a Pythonic programming language that targets the Ethere
CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a re ...)
NOT-FOR-US: Pligg CMS
CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create archive ...)
- TODO: check
+ NOT-FOR-US: Plexis Archiver
CVE-2023-37258 (DataEase is an open source data visualization analysis tool. Prior to ...)
TODO: check
CVE-2023-37257 (DataEase is an open source data visualization analysis tool. Prior to ...)
@@ -125,7 +125,7 @@ CVE-2023-37257 (DataEase is an open source data visualization analysis tool. Pri
CVE-2023-36826 (Sentry is an error tracking and performance monitoring platform. Start ...)
TODO: check
CVE-2023-36806 (Contao is an open source content management system. Starting in versio ...)
- TODO: check
+ NOT-FOR-US: Contao CMS
CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max F ...)
NOT-FOR-US: WordPress plugin
CVE-2023-36502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -149,27 +149,27 @@ CVE-2023-35942 (Envoy is an open source edge and service proxy designed for clou
CVE-2023-35941 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
CVE-2023-35929 (Tuleap is a free and open source suite to improve management of softwa ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2023-35043 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34798 (An arbitrary file upload vulnerability in eoffice before v9.5 allows a ...)
- TODO: check
+ NOT-FOR-US: eoffice
CVE-2023-34369 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-34235 (Strapi is an open-source headless content management system. Prior to ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-34093 (Strapi is an open-source headless content management system. Prior to ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2023-34017 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33925 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginFo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32629 (Local privilege escalation vulnerability in Ubuntu Kernels overlayfs o ...)
TODO: check
CVE-2023-32468 (Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability d ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...)
TODO: check
CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
@@ -22670,7 +22670,7 @@ CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to
CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...)
NOT-FOR-US: S-mall-ssm
CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contain ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-26910
RESERVED
CVE-2023-26909
@@ -22774,7 +22774,7 @@ CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
NOT-FOR-US: PrestaShop Igbudget
CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 an ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
NOT-FOR-US: prestashop
CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...)
@@ -31615,11 +31615,11 @@ CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library
CVE-2023-23845
RESERVED
CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to the Di ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
NOT-FOR-US: SolarWinds
CVE-2023-23840
@@ -31671,7 +31671,7 @@ CVE-2023-23835 (A vulnerability has been identified in Mendix Applications using
CVE-2023-23834
RESERVED
CVE-2023-23833 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -38994,7 +38994,7 @@ CVE-2022-4610 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-4609 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4608 (A vulnerability exists in HCI IEC 60870-5-104 function included in cer ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-4262 (A vulnerability classified as critical was found in laravel-jqgrid. Af ...)
NOT-FOR-US: laravel-jqgrid.
CVE-2021-4261 (A vulnerability classified as critical has been found in pacman-canvas ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e004b89ed6d127a13b49223229a886720efdef14
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e004b89ed6d127a13b49223229a886720efdef14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230726/9b2800cc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list