[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 23 14:58:33 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c05a9fa7 by Moritz Muehlenhoff at 2023-06-23T14:53:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim. On ...)
- TODO: check
+ - grafana <removed>
CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...)
- TODO: check
+ NOT-FOR-US: Terraform Enterprise
CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via t ...)
TODO: check
CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...)
@@ -9,31 +9,31 @@ CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow v
CVE-2023-36191 (sqlite3 v3.40.1 was discovered to contain a segmentation violation at ...)
TODO: check
CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME Server before ...)
- TODO: check
+ NOT-FOR-US: Safe Software FME Server
CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...)
- TODO: check
+ - moodle <removed>
CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO access con ...)
- TODO: check
+ - moodle <removed>
CVE-2023-35131 (Content on the groups page required additional sanitizing to prevent a ...)
- TODO: check
+ - moodle <removed>
CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attacke ...)
- TODO: check
+ NOT-FOR-US: WAFU Keyless Smart Lock
CVE-2023-34462 (Netty is an asynchronous event-driven network application framework fo ...)
TODO: check
CVE-2023-34110 (Flask-AppBuilder is an application development framework, built on top ...)
TODO: check
CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Yet Another Reverse Proxy
CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper certificat ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-servic ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a self-hosted ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was ...)
- TODO: check
+ NOT-FOR-US: Apache StreamPipes
CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with the pa ...)
TODO: check
CVE-2023-3256 (Advantech R-SeeNet versions 2.4.22 allows low-level users to access ...)
@@ -76,7 +76,7 @@ CVE-2023-36239 (libming listswf 0.4.7 was discovered to contain a buffer overflo
- ming <removed>
NOTE: https://github.com/libming/libming/issues/273
CVE-2023-36097 (funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via ...)
- TODO: check
+ NOT-FOR-US: funadmin
CVE-2023-36093 (There is a storage type cross site scripting (XSS) vulnerability in th ...)
NOT-FOR-US: EyouCMS
CVE-2023-35926 (Backstage is an open platform for building developer portals. The Back ...)
@@ -86,7 +86,7 @@ CVE-2023-35918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Wo
CVE-2023-35917 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35174 (Livebook is a web application for writing interactive and collaborativ ...)
- TODO: check
+ NOT-FOR-US: Livebook
CVE-2023-35093 (Broken Access Control vulnerability in StylemixThemes MasterStudy LMS ...)
NOT-FOR-US: WordPress plugin
CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -94,13 +94,13 @@ CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-34939 (Onlyoffice Community Server before v12.5.2 was discovered to contain a ...)
NOT-FOR-US: Onlyoffice Community Server
CVE-2023-34927 (Casdoor v1.331.0 and below was discovered to contain a Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Casdoor
CVE-2023-34923 (XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in T ...)
NOT-FOR-US: TOPdesk
CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashb ...)
- TODO: check
+ NOT-FOR-US: dmarcts-report-viewer
CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Jeesite
CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...)
NOT-FOR-US: WordPress plugin
CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP O ...)
@@ -118,27 +118,27 @@ CVE-2023-33323 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-32960 (Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, Da ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32571 (Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Dynamic Linq
CVE-2023-32239 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress theme
CVE-2023-31868 (Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2023-31867 (Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.)
- TODO: check
+ NOT-FOR-US: Sage X3
CVE-2023-2991 (Fortra Globalscape EFT's administration server suffers from an informa ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2990 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial o ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2989 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of ...)
- TODO: check
+ NOT-FOR-US: Fortra Globalscape
CVE-2023-2611 (Advantech R-SeeNet versions 2.4.22 is installed with a hidden root- ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: jmarsden/jsonij
CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...)
NOT-FOR-US: IBM
CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.)
- TODO: check
+ NOT-FOR-US: Blogengine.net
CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...)
NOT-FOR-US: Dell
CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for Woo ...)
@@ -777,9 +777,9 @@ CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to ca
CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...)
NOT-FOR-US: JSONUtil
CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...)
- TODO: check
+ NOT-FOR-US: sojo
CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: ph-json
CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...)
TODO: check
CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05a9fa74c9bb70cf0ce343d6a49b03cb8d54705
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c05a9fa74c9bb70cf0ce343d6a49b03cb8d54705
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230623/0540d218/attachment.htm>
More information about the debian-security-tracker-commits
mailing list