[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 30 16:25:51 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4882bbe4 by Moritz Muehlenhoff at 2023-05-30T17:25:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,52 +4,52 @@ CVE-2023-2650 [openssl Possible DoS translating ASN.1 object identifiers]
NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u)
NOTE: https://github.com/openssl/openssl/commit/423a2bc737a908ad0c77bda470b2b59dc879936b (openssl-3.0.9)
CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as received) can ...)
- TODO: check
+ NOT-FOR-US: Moov signedxml
CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and /var/tmp ...)
- imapsync <removed>
NOTE: https://github.com/imapsync/imapsync/issues/399
CVE-2023-33955 (Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEF ...)
- TODO: check
+ - minio <itp> (bug #859207)
CVE-2023-33245 (Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arb ...)
- TODO: check
+ NOT-FOR-US: Minecraft
CVE-2023-33198 (tgstation-server is a production scale tool for BYOND server managemen ...)
- TODO: check
+ NOT-FOR-US: tgstation-server
CVE-2023-33193 (Emby Server is a user-installable home media server which stores and o ...)
- TODO: check
+ NOT-FOR-US: Emby Server
CVE-2023-33191 (Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp co ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2023-33189 (Pomerium is an identity and context-aware access proxy. With specially ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2023-33186 (Zulip is an open-source team collaboration tool with unique topic-base ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2023-33183 (Calendar app for Nextcloud easily sync events from various devices wit ...)
- TODO: check
+ NOT-FOR-US: Nextcloud addon
CVE-2023-33182 (Contacts app for Nextcloud easily syncs contacts from various devices ...)
- TODO: check
+ NOT-FOR-US: Nextcloud addon
CVE-2023-33175 (ToUI is a Python package for creating user interfaces (websites and de ...)
- TODO: check
+ NOT-FOR-US: ToUI
CVE-2023-32698 (nFPM is an alternative to fpm. The file permissions on the checked-in ...)
- TODO: check
+ NOT-FOR-US: nFPM
CVE-2023-32692 (CodeIgniter is a PHP full-stack web framework. This vulnerability allo ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2023-32691 (gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitiv ...)
- TODO: check
+ NOT-FOR-US: GO Simple Tunnel
CVE-2023-32687 (tgstation-server is a toolset to manage production BYOND servers. Star ...)
- TODO: check
+ NOT-FOR-US: tgstation-server
CVE-2023-32072 (Tuleap is an open source tool for end to end traceability of applicati ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2023-2970 (A vulnerability classified as problematic was found in MindSpore 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: MindSpore
CVE-2023-2962 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2953 [potential null pointer dereference flaw]
[experimental] - openldap 2.6.4+dfsg-1~exp1
- openldap <unfixed>
@@ -81,7 +81,7 @@ CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate
CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...)
NOT-FOR-US: Yank Note (YN)
CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted file is op ...)
- TODO: check
+ NOT-FOR-US: Gin Markdown Editor
CVE-2023-2955 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Students Online Internship Timesheet System
CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/ ...)
@@ -230,7 +230,7 @@ CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413
CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...)
NOT-FOR-US: Craft CMS
CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...)
- TODO: check
+ NOT-FOR-US: Django-SES
CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...)
@@ -278,7 +278,7 @@ CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19062
CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...)
- TODO: check
+ NOT-FOR-US: Nextcloud app
CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...)
NOT-FOR-US: NFine Rapid Development Platform
CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...)
@@ -306,7 +306,7 @@ CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an op
CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...)
NOT-FOR-US: Amazon Alexa
CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
NOT-FOR-US: ZLMediaKit
CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
@@ -2607,7 +2607,7 @@ CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton()
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
NOT-FOR-US: Contiki-NG
CVE-2023-31128 (NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 o ...)
- TODO: check
+ NOT-FOR-US: Nextcloud app
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
NOT-FOR-US: libspdm
CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the op ...)
@@ -4200,7 +4200,7 @@ CVE-2023-30617
CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...)
- TODO: check
+ NOT-FOR-US: Iris
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
NOT-FOR-US: Pay (payments engine for Ruby on Rails)
CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
@@ -4235,7 +4235,7 @@ CVE-2023-30603
CVE-2023-30602
RESERVED
CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...)
- TODO: check
+ - cassandra <itp> (bug #585905)
CVE-2023-30600
RESERVED
CVE-2023-30599
@@ -5172,7 +5172,7 @@ CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was
CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...)
NOT-FOR-US: Tenda
CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with guest access ...)
- TODO: check
+ NOT-FOR-US: FS S3900-24T4S devices
CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...)
NOT-FOR-US: JFinal CMS
CVE-2023-30348
@@ -5371,7 +5371,7 @@ CVE-2023-30255
CVE-2023-30254
RESERVED
CVE-2023-30253 (Dolibarr before 17.0.1 allows remote code execution by an authenticate ...)
- TODO: check
+ - dolibarr <removed>
CVE-2023-30252
RESERVED
CVE-2023-30251
@@ -9527,7 +9527,7 @@ CVE-2023-28787
CVE-2023-28786
RESERVED
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28784
RESERVED
CVE-2023-28783
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4882bbe4b538bab135de4591f663c1a13187c91e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4882bbe4b538bab135de4591f663c1a13187c91e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230530/b19e0dae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list