[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Sep 4 09:43:23 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c4ecbee by Moritz Muehlenhoff at 2023-09-04T10:43:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -239,13 +239,13 @@ CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows attacke
CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the ...)
NOT-FOR-US: O-RAN
CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the /index.php e ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several component ...)
- rust-vm-memory <unfixed> (bug #1051101)
NOTE: https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g
NOTE: https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8 (v0.12.2)
CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which deals w ...)
- TODO: check
+ NOT-FOR-US: Node @dcl/single-sign-on-client
CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before ...)
@@ -269,7 +269,7 @@ CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and
CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Editor comp ...)
NOT-FOR-US: Typora
CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...)
- TODO: check
+ NOT-FOR-US: hjson-java
CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...)
NOT-FOR-US: LanChain-ai Langchain
CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...)
@@ -539,7 +539,7 @@ CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is
CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...)
TODO: check
CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...)
- TODO: check
+ NOT-FOR-US: ZIPFoundation
CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...)
TODO: check
CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...)
@@ -1063,7 +1063,7 @@ CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open
CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...)
NOT-FOR-US: Theme Volty CMS Blog
CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...)
- TODO: check
+ NOT-FOR-US: Ansible Semaphore
CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...)
NOT-FOR-US: Badaso
CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ecbee2780aa4d941044709b6cf4db83b86887
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c4ecbee2780aa4d941044709b6cf4db83b86887
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230904/5ed8eec0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list