Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
601583a2 by Salvatore Bonaccorso at 2023-06-12T22:26:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,50 +1,50 @@
CVE-2023-3208 (A vulnerability, which was classified as critical, has been
found in R ...)
- TODO: check
+ NOT-FOR-US: RoadFlow Visual Process Engine .NET Core Mvc
CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu
VEC40G ...)
- TODO: check
+ NOT-FOR-US: Chengdu VEC40G
CVE-2023-3159 (A use after free issue was discovered in driver/firewire in
outbound_p ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
NOTE:
https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6)
CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a
Markdown-ren ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was
possible vi ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers
to execut ...)
- TODO: check
+ NOT-FOR-US: GeoServer
CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a
stack overf ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the
urlFilterList ...)
TODO: check
CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a
stack overf ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun
Electronic Equipm ...)
- TODO: check
+ NOT-FOR-US: Youxun Electronic Equipment
CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Service Provider Management System
CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the
nano_ctx_sen ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the
conn_handle ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller
Services ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an
unautho ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an
unauthe ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
- TODO: check
+ NOT-FOR-US: AMI BMC
CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Prior to ...)
TODO: check
CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along
with th ...)
@@ -52,11 +52,11 @@ CVE-2023-34212 (The JndiJmsConnectionFactoryProvider
Controller Service, along w
CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS,
HTTP-FLV ...)
TODO: check
CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
BrokenCr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was
discover ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was
discover ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-33624
REJECTED
CVE-2023-33623
@@ -64,15 +64,15 @@ CVE-2023-33623
CVE-2023-33622
REJECTED
CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular
Expressi ...)
TODO: check
CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An
authenti ...)
TODO: check
CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Katie Se ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPoperat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not
escape ...)
@@ -96,7 +96,7 @@ CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1
before V10 R1.42.0 an
CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates
random number ...)
TODO: check
CVE-2015-10118 (A vulnerability classified as problematic was found in
cchetanonline W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to
2.1.0.)
TODO: check
CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601583a2d406e471a931aacddb291518cfb7cfdd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601583a2d406e471a931aacddb291518cfb7cfdd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
