Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a200a0ea by Moritz Muehlenhoff at 2023-11-01T10:20:44+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -193,11 +193,11 @@ CVE-2023-4836 (The WordPress File Sharing Plugin
WordPress plugin before 2.0.5 d
CVE-2023-4823 (The WP Meta and Date Remover WordPress plugin before 2.2.0
provides an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4390 (The Popup box WordPress plugin before 3.7.2 does not sanitize
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4251 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF
checks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4250 (The EventPrime WordPress plugin before 3.2.0 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46993 (In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with
setLedCfg ...)
NOT-FOR-US: TOTOLINK
CVE-2023-46992 (TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to
Incorrect Acc ...)
@@ -211,7 +211,7 @@ CVE-2023-46977 (TOTOLINK LR1200GB V9.1.0u.6619_B20230130
was discovered to conta
CVE-2023-46976 (TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command
injection vi ...)
NOT-FOR-US: TOTOLINK
CVE-2023-46723 (lte-pic32-writer is a writer for PIC32 devices. In versions
0.0.1 and ...)
- TODO: check
+ NOT-FOR-US: lte-pic32-writer
CVE-2023-46722 (The Pimcore Admin Classic Bundle provides a backend UI for
Pimcore. Pr ...)
NOT-FOR-US: Pimcore Admin Classic Bundle
CVE-2023-46622 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ollybach ...)
@@ -227,52 +227,51 @@ CVE-2023-46255 (SpiceDB is an open source, Google
Zanzibar-inspired database for
CVE-2023-46250 (pypdf is a free and open-source pure-python PDF library. An
attacker w ...)
TODO: check
CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to
versions 2023. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The
Cody AI ...)
- TODO: check
+ NOT-FOR-US: Cody
CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application.
Versions 2. ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to
CodeIgniter4 v ...)
- TODO: check
+ NOT-FOR-US: CodeIgniter
CVE-2023-46239 (quic-go is an implementation of the QUIC protocol in Go.
Starting in v ...)
TODO: check
CVE-2023-46237 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
- TODO: check
+ NOT-FOR-US: FOG
CVE-2023-46236 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
- TODO: check
+ NOT-FOR-US: FOG
CVE-2023-46235 (FOG is a free open-source cloning/imaging/rescue
suite/inventory manag ...)
- TODO: check
+ NOT-FOR-US: FOG
CVE-2023-45955 (An issue discovered in Nanoleaf Light strip v3.5.10 allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Nanoleaf Light strip
CVE-2023-43796 (Synapse is an open-source Matrix homeserver Prior to versions
1.95.1 a ...)
TODO: check
CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29
allow loca ...)
- TODO: check
+ NOT-FOR-US: Chef InSpec
CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: Turing Video Turing Edge+ EVC5FD
CVE-2023-41377
REJECTED
- TODO: check
CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Grou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40050 (Upload profile either through API or user interface in Chef
Automate p ...)
- TODO: check
+ NOT-FOR-US: Chef Automate
CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to
execute ar ...)
- TODO: check
+ NOT-FOR-US: Univention
CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12
allows a ...)
- TODO: check
+ NOT-FOR-US: Elenos
CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12
allows attac ...)
- TODO: check
+ NOT-FOR-US: Elenos
CVE-2023-37243 (The
C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availabil ...)
- TODO: check
+ NOT-FOR-US: Atera
CVE-2023-36508 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35879 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-33927 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
@@ -2402,6 +2401,7 @@ CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before
1.5.5, and 1.6.x before 1.6
{DSA-5531-1 DLA-3630-1}
- roundcube 1.6.4+dfsg-1 (bug #1054079)
NOTE:
https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
(1.6.4)
+ NOTE: https://www.openwall.com/lists/oss-security/2023/11/01/1
CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System
Config ...)
NOT-FOR-US: NI System Configuration
CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception
(FPE) vulne ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a200a0ea09dca16899983a64ac3af5ee5c8a8c0c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a200a0ea09dca16899983a64ac3af5ee5c8a8c0c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
