diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-06 23:51:25 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-06 23:51:57 +0200 |
| commit | 16f66a182d0737180f801c002ac8fda900a19a6d (patch) | |
| tree | 6597fd0081bf06e13efd300fe750edfe42d20f02 /data | |
| parent | 1da15071a3d33dd9831419435ba35e6a1a49e6f7 (diff) | |
bullseye/bookworm triage
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index c821f769ba..d15a75f836 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -243,7 +243,11 @@ CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL inj NOT-FOR-US: ai-dev aitable CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...) - cargo <unfixed> + [bookworm] - cargo <no-dsa> (Minor issue) + [bullseye] - cargo <no-dsa> (Minor issue) - rust-cargo <unfixed> + [bookworm] - rust-cargo <no-dsa> (Minor issue) + [bullseye] - rust-cargo <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2 NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 @@ -527,7 +531,7 @@ CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attack CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML ...) NOT-FOR-US: Verint Engagement Management CVE-2023-4016 (Under some circumstances, this weakness allows a user who has access t ...) - - procps <unfixed> (bug #1042887) + - procps <undetermined> (bug #1042887) NOTE: https://gitlab.com/procps-ng/procps/-/issues/297 CVE-2023-3739 (Insufficient validation of untrusted input in Chromad in Google Chrome ...) {DSA-5456-1} @@ -1553,6 +1557,7 @@ CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1. NOT-FOR-US: WordPress plugin CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) - znuny 6.5.3-1 + NOTE: https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836 CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x @@ -1949,6 +1954,8 @@ CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 al NOT-FOR-US: Grav CMStduck-platform CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp <unfixed> + [bookworm] - python-aiohttp <no-dsa> (Minor issue) + [bullseye] - python-aiohttp <no-dsa> (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w NOTE: https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 NOTE: https://hackerone.com/reports/2001873 |