[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Aug 7 11:14:33 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
685659e3 by Moritz Muehlenhoff at 2023-08-07T12:14:02+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,27 +7,27 @@ CVE-2023-4191 (A vulnerability, which was classified as critical, has been found
CVE-2023-39903 (An issue was discovered in Fujitsu Software Infrastructure Manager (IS ...)
NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM)
CVE-2023-33913 (In DRM/oemcrypto, there is a possible out of bounds write due to an in ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33912 (In Contacts service, there is a possible missing permission check.This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33911 (In vowifi service, there is a possible missing permission check.This c ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33910 (In Contacts Service, there is a possible missing permission check.This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33909 (In Contacts service, there is a possible missing permission check.This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33908 (In ims service, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33907 (In Contacts Service, there is a possible missing permission check. Thi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2023-33906 (In Contacts Service, there is a possible missing permission check.This ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48579 (UnRAR before 6.2.3 allows extraction of files outside of the destinati ...)
TODO: check
CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS
CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS
CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...)
NOT-FOR-US: SourceCodester Pharmacy Management System
CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...)
@@ -79,11 +79,11 @@ CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insub
CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...)
- TODO: check
+ NOT-FOR-US: icms2
CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...)
- TODO: check
+ NOT-FOR-US: icms2
CVE-2023-4187 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
- TODO: check
+ NOT-FOR-US: icms2
CVE-2023-4170 (A vulnerability was found in DedeBIZ 6.2.10. It has been rated as prob ...)
NOT-FOR-US: DedeBIZ
CVE-2023-4169 (A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been ...)
@@ -147,9 +147,9 @@ CVE-2023-38707
CVE-2023-38702 (Knowage is an open source analytics and business intelligence suite. S ...)
NOT-FOR-US: Knowage
CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: matrix-appservice-irc
CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any AI/ML m ...)
- TODO: check
+ NOT-FOR-US: MindsDB AI Virtual Database
CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...)
NOT-FOR-US: Ethereum Name Service (ENS)
CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...)
@@ -161,9 +161,9 @@ CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1
CVE-2023-38696
REJECTED
CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress with jest-i ...)
- TODO: check
+ NOT-FOR-US: cypress-image-snapshot
CVE-2023-38692 (CloudExplorer Lite is an open source, lightweight cloud management pla ...)
- TODO: check
+ NOT-FOR-US: CloudExplorer Lite
CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up bridges. Start ...)
TODO: check
CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
@@ -194,21 +194,21 @@ CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnera
CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...)
NOT-FOR-US: VMware
CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their MQTT bro ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33377 (Connected IO v2.1.0 and prior has an OS command injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33376 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33375 (Connected IO v2.1.0 and prior has a stack-based buffer overflow vulner ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33374 (Connected IO v2.1.0 and prior has a command as part of its communicati ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials in clear ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded username/password pair ...)
- TODO: check
+ NOT-FOR-US: Connected IO
CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior to 108 ...)
TODO: check
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...)
@@ -394,7 +394,7 @@ CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in CX-Programmer
CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer Include ...)
NOT-FOR-US: CX-One CXONE-AL[][]D-V4
CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation of sp ...)
- TODO: check
+ NOT-FOR-US: OMRON
CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...)
NOT-FOR-US: NextGen Mirth Connect
CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...)
@@ -430,7 +430,7 @@ CVE-2023-37545 (In multiple Codesys products in multiple versions, after success
CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...)
NOT-FOR-US: WS-Inc J WBEM Server
CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: typecho
CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...)
NOT-FOR-US: DedeCMS
CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote ...)
@@ -448,7 +448,7 @@ CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions (11.10.x
CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate distributi ...)
NOT-FOR-US: Keyfactor EJBCA
CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: ai-dev aioptimizedcombinations
CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic ...)
NOT-FOR-US: Control ID IDSecure
CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID IDSecure 4.7. ...)
@@ -468,7 +468,7 @@ CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema BioStar
CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate ...)
NOT-FOR-US: Fabasoft Cloud Enterprise Client
CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...)
- TODO: check
+ NOT-FOR-US: Cloudflare WARP client for Windows
CVE-2023-4104
- mozillavpn <unfixed> (bug #1043004)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
@@ -11460,7 +11460,7 @@ CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that ena
CVE-2023-30959
RESERVED
CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30957
RESERVED
CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...)
@@ -11472,11 +11472,11 @@ CVE-2023-30954
CVE-2023-30953
RESERVED
CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30951 (The Foundry Magritte plugin rest-source was found to be vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30950 (The foundry campaigns service was found to be vulnerable to an unauthe ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...)
NOT-FOR-US: Palantir
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
@@ -13228,7 +13228,7 @@ CVE-2023-30493
CVE-2023-30492
RESERVED
CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30490
RESERVED
CVE-2023-30489
@@ -13724,7 +13724,7 @@ CVE-2023-30299
CVE-2023-30298
RESERVED
CVE-2023-30297 (An issue found in N-able Technologies N-central Server before 2023.4 a ...)
- TODO: check
+ NOT-FOR-US: N-able Technologies N-central Server
CVE-2023-30296
RESERVED
CVE-2023-30295
@@ -15002,7 +15002,7 @@ CVE-2023-29691
CVE-2023-29690
RESERVED
CVE-2023-29689 (PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that ...)
- TODO: check
+ NOT-FOR-US: PyroCMS
CVE-2023-29688
RESERVED
CVE-2023-29687
@@ -15510,7 +15510,7 @@ CVE-2023-29507 (XWiki Commons are technical libraries common to several other to
CVE-2023-29506 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network Configuration Man ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-28393
RESERVED
CVE-2023-1942 (A vulnerability has been found in SourceCodester Online Computer and L ...)
@@ -23916,7 +23916,7 @@ CVE-2023-26981
CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...)
NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid
CVE-2023-26979 (Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 ...)
- TODO: check
+ NOT-FOR-US: Bluetens Electrostimulation Device BluetensQ
CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
NOT-FOR-US: TOTOLINK
CVE-2023-26977
@@ -25606,7 +25606,7 @@ CVE-2023-0958 (Several plugins for WordPress by Inisev are vulnerable to unautho
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
NOT-FOR-US: Gitpod
CVE-2023-0956 (External input could be used on TEL-STER TelWin SCADA WebInterface to ...)
- TODO: check
+ NOT-FOR-US: TEL-STER TelWin SCADA WebInterface
CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...)
@@ -28065,7 +28065,7 @@ CVE-2022-48318 (No authorisation controls in the RestAPI documentation for Tribe
CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for Tribe ...)
- check-mk <removed>
CVE-2023-25600 (An issue was discovered in InsydeH2O. A malicious operating system can ...)
- TODO: check
+ NOT-FOR-US: InsydeH2O
CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
NOT-FOR-US: Mitel
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
@@ -28323,7 +28323,7 @@ CVE-2023-25526
CVE-2023-25525
RESERVED
CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1042766)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5469
@@ -31018,7 +31018,7 @@ CVE-2023-22431
CVE-2023-22311
RESERVED
CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric Corpor ...)
- TODO: check
+ NOT-FOR-US: PyroCMS
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -32752,9 +32752,9 @@ CVE-2023-0428 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise a
CVE-2023-0427
RESERVED
CVE-2023-0426 (ABB is aware of vulnerabilities in the product versions listed below. ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0425 (ABB is aware of vulnerabilities in the product versions listed below. ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...)
@@ -38917,11 +38917,11 @@ CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitiali
CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, which ma ...)
NOT-FOR-US: OMROM
CVE-2023-22317 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2023-22314 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2023-22277 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
- TODO: check
+ NOT-FOR-US: CX-Programmer
CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
NOT-FOR-US: Juniper
CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...)
@@ -42518,9 +42518,9 @@ CVE-2022-47353
CVE-2022-47352
RESERVED
CVE-2022-47351 (In camera driver, there is a possible out of bounds read due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47350 (In camera driver, there is a possible out of bounds read due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47349
RESERVED
CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...)
@@ -44043,7 +44043,7 @@ CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows o
CVE-2022-46783
RESERVED
CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A ...)
- TODO: check
+ NOT-FOR-US: Stormshield SSL VPN Client
CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: Arm Mali GPU Kernel Driver
CVE-2022-46780
@@ -47952,7 +47952,7 @@ CVE-2022-4048 (Inadequate Encryption Strength in CODESYS Development System V3 v
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4046 (In CODESYS Control in multiple versions a improper restriction of oper ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an authenti ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...)
@@ -50247,17 +50247,17 @@ CVE-2023-21414
CVE-2023-21413
RESERVED
CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate Verifie ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > Access Co ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21410 (User provided input is not sanitized on the AXIS License Plate Verifie ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21409 (Due to insufficient file permissions, unprivileged users could gain ac ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21408 (Due to insufficient file permissions, unprivileged users could gain ac ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21407 (A broken access control was found allowing for privileged escalation o ...)
- TODO: check
+ NOT-FOR-US: AXIS License Plate Verifier
CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...)
NOT-FOR-US: AXIS
CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...)
@@ -53323,83 +53323,83 @@ CVE-2023-20820
CVE-2023-20819
RESERVED
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20816 (In wlan service, there is a possible out of bounds write due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20815 (In wlan service, there is a possible out of bounds write due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20814 (In wlan service, there is a possible out of bounds write due to improp ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20813 (In wlan service, there is a possible out of bounds read due to imprope ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20812 (In wlan driver, there is a possible out of bounds write due to imprope ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20811 (In IOMMU, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20810 (In IOMMU, there is a possible information disclosure due to improper i ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20809 (In vdec, there is a possible out of bounds write due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20808 (In OPTEE, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20807 (In dpe, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20806 (In hcp, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20805 (In imgsys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20804 (In imgsys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20803 (In imgsys, there is a possible memory corruption due to improper input ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20802 (In imgsys, there is a possible memory corruption due to improper input ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20801 (In imgsys,there is a possible use after free due to a race condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20800 (In imgsys, there is a possible system crash due to a mssing ptr check. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20799
RESERVED
CVE-2023-20798 (In pda, there is a possible out of bounds read due to an incorrect cal ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20797 (In camera middleware, there is a possible out of bounds write due to a ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20796 (In power, there is a possible memory corruption due to an incorrect bo ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20795 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20794
RESERVED
CVE-2023-20793 (In apu, there is a possible memory corruption due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20792
RESERVED
CVE-2023-20791
RESERVED
CVE-2023-20790 (In nvram, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20789 (In jpeg, there is a possible information disclosure due to a missing b ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20788 (In thermal, there is a possible use after free due to a race condition ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20787 (In thermal, there is a possible use after free due to a race condition ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20786 (In gps, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20785 (In audio, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20784 (In keyinstall, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20783 (In keyinstall, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20782 (In keyinstall, there is a possible information disclosure due to a mis ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20781 (In keyinstall, there is a possible memory corruption due to a missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20780 (In keyinstall, there is a possible information disclosure due to a mis ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20779
RESERVED
CVE-2023-20778
@@ -54595,15 +54595,15 @@ CVE-2023-20220
CVE-2023-20219
RESERVED
CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20217
RESERVED
CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20214 (A vulnerability in the request authentication validation for the REST ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20213
RESERVED
CVE-2023-20212
@@ -54623,7 +54623,7 @@ CVE-2023-20206
CVE-2023-20205
RESERVED
CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20203
RESERVED
CVE-2023-20202
@@ -54669,7 +54669,7 @@ CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software
CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
NOT-FOR-US: Cisco
CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
NOT-FOR-US: Cisco
CVE-2023-20179
@@ -81409,7 +81409,7 @@ CVE-2022-34455
CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buff ...)
NOT-FOR-US: Dell
CVE-2022-34453 (Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper acc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* con ...)
NOT-FOR-US: Dell
CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...)
@@ -97989,7 +97989,7 @@ CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energ
CVE-2022-28610
RESERVED
CVE-2022-26838 (Path traversal vulnerability in Importing Mobile Device Data of Cybozu ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
- plantuml <unfixed> (bug #1039989)
[bookworm] - plantuml <no-dsa> (Minor issue)
@@ -207512,7 +207512,7 @@ CVE-2020-26084 (A vulnerability in the REST API of Cisco Edge Fog Fabric could a
CVE-2020-26083 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2020-26082 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-26081 (Multiple vulnerabilities in the web UI of Cisco IoT Field Network Dire ...)
NOT-FOR-US: Cisco
CVE-2020-26080 (A vulnerability in the user management functionality of Cisco IoT Fiel ...)
@@ -207546,9 +207546,9 @@ CVE-2020-26067
CVE-2020-26066
RESERVED
CVE-2020-26065 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-26064 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-26063
RESERVED
CVE-2020-26062
@@ -213529,7 +213529,7 @@ CVE-2020-23566 (Irfanview v4.53 was discovered to contain an infinity loop via J
CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via a craft ...)
NOT-FOR-US: IrfanView
CVE-2020-23564 (File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2020-23563 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
NOT-FOR-US: IrfanView
CVE-2020-23562 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
@@ -219521,7 +219521,7 @@ CVE-2020-20810
CVE-2020-20809
RESERVED
CVE-2020-20808 (Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before ...)
- TODO: check
+ NOT-FOR-US: Qibosoft
CVE-2020-20807
RESERVED
CVE-2020-20806
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/685659e3bd7b1c0458f296fb02277ebf903cd9a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/685659e3bd7b1c0458f296fb02277ebf903cd9a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230807/5a685413/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list