[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 8 21:31:42 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e11cb08 by Salvatore Bonaccorso at 2023-08-08T22:31:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...)
TODO: check
CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...)
@@ -11,23 +11,23 @@ CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer ove
CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...)
NOT-FOR-US: TOTOLINK
CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: mAyaNet E-Commerce Software
CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...)
TODO: check
CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oduyo Online Collection Software
CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Digital Ant E-Commerce Software
CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Digital Ant E-Commerce Software
CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Digital Ant E-Commerce Software
CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: a2 License Portal System
CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: a2 Camera Trap Tracking System
CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
TODO: check
CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...)
@@ -43,11 +43,11 @@ CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs
CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
TODO: check
CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
TODO: check
CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -65,37 +65,37 @@ CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All ve
CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
TODO: check
CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-38815
REJECTED
CVE-2023-38814
REJECTED
CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...)
TODO: check
CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...)
@@ -133,55 +133,55 @@ CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All vers
CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...)
TODO: check
CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability)
TODO: check
CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability)
TODO: check
CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: Maid Hiring Management System
CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: Maid Hiring Management System
CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: Maid Hiring Management System
CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
- TODO: check
+ NOT-FOR-US: Online Nurse Hiring System
CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
- TODO: check
+ NOT-FOR-US: Online Nurse Hiring System
CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
- TODO: check
+ NOT-FOR-US: Online Nurse Hiring System
CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
- TODO: check
+ NOT-FOR-US: Online Nurse Hiring System
CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
- TODO: check
+ NOT-FOR-US: Online Nurse Hiring System
CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...)
TODO: check
CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...)
@@ -191,85 +191,85 @@ CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
TODO: check
CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36873 (.NET Framework Spoofing Vulnerability)
TODO: check
CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: PEStudio
CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...)
TODO: check
CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230808/af19a7c7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list