[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 8 21:31:42 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e11cb08 by Salvatore Bonaccorso at 2023-08-08T22:31:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Doctors Appointment System
 CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...)
 	TODO: check
 CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow  ...)
@@ -11,23 +11,23 @@ CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer ove
 CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow  ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: mAyaNet E-Commerce Software
 CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...)
 	TODO: check
 CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Oduyo Online Collection Software
 CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Digital Ant E-Commerce Software
 CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Digital Ant E-Commerce Software
 CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Digital Ant E-Commerce Software
 CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: a2 License Portal System
 CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: a2 Camera Trap Tracking System
 CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
 	TODO: check
 CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...)
@@ -43,11 +43,11 @@ CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs
 CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
 	TODO: check
 CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
 	TODO: check
 CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -65,37 +65,37 @@ CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All ve
 CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
 	TODO: check
 CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-38815
 	REJECTED
 CVE-2023-38814
 	REJECTED
 CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...)
 	TODO: check
 CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...)
@@ -133,55 +133,55 @@ CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All vers
 CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...)
 	TODO: check
 CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability)
 	TODO: check
 CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability)
 	TODO: check
 CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Maid Hiring Management System
 CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Maid Hiring Management System
 CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Maid Hiring Management System
 CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
-	TODO: check
+	NOT-FOR-US: Online Nurse Hiring System
 CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
-	TODO: check
+	NOT-FOR-US: Online Nurse Hiring System
 CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
-	TODO: check
+	NOT-FOR-US: Online Nurse Hiring System
 CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
-	TODO: check
+	NOT-FOR-US: Online Nurse Hiring System
 CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...)
-	TODO: check
+	NOT-FOR-US: Online Nurse Hiring System
 CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Judging Management System
 CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...)
 	TODO: check
 CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...)
@@ -191,85 +191,85 @@ CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
 CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
 	TODO: check
 CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36873 (.NET Framework Spoofing Vulnerability)
 	TODO: check
 CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: PEStudio
 CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...)
 	TODO: check
 CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230808/af19a7c7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list