[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 10 21:55:46 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6baf211b by Salvatore Bonaccorso at 2023-08-10T22:55:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,19 +144,19 @@ CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
 CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in  ...)
 	NOT-FOR-US: Ivanti
 CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32561 (A previously generated artifact by an administrator could be accessed  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
 	- postgresql-15 15.4-1
 	- postgresql-13 <not-affected> (Only affects 15.x)
@@ -433,7 +433,7 @@ CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...)
 	TODO: check
 CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Farmakom Remote Administration Console
 CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Oduyo Online Collection Software
 CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -447,7 +447,7 @@ CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: a2 Camera Trap Tracking System
 CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens Solid Edge
 CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...)
 	TODO: check
 CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...)
@@ -459,7 +459,7 @@ CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All ve
 CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...)
 	TODO: check
 CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...)
 	NOT-FOR-US: Zoom
 CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow  ...)
@@ -515,9 +515,9 @@ CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 al
 CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...)
-	TODO: check
+	NOT-FOR-US: wger Project wger Workout Manager
 CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...)
-	TODO: check
+	NOT-FOR-US: wger Project wger Workout Manager
 CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
 	NOT-FOR-US: Siemens
 CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
@@ -601,13 +601,13 @@ CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cros
 CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: Judging Management System
 CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...)
-	TODO: check
+	NOT-FOR-US: Bitberry File Opener
 CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...)
-	TODO: check
+	NOT-FOR-US: ESDS Emagic Data Center Management Suit
 CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass  ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
@@ -689,61 +689,61 @@ CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may
 CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...)
 	NOT-FOR-US: Zoom
 CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic View Console
 CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...)
-	TODO: check
+	NOT-FOR-US: Adiscon Aiscon LogAnalyzer
 CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers
 CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
 	TODO: check
 CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...)
 	NOT-FOR-US: Microsoft .NET
 CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft .NET
 CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
 	TODO: check
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/48f75e29/attachment.htm>


More information about the debian-security-tracker-commits mailing list