[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 11 22:10:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a1f284f by Salvatore Bonaccorso at 2023-08-11T23:10:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distributi
 	- fastdds 2.10.1+ds-2
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp
 CVE-2023-32267 (A potential vulnerability has been identified in OpenText / Micro Focu ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging result ...)
@@ -54,7 +54,7 @@ CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before
 CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
 	NOT-FOR-US: MISP
 CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...)
 	- php8.2 <unfixed>
 	- php7.4 <removed>
@@ -70,7 +70,7 @@ CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2
 	NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30)
 	NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
 CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
-	TODO: check
+	NOT-FOR-US: Apache Airflow Drill Provider
 CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows reflected  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37513 (When the app is put to the background and the user goes to the task sw ...)
@@ -80,7 +80,7 @@ CVE-2023-37512 (When the app is put to the background and the user goes to the t
 CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a certain  ...)
 	NOT-FOR-US: HCL
 CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, if exploi ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds Serv-U
 CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...)
 	NOT-FOR-US: Intel
 CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID softwar ...)
@@ -96,31 +96,31 @@ CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software f
 CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...)
 	NOT-FOR-US: Intel
 CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in v ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NU ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32609 (Improper access control in the Intel Unite(R) android application befo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software for Inte ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware before versi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may allow a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool software befor ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Inte ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) NUCs may  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID software for  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before versi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling]
 	- gst-plugins-ugly1.0 <unfixed>
 	- gst-plugins-ugly0.10 <removed>
@@ -163,7 +163,7 @@ CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open so
 CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio calls thr ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Talk Android
 CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...)
 	NOT-FOR-US: Notes app for NextCloud
 CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...)
@@ -837,7 +837,7 @@ CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon Log
 CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...)
 	NOT-FOR-US: PHPJabbers
 CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...)
@@ -885,7 +885,7 @@ CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GT
 CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230811/d026a345/attachment.htm>

More information about the debian-security-tracker-commits mailing list