[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 11 22:28:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b447c3d by Salvatore Bonaccorso at 2023-08-11T23:27:32+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -597,7 +597,7 @@ CVE-2023-39518 (social-media-skeleton is an uncompleted social media project imp
CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...)
- TODO: check
+ NOT-FOR-US: Dangerzone
CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...)
@@ -805,7 +805,7 @@ CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability)
CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...)
NOT-FOR-US: Microsoft
CVE-2023-36873 (.NET Framework Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability)
@@ -998,9 +998,9 @@ CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior t
CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...)
TODO: check
CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Ma ...)
- TODO: check
+ NOT-FOR-US: Vyer
CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2023-38940 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were di ...)
NOT-FOR-US: Tenda
CVE-2023-38939 (Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a ...)
@@ -1062,9 +1062,9 @@ CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.2
[buster] - krb5 <postponed> (Minor issue, DoS)
NOTE: https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2023-34476 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2023-32783 (The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 a ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-32090 (Pega platform clients who are using versions 6.1 through 7.3.1 may be ...)
@@ -11896,7 +11896,7 @@ CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to
CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...)
NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima
CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31220
RESERVED
CVE-2023-31219
@@ -13082,9 +13082,9 @@ CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framewo
CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...)
NOT-FOR-US: Netflix Lemur
CVE-2023-30796 (A vulnerability has been identified in JT Open (All versions < V11.4), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-30795 (A vulnerability has been identified in JT Open (All versions < V11.4), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net/can/ ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.162-1
@@ -13519,59 +13519,59 @@ CVE-2023-30707
CVE-2023-30706
RESERVED
CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30703 (Improper URL validation vulnerability in Samsung Members prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30702 (Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG EL ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30701 (PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30700 (PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in frame ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30699 (Out-of-bounds write vulnerability in parser_hvcC function of libsimba ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30698 (Improper access control vulnerability in TelephonyUI prior to SMR Aug- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30697 (An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30696 (An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30695 (Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSU ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30694 (Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30692
RESERVED
CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30690
RESERVED
CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-r ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30687 (Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30686 (Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30685 (Improper access control vulnerability in Telecom prior to SMR Aug-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30684 (Improper access control in Samsung Telecom prior to SMR Aug-2023 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30683 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30682 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30681 (An improper input validation vulnerability within initialize function ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30680 (Improper privilege management vulnerability in MMIGroup prior to SMR A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30679 (Improper access control in HDCP trustlet prior to SMR Aug-2023 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar application pri ...)
NOT-FOR-US: Samsung
CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to version ...)
@@ -13621,7 +13621,7 @@ CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior to
CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior to SMR Ju ...)
NOT-FOR-US: Samsung
CVE-2023-30654 (Improper access control vulnerability in SLocationService prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput HAL servic ...)
NOT-FOR-US: Samsung
CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL se ...)
@@ -13847,7 +13847,7 @@ CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-wri
CVE-2023-29504
RESERVED
CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29162
RESERVED
CVE-2023-28740
@@ -14363,9 +14363,9 @@ CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable
CVE-2023-30483
RESERVED
CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30480
RESERVED
CVE-2023-30479
@@ -16770,7 +16770,7 @@ CVE-2023-29244
CVE-2023-29165
RESERVED
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28741
RESERVED
CVE-2023-28715
@@ -16780,7 +16780,7 @@ CVE-2023-28397
CVE-2023-28396
RESERVED
CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22313
RESERVED
CVE-2023-22310
@@ -17394,11 +17394,11 @@ CVE-2023-29332
CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29329
RESERVED
CVE-2023-29328 (Microsoft Teams Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-29327
RESERVED
CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
@@ -17418,7 +17418,7 @@ CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affe
CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2023-29320 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
@@ -17452,7 +17452,7 @@ CVE-2023-29305
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
@@ -17460,7 +17460,7 @@ CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and ear
CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2023-29299 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b447c3d247e82e4ac92c13859b283049a5c2a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b447c3d247e82e4ac92c13859b283049a5c2a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230811/4b15722e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list