[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 5 12:21:35 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3c25694 by Moritz Muehlenhoff at 2023-12-05T13:20:54+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-49070
+	NOT-FOR-US: Apache OFBiz
 CVE-2023-6269 (An argument injection vulnerability has been identified in the  admini ...)
 	NOT-FOR-US: Atos
 CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not properly s ...)
@@ -37,17 +39,17 @@ CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin through 1.0.4 does n
 CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has a vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation  ...)
 	NOT-FOR-US: Vite
 CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1  ...)
 	TODO: check
 CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...)
-	TODO: check
+	NOT-FOR-US: Github action
 CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/J ...)
-	TODO: check
+	NOT-FOR-US: lestrrat-go/jwx
 CVE-2023-49289 (Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP ...)
-	TODO: check
+	NOT-FOR-US: Ajax.NET Professional
 CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS, Linux, ...)
 	- fish <unfixed> (bug #1057455)
 	[bookworm] - fish <no-dsa> (Minor issue)
@@ -96,87 +98,87 @@ CVE-2023-45779 (In TBD of TBD, there is a possible malicious update to platform
 CVE-2023-45777 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...)
 	NOT-FOR-US: Android
 CVE-2023-45776 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-45775 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-45774 (In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-45773 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-44295 (Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an imp ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44288 (Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper c ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-43472 (An issue in MLFlow versions 2.8.1 and before allows a remote attacker  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-42581 (Improper URL validation from InstantPlay deeplink in Galaxy Store prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42580 (Improper URL validation from MCSLaunch deeplink in Galaxy Store prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42579 (Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42578 (Improper handling of insufficient permissions or privileges vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42577 (Improper Access Control in Samsung Voice Recorder prior to versions 21 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42576 (Improper Authentication vulnerability in Samsung Pass prior to version ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42575 (Improper Authentication vulnerability in Samsung Pass prior to version ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42574 (Improper access control vulnerablility in GameHomeCN prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42573 (PendingIntent hijacking vulnerability in Search Widget prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42572 (Implicit intent hijacking vulnerability in Samsung Account Web SDK pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42571 (Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 all ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42570 (Improper access control vulnerability in KnoxCustomManagerService prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42569 (Improper authorization verification vulnerability in AR Emoji prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42568 (Improper access control vulnerability in SmartManagerCN prior to SMR D ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42567 (Improper size check vulnerability in softsimd prior to SMR Dec-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42566 (Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42565 (Improper input validation vulnerability in Smart Clip prior to SMR Dec ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42564 (Improper access control in knoxcustom service prior to SMR Dec-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42563 (Integer overflow vulnerability in landmarkCopyImageToNative of libFace ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42562 (Integer overflow vulnerability in detectionFindFaceSupportMultiInstanc ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42561 (Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42560 (Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.s ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42559 (Improper exception management vulnerability in Knox Guard prior to SMR ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42558 (Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42557 (Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42556 (Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-40465 (Several versions of ALEOS, including ALEOS 4.16.0, include an opensour ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded     ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40463 (When configured in debugging mode by an authenticated user with    adm ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not    perform ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an    authen ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not    validat ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40459 (The ACEManager component of ALEOS 4.16 and earlier does not adequately ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2023-40103 (In multiple locations, there is a possible way to corrupt memory due t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-40098 (In mOnDone of NotificationConversationInfo.java, there is a possible w ...)
 	TODO: check
 CVE-2023-40097 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c256949411add1ab79ff8f6d9b1d63474bc644

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3c256949411add1ab79ff8f6d9b1d63474bc644
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/7418ce7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list