[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 5 20:37:40 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5d384a4 by Salvatore Bonaccorso at 2023-12-05T21:37:11+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,31 +45,31 @@ CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request
CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...)
TODO: check
CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...)
TODO: check
CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may come on ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy removal and r ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2023-45083 (An Improper Privilege Management vulnerability exists in HyperCloud th ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream Parsing f ...)
TODO: check
CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...)
- TODO: check
+ NOT-FOR-US: Buildroot
CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...)
TODO: check
CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPCno longer m ...)
@@ -43459,11 +43459,11 @@ CVE-2023-26945
CVE-2023-26944
RESERVED
CVE-2023-26943 (Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allo ...)
- TODO: check
+ NOT-FOR-US: Yale Keyless Lock
CVE-2023-26942 (Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allo ...)
- TODO: check
+ NOT-FOR-US: Yale IA-210 Alarm
CVE-2023-26941 (Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allo ...)
- TODO: check
+ NOT-FOR-US: Yale Conexis L1
CVE-2023-26940
RESERVED
CVE-2023-26939
@@ -52070,19 +52070,19 @@ CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2023-24053
RESERVED
CVE-2023-24052 (An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows att ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24051 (A client side rate limit issue discovered in Connectize AC21000 G6 641 ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24050 (Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641. ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24049 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24048 (Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24047 (An Insecure Credential Management issue discovered in Connectize AC210 ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24046 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...)
- TODO: check
+ NOT-FOR-US: Connectize AC21000 G6
CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...)
NOT-FOR-US: Dataiku
CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...)
@@ -56634,7 +56634,7 @@ CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading proc
CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-22668 (Memory Corruption in Audio while invoking IOCTLs calls from the user-s ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...)
NOT-FOR-US: Qualcomm
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...)
@@ -58992,7 +58992,7 @@ CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOL
CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...)
NOT-FOR-US: Qualcomm
CVE-2023-22383 (Memory Corruption in camera while installing a fd for a particular DMA ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...)
NOT-FOR-US: Qualcomm
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
@@ -60075,7 +60075,7 @@ CVE-2022-47533
CVE-2022-47532
RESERVED
CVE-2022-47531 (An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versi ...)
- TODO: check
+ NOT-FOR-US: Ericsson Evolved Packet Gateway (EPG)
CVE-2022-47530
RESERVED
CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...)
@@ -63828,7 +63828,7 @@ CVE-2023-21636 (Memory Corruption due to improper validation of array index in L
CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...)
NOT-FOR-US: Qualcomm
CVE-2023-21634 (Memory Corruption in Radio Interface Layer while sending an SMS or wri ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...)
NOT-FOR-US: Qualcomm
CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.)
@@ -70009,11 +70009,11 @@ CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead t
CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2023-21403 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21402 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21401 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
{DSA-5480-1 DLA-3623-1}
- linux 5.18.2-1
@@ -70300,7 +70300,7 @@ CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way
NOTE: https://source.android.com/docs/security/bulletin/2023-08-01
NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f
CVE-2023-21263 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
NOT-FOR-US: Android
CVE-2023-21261
@@ -70373,9 +70373,9 @@ CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is
CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2023-21228 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21227 (There is information disclosure.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21226 (In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a poss ...)
NOT-FOR-US: Android
CVE-2023-21225 (there is a possible way to bypass the protected confirmation screen du ...)
@@ -70393,13 +70393,13 @@ CVE-2023-21220 (there is a possible use of unencrypted transport over cellular n
CVE-2023-21219 (there is a possible use of unencrypted transport over cellular network ...)
NOT-FOR-US: Android
CVE-2023-21218 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21217 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21216 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21215 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21214 (In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible ou ...)
NOT-FOR-US: Android
CVE-2023-21213 (In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible ...)
@@ -70497,15 +70497,15 @@ CVE-2023-21168 (In convertCbYCrY of ColorConverter.cpp, there is a possible out
CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2023-21166 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21165
RESERVED
CVE-2023-21164 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21163 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21162 (There is elevation of privilege.)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21161 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
CVE-2023-21160 (In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d384a4e4171d116149cd4f4f20e5b590b8e4cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d384a4e4171d116149cd4f4f20e5b590b8e4cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/99283707/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list