[Git][security-tracker-team/security-tracker][master] NFUs

Tue Dec 12 16:12:06 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18d41a1f by Moritz Muehlenhoff at 2023-12-12T17:11:38+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...)
-	NOT-FOR-US: Devolutions
+	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-6547 (Mattermost fails to validate team membership when a user attempts to a ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unb ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare quiche
 CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...)
 	TODO: check
 CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: SAS
 CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...)
 	- espeak-ng <unfixed>
 	[bookworm] - espeak-ng <no-dsa> (Minor issue)
@@ -41,8 +41,9 @@ CVE-2023-49809 (Mattermost fails to handle a null request body in the /add endpo
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI ...)
 	NOT-FOR-US: NetBIOS service of HMI GC-A2 series
+	NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...)
-	NOT-FOR-US: Elecom
+	NOT-FOR-US: ELECOM
 CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
 	NOT-FOR-US: Siemens
 CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
@@ -52,9 +53,9 @@ CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body req
 CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allow ...)
 	NOT-FOR-US: Voltronic Power SNMP Web Pro
 CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC- ...)
-	TODO: check
+	NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link service  ...)
-	TODO: check
+	NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions < V1.0  ...)
@@ -92,11 +93,11 @@ CVE-2023-45847 (Mattermost fails to to check the length when setting the title i
 CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in /plugins/ ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC- ...)
-	TODO: check
+	NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL injection vuln ...)
-	TODO: check
+	NOT-FOR-US: EMlog
 CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	NOT-FOR-US: mlflow
 CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for Android, ...)
@@ -63104,9 +63105,9 @@ CVE-2023-21675 (Windows Kernel Elevation of Privilege Vulnerability)
 CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section  ...)
@@ -66970,7 +66971,7 @@ CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This
 CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in flash memor ...)
 	NOT-FOR-US: Siemens
 CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the debug zip ...)
 	NOT-FOR-US: Siemens
 CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
@@ -79456,7 +79457,7 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XS
 CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an authenti ...)
 	NOT-FOR-US: Wiesemann & Theis GmbH products
 CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All versions >= ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -220821,7 +220822,7 @@ CVE-2020-28371 (An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-
 CVE-2020-28370
 	RESERVED
 CVE-2020-28369 (In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7 ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive  ...)
 	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
@@ -260564,13 +260565,13 @@ CVE-2020-12617
 CVE-2020-12616
 	RESERVED
 CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
 	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12611
 	RESERVED
 CVE-2020-12610



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/63ad5f00/attachment.htm>
