[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 14 08:33:57 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e498844c by Salvatore Bonaccorso at 2023-12-14T09:33:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro POS and Inventory Management System
 CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...)
 	TODO: check
 CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before  ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
-	TODO: check
+	NOT-FOR-US: PRIMX
 CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...)
 	TODO: check
 CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...)
 	TODO: check
 CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...)
-	TODO: check
+	NOT-FOR-US: CKAN
 CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...)
 	TODO: check
 CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
@@ -31,13 +31,13 @@ CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-V
 CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
 	NOT-FOR-US: IBM
 CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...)
 	TODO: check
 CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...)
 	TODO: check
 CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...)
@@ -57,25 +57,25 @@ CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged loca
 CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...)
 	TODO: check
 CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...)
 	NOT-FOR-US: IBM
 CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...)
 	TODO: check
 CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...)
-	TODO: check
+	NOT-FOR-US: DedeBIZ
 CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
 	- python-cryptography <unfixed>
 	NOTE: https://github.com/pyca/cryptography/issues/9785
@@ -37061,7 +37061,7 @@ CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "
 	NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
 	NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)
 CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
 	NOT-FOR-US: SAP
 CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to  ...)
@@ -48999,13 +48999,13 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
 	NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
 CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...)
 	NOT-FOR-US: ZTE
 CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
 	NOT-FOR-US: ZTE
 CVE-2023-25646
@@ -49013,11 +49013,11 @@ CVE-2023-25646
 CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
 	NOT-FOR-US: ZTE
 CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
 	- ampache <removed>
 CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
@@ -63396,7 +63396,7 @@ CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability)
 CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/306fb3f8/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list