[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 14 08:33:57 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e498844c by Salvatore Bonaccorso at 2023-12-14T09:33:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...)
- TODO: check
+ NOT-FOR-US: CodeAstro POS and Inventory Management System
CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...)
TODO: check
CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...)
TODO: check
CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...)
TODO: check
CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...)
TODO: check
CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
@@ -31,13 +31,13 @@ CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-V
CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
NOT-FOR-US: IBM
CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...)
TODO: check
CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...)
TODO: check
CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...)
@@ -57,25 +57,25 @@ CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged loca
CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...)
TODO: check
CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...)
NOT-FOR-US: IBM
CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...)
TODO: check
CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...)
- TODO: check
+ NOT-FOR-US: DedeBIZ
CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
- python-cryptography <unfixed>
NOTE: https://github.com/pyca/cryptography/issues/9785
@@ -37061,7 +37061,7 @@ CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "
NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)
CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
NOT-FOR-US: SAP
CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...)
@@ -48999,13 +48999,13 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...)
NOT-FOR-US: ZTE
CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
NOT-FOR-US: ZTE
CVE-2023-25646
@@ -49013,11 +49013,11 @@ CVE-2023-25646
CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
NOT-FOR-US: ZTE
CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
@@ -63396,7 +63396,7 @@ CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability)
CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/306fb3f8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list