[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 5 10:30:07 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e651ad6 by Moritz Muehlenhoff at 2023-07-05T11:29:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin users to exp ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in Apache A ...)
- TODO: check
+ NOT-FOR-US: Apache Any23
CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of service]
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
@@ -76,7 +76,7 @@ CVE-2023-3503 (A vulnerability has been found in SourceCodester Shopping Website
CVE-2023-3502 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Shopping Website
CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated state para ...)
- TODO: check
+ NOT-FOR-US: @fastify/oauth2
CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...)
@@ -11223,7 +11223,7 @@ CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell
CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...)
- TODO: check
+ NOT-FOR-US: laola.redbull
CVE-2023-29458
RESERVED
CVE-2023-29457
@@ -13618,7 +13618,6 @@ CVE-2023-25180
NOTE: Be careful. Original fix introduces new bugs.
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
- TODO: isolate required commits from merge commit
CVE-2023-24593
RESERVED
- glib2.0 2.74.4-1
@@ -13630,7 +13629,6 @@ CVE-2023-24593
NOTE: Be careful. Original fix introduces new bugs.
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
- TODO: isolate required commits from merge commit
CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...)
NOT-FOR-US: Rebuild
CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...)
@@ -14477,7 +14475,7 @@ CVE-2023-28544
CVE-2023-28543
RESERVED
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
NOT-FOR-US: Qualcomm
CVE-2023-28540
@@ -15121,9 +15119,9 @@ CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G
CVE-2023-28366
RESERVED
CVE-2023-28365 (A backup file vulnerability found in UniFi applications (Version 7.3.8 ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117, where ...)
- TODO: check
+ - brave-browser <itp> (bug #864795)
CVE-2023-28363
RESERVED
CVE-2023-28362
@@ -15699,7 +15697,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed with improved input validati
CVE-2023-28203
RESERVED
CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...)
NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...)
@@ -15721,7 +15719,7 @@ CVE-2023-28193
CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
CVE-2023-28191 (This issue was addressed with improved redaction of sensitive informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...)
NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -16259,7 +16257,7 @@ CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A
CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -16550,7 +16548,7 @@ CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2023-27964 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...)
@@ -16601,7 +16599,7 @@ CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27939
RESERVED
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...)
@@ -16624,7 +16622,7 @@ CVE-2023-27932 (This issue was addressed with improved state management. This is
CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
CVE-2023-27930 (A type confusion issue was addressed with improved checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...)
@@ -16686,7 +16684,7 @@ CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that may
CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk\xae FBX\xae SDK versi ...)
NOT-FOR-US: Autodesk
CVE-2023-27908 (A maliciously crafted DLL file can be forced to write beyond allocated ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27907 (A malicious actor may convince a victim to open a malicious USD file t ...)
NOT-FOR-US: Autodesk
CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD file t ...)
@@ -18012,7 +18010,7 @@ CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/netwo
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
NOT-FOR-US: SourceCodester Electronic Medical Records System
CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x products m ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
@@ -18817,7 +18815,7 @@ CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Pr
CVE-2023-27244
RESERVED
CVE-2023-27243 (An access control issue in Makves DCAP v3.0.0.122 allows unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Makves DCAP
CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...)
NOT-FOR-US: SourceCodester Loan Management System
CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to contain a c ...)
@@ -20778,25 +20776,25 @@ CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows auth
NOTE: https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8 (rec-4.7.5)
NOTE: https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f (rec-4.8.4)
CVE-2023-26436 (Attackers with access to the "documentconverterws" API were able to in ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26435 (It was possible to call filesystem and network references using the lo ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26434 (When adding an external mail account, processing of POP3 "capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26433 (When adding an external mail account, processing of IMAP "capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26430
RESERVED
CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26427 (Default permissions for a properties file were too permissive. Local s ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
@@ -21036,13 +21034,13 @@ CVE-2023-0974
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
NOT-FOR-US: STEPTools ifcmesh library
CVE-2023-0972 (Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlie ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0971 (A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows au ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0970 (Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK ve ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0969 (A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an a ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...)
NOT-FOR-US: Watu Quiz plugin for WordPress
CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal user ...)
@@ -21126,7 +21124,7 @@ CVE-2023-26301
CVE-2023-26300
RESERVED
CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
NOT-FOR-US: HP
CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
@@ -21245,7 +21243,7 @@ CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows sess
CVE-2023-26259
RESERVED
CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...)
- TODO: check
+ NOT-FOR-US: Arcserve
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
NOT-FOR-US: Connected Vehicle Systems Alliance
CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
@@ -21379,17 +21377,17 @@ CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/d
[buster] - glusterfs <no-dsa> (Minor issue)
NOTE: https://github.com/gluster/glusterfs/issues/3732
CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagPars ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVeri ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48334 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48333 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48332 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48331 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...)
{DSA-5360-1 DLA-3416-1}
- emacs 1:28.2+1-11 (bug #1031730)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e651ad63b1102281e7f6bb02a68c2367e9c5028
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e651ad63b1102281e7f6bb02a68c2367e9c5028
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230705/d2a1b85f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list