[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 5 14:40:22 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cd8fcea by Moritz Muehlenhoff at 2023-07-05T15:39:57+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -452,7 +452,7 @@ CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privilege
CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...)
NOT-FOR-US: Property Cloud Platform Management Center
CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical information o ...)
- TODO: check
+ NOT-FOR-US: Telegram on iOS
CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communi ...)
NOT-FOR-US: Xiamen Si Xin Communication Technology Video management system
CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been identifi ...)
@@ -21581,11 +21581,11 @@ CVE-2023-26137
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...)
TODO: check
CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...)
- TODO: check
+ NOT-FOR-US: Node flatnest
CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Node git-commit-info
CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...)
- TODO: check
+ NOT-FOR-US: progressbar.js
CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...)
TODO: check
CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...)
@@ -21599,7 +21599,7 @@ CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vu
CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...)
NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng)
CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...)
- TODO: check
+ NOT-FOR-US: Node keep-module-latest
CVE-2023-26127 (All versions of the package n158 are vulnerable to Command Injection d ...)
TODO: check
CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...)
@@ -21691,7 +21691,7 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- gitlab 15.10.8+ds1-2
CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...)
NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
@@ -21725,7 +21725,7 @@ CVE-2023-26087
CVE-2023-26086
RESERVED
CVE-2023-26085 (A possible out-of-bounds read and write (due to an improper length che ...)
- TODO: check
+ NOT-FOR-US: Arm NN Android-NN-Driver
CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...)
NOT-FOR-US: AArch64cryptolib
CVE-2023-26083 (Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Ker ...)
@@ -22003,7 +22003,7 @@ CVE-2023-26015
CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...)
@@ -22081,7 +22081,7 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Int
CVE-2023-25975
RESERVED
CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...)
@@ -22103,7 +22103,7 @@ CVE-2023-25965
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...)
@@ -22161,11 +22161,11 @@ CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link res
CVE-2023-25939
RESERVED
CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25935
RESERVED
CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...)
@@ -23267,7 +23267,7 @@ CVE-2023-25647
CVE-2023-25646
RESERVED
CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25644
RESERVED
CVE-2023-25643
@@ -23715,15 +23715,15 @@ CVE-2023-25524
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
TODO: check
CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
TODO: check
CVE-2023-25519
RESERVED
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
TODO: check
CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
@@ -23818,9 +23818,9 @@ CVE-2023-25502
CVE-2023-25501
RESERVED
CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2023-24019
RESERVED
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
@@ -24156,7 +24156,7 @@ CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In
CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...)
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...)
- TODO: check
+ NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25365
RESERVED
CVE-2023-25364
@@ -24290,9 +24290,9 @@ CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui v
CVE-2023-25308
RESERVED
CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: nothub mrpack-install
CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.)
- TODO: check
+ NOT-FOR-US: MultiMC Launcher
CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...)
NOT-FOR-US: PolyMC Launcher
CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.)
@@ -24603,13 +24603,13 @@ CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSc
CVE-2023-25189
RESERVED
CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
- TODO: check
+ NOT-FOR-US: NOKIA
CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
- TODO: check
+ NOT-FOR-US: NOKIA
CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
- TODO: check
+ NOT-FOR-US: NOKIA
CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
- TODO: check
+ NOT-FOR-US: NOKIA
CVE-2023-25074
RESERVED
CVE-2023-24590
@@ -25117,13 +25117,13 @@ CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD fi
CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is used t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to trigger ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-0634
REJECTED
CVE-2023-0633
@@ -25524,13 +25524,13 @@ CVE-2023-0601
CVE-2023-24855
RESERVED
CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24853
RESERVED
CVE-2023-24852
RESERVED
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24850
RESERVED
CVE-2023-24849
@@ -27441,7 +27441,7 @@ CVE-2023-24263
CVE-2023-24262
RESERVED
CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows ...)
- TODO: check
+ NOT-FOR-US: GL.iNET
CVE-2023-24260
RESERVED
CVE-2023-24259
@@ -27481,7 +27481,7 @@ CVE-2023-24245
CVE-2023-24244
RESERVED
CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...)
- TODO: check
+ NOT-FOR-US: CData RSB Connect
CVE-2023-24242
RESERVED
CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230705/35bf9586/attachment.htm>
More information about the debian-security-tracker-commits
mailing list