[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 7 12:18:10 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83b26d61 by Moritz Muehlenhoff at 2023-07-07T13:17:34+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A cra
CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...)
- linux <unfixed>
CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...)
- TODO: check
+ NOT-FOR-US: league/oauth2-server
CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful ...)
NOT-FOR-US: Huawei
CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...)
@@ -143,11 +143,11 @@ CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Su
CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...)
NOT-FOR-US: Huawei
CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...)
- TODO: check
+ NOT-FOR-US: PX4-Autopilot
CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-32258
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
@@ -186,11 +186,11 @@ CVE-2023-32247 [ksmbd: destroy expired sessions]
CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository fossbillin ...)
NOT-FOR-US: fossbilling
CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
- TODO: check
+ NOT-FOR-US: openitcockpit
CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content management s ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2023-36827 (Fides is an open-source privacy engineering platform for managing the ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulne ...)
NOT-FOR-US: Uptime Kuma
CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authenticated at ...)
@@ -232,7 +232,7 @@ CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (
CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Pr ...)
- TODO: check
+ NOT-FOR-US: protobuf.js
CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated o ...)
NOT-FOR-US: Loxone Miniserver Go
CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before 14.2 is cal ...)
@@ -6600,9 +6600,9 @@ CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper perm
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...)
NOT-FOR-US: Huawei
CVE-2023-31194 (An access violation vulnerability exists in the GraphPlanar::Write fun ...)
- TODO: check
+ NOT-FOR-US: Diagon
CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequence::Dra ...)
- TODO: check
+ NOT-FOR-US: Diagon
CVE-2023-2314
RESERVED
CVE-2023-2313
@@ -8368,83 +8368,83 @@ CVE-2023-30680
CVE-2023-30679
RESERVED
CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar application pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30675 (Improper authentication in Samsung Pass prior to version 4.2.03.1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30674 (Improper configuration in Samsung Internet prior to version 21.0.0.41 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart Switch P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart Switch fo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30671 (Logic error in package installation via adb command prior to SMR Jul-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30667 (Improper access control in Audio system service prior to SMR Jul-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30666 (Improper input validation vulnerability in DoOemImeiSetPreconfig in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in libsec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30663 (Improper input validation vulnerability in OemPersonalizationSetLock i ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds in UwbAo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30661 (Exposure of Sensitive Information vulnerability in getChipInfos in Uwb ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30660 (Exposure of Sensitive Information vulnerability in getDefaultChipId in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30659 (Improper input validation vulnerability in Transaction prior to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30657 (Improper input validation vulnerability in EnhancedAttestationResult p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30654
RESERVED
CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput HAL servic ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL se ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput HAL servic ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL service ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30648 (Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30647 (Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RIL ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of RILD pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of RILD prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes Service p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR Jul-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored ...)
NOT-FOR-US: Archer
CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...)
@@ -8529,7 +8529,7 @@ CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In af
NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a (0.1.15)
NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb (0.4.4)
CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian Jira. Start ...)
- TODO: check
+ NOT-FOR-US: icingaweb2-module-jira
CVE-2023-30606 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...)
@@ -9548,21 +9548,21 @@ CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client
CVE-2023-30327
RESERVED
CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in /WebCont ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in /src/chatbotap ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30324
RESERVED
CVE-2023-30323 (SQL Injection vulnerability in username field in /src/chatbotapp/chatW ...)
- TODO: check
+ NOT-FOR-US: Payatu chatengine
CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...)
- TODO: check
+ NOT-FOR-US: Payatu chatengine
CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30318
RESERVED
CVE-2023-30317
@@ -9814,7 +9814,7 @@ CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinvento
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
NOT-FOR-US: Prestashop
CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up to 1.1. ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Prestashop
CVE-2023-30193
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b26d61edae2a0fa9657d69b79815de3beb7baa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b26d61edae2a0fa9657d69b79815de3beb7baa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230707/afc0260c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list