[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 14 12:44:06 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c8aa792 by Moritz Muehlenhoff at 2023-07-14T13:43:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,63 +1,64 @@
 CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
-	TODO: check
+	- froxlor <itp> (bug #581792)
 CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
 	TODO: check
 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14  ...)
 	TODO: check
 CVE-2023-3514 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer  ...)
-	TODO: check
+	NOT-FOR-US: Razer
 CVE-2023-3513 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer  ...)
-	TODO: check
+	NOT-FOR-US: Razer
 CVE-2023-38286 (Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spr ...)
-	TODO: check
+	NOT-FOR-US: thymeleaf
 CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows prior  ...)
-	TODO: check
+	NOT-FOR-US: thymeleafPanda Security VPN
 CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...)
-	TODO: check
+	NOT-FOR-US: Dede CMS
 CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...)
 	TODO: check
 CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...)
 	TODO: check
 CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37721 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37719 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37718 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37717 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0,  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37716 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0,  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37715 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37714 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-37599 (An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain s ...)
-	TODO: check
+	NOT-FOR-US: issabel-pbx
 CVE-2023-37598 (A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0 ...)
-	TODO: check
+	NOT-FOR-US: issabel-pbx
 CVE-2023-37468 (Feedbacksystem is a personalized feedback system for students using ar ...)
-	TODO: check
+	NOT-FOR-US: Feedbacksystem
 CVE-2023-37466 (vm2 is an advanced vm/sandbox for Node.js. The library contains critic ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2023-37278 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-37275 (Auto-GPT is an experimental open-source application showcasing the cap ...)
-	TODO: check
+	NOT-FOR-US: Auto-GPT
 CVE-2023-37274 (Auto-GPT is an experimental open-source application showcasing the cap ...)
-	TODO: check
+	NOT-FOR-US: Auto-GPT
 CVE-2023-37273 (Auto-GPT is an experimental open-source application showcasing the cap ...)
-	TODO: check
+	NOT-FOR-US: Auto-GPT
 CVE-2023-37272 (JS7 is an Open Source Job Scheduler. Users specify file names when upl ...)
-	TODO: check
+	NOT-FOR-US: JS7
 CVE-2023-36473 (Discourse is an open source discussion platform. A CSP (Content Securi ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2023-35945 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
 	NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
@@ -91,25 +92,25 @@ CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. W
 CVE-2023-35070 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: VegaGroup Web Collection
 CVE-2023-34458 (mx-chain-go is the official implementation of the MultiversX blockchai ...)
-	TODO: check
+	NOT-FOR-US: mx-chain-go
 CVE-2023-33768 (Incorrect signature verification of the firmware during the Device Fir ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2023-31825 (An issue found in Inageya v.13.4.1 allows a remote attacker to gain ac ...)
-	TODO: check
+	NOT-FOR-US: Inageya
 CVE-2023-31824 (An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote at ...)
-	TODO: check
+	NOT-FOR-US: DERICIA
 CVE-2023-31823 (An issue found in Marui Co Marui Official app v.13.6.1 allows a remote ...)
 	NOT-FOR-US: Marui Co Marui Official app
 CVE-2023-31822 (An issue found in Entetsu Store v.13.4.1 allows a remote attacker to g ...)
 	NOT-FOR-US: Entetsu Store
 CVE-2023-31821 (An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: ALBIS
 CVE-2023-31820 (An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: Shizutetsu Store
 CVE-2023-31819 (An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a ...)
-	TODO: check
+	NOT-FOR-US: KEISEI Store
 CVE-2023-31705 (A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2023-31704 (Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to I ...)
 	NOT-FOR-US: Sourcecodester Online Computer and Laptop Store
 CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -125,41 +126,41 @@ CVE-2023-3343 (The User Registration plugin for WordPress is vulnerable to PHP O
 CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbitrary  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: PlatPlay DSr
 CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
 	TODO: check
 CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via  ...)
-	TODO: check
+	NOT-FOR-US: acme.sh
 CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...)
 	TODO: check
 CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC- ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37567 (ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a  ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37566 (ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers allows a n ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37563 (Exposure of sensitive information to an unauthorized actor issue exist ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167 ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37561 (Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM  ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37560 (Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, a ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2023-37415 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
-	TODO: check
+	NOT-FOR-US: Apache Airflow Apache Hive Provider
 CVE-2023-35694 (In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a pos ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (samsung_slsi)
 CVE-2023-35693 (In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corrupt ...)
-	NOT-FOR-US: Android
-CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check.  ...)
 	TODO: check
+CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check.  ...)
+	NOT-FOR-US: Android
 CVE-2023-35069 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Bullwark
 CVE-2023-34137 (SonicWall GMS and Analytics CAS Web Services application use static va ...)
 	NOT-FOR-US: SonicWall
 CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthenticated at ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c8aa79226fa9915656b336e91736c9bc68a9f16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c8aa79226fa9915656b336e91736c9bc68a9f16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/cb281a76/attachment.htm>

More information about the debian-security-tracker-commits mailing list