[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 14 13:52:10 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17c428e5 by Moritz Muehlenhoff at 2023-07-14T14:51:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -176,25 +176,25 @@ CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthentica
 CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics allows a r ...)
 	NOT-FOR-US: SonicWall
 CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34132 (Use of password hash instead of password for authentication vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TE ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34129 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS and Anal ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an authenticated a ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an authentica ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics Web Servic ...)
 	NOT-FOR-US: SonicWall
 CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, So ...)
@@ -202,7 +202,7 @@ CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall G
 CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains  ...)
 	NOT-FOR-US: PowerShield SNMP Web Pro
 CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Florist Site
 CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab 15.11.11+ds1-1
 CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -264,65 +264,65 @@ CVE-2023-37455 (The permission request prompt from the site in the background ta
 CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop version ...)
 	TODO: check
 CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due to a miss ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a missing ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33903 (In FM service, there is a possible missing params check.  This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33902 (In bluetooth service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33901 (In bluetooth service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33900 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33899 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33898 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33895 (In fastDial service, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33894 (In fastDial service, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33893 (In fastDial service, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33892 (In fastDial service, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33891 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33890 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33889 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33888 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33887 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33886 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33885 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33884 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33883 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33882 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33881 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33880 (In music service, there is a missing permission check. This could lead ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33879 (In music service, there is a missing permission check. This could lead ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native modules, allo ...)
-	TODO: check
+	NOT-FOR-US: DigiExam
 CVE-2023-32789 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: DigiExam
 CVE-2023-32788 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: DigiExam
 CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and e ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBo ...)
@@ -462,13 +462,13 @@ CVE-2023-32200 (There is insufficient restrictions of called script functions in
 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...)
 	NOT-FOR-US: WP-Members Membership plugin for WordPress
 CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vul ...)
-	TODO: check
+	NOT-FOR-US: SOLIDWORKS
 CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure exists ...)
-	TODO: check
+	NOT-FOR-US: SOLIDWORKS
 CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized modifi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
 	NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress
 CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPres ...)
@@ -713,7 +713,7 @@ CVE-2023-35336 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
 CVE-2023-35335 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-35333 (MediaWiki PandocUpload Extension Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension PandocUpload
 CVE-2023-35332 (Windows Remote Desktop Protocol Security Feature Bypass)
 	NOT-FOR-US: Microsoft
 CVE-2023-35331 (Windows Local Security Authority (LSA) Denial of Service Vulnerability)
@@ -923,15 +923,15 @@ CVE-2023-32034 (Remote Procedure Call Runtime Denial of Service Vulnerability)
 CVE-2023-32033 (Microsoft Failover Cluster Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-31818 (An issue found in Marukyu Line v.13.4.1 allows a remote attacker to ga ...)
-	TODO: check
+	NOT-FOR-US: Marukyu Line
 CVE-2023-31191 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...)
-	TODO: check
+	NOT-FOR-US: DroneScout
 CVE-2023-31190 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...)
-	TODO: check
+	NOT-FOR-US: DroneScout
 CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains   an API that t ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis affect ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...)
 	TODO: check
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...)
@@ -8738,65 +8738,65 @@ CVE-2023-30944 (The vulnerability was found Moodle which exists due to insuffici
 CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...)
 	- moodle <removed>
 CVE-2023-30942 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30941 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30940 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30939 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30938 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30937 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30936 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30935 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30934 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30933 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30932 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30931 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30930 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30929 (In telephony service, there is a possible missing permission check. Th ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30928 (In telephony service, there is a possible missing permission check. Th ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30927 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30926 (In opm service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30925 (In opm service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30924 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30923 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30922 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30921 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30920 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30919 (In messaging service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30918 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30917 (In DMService, there is a possible missing permission check. This could ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30916 (In DMService, there is a possible missing permission check. This could ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
 CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
 CVE-2023-30913 (In telephony service, there is a missing permission check. This could  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
 	NOT-FOR-US: microweber
 CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
@@ -9525,7 +9525,7 @@ CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauth
 CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2081
 	RESERVED
 CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -9996,7 +9996,7 @@ CVE-2023-2074 (A vulnerability was found in Campcodes Online Traffic Offense Man
 CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...)
 	NOT-FOR-US: Campcodes Online Traffic Offense Management System
 CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2023-2071
 	RESERVED
 CVE-2023-2070
@@ -10167,9 +10167,9 @@ CVE-2022-48453
 CVE-2022-48452
 	RESERVED
 CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-48450 (In bluetooth service, there is a possible missing params check.  This  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-48449
 	RESERVED
 CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...)
@@ -10215,19 +10215,19 @@ CVE-2023-30567
 CVE-2023-30566
 	RESERVED
 CVE-2023-30565 (An insecure connection between Systems Manager and CQI Reporter applic ...)
-	TODO: check
+	NOT-FOR-US: CQI ReporterUnisoc
 CVE-2023-30564 (Alaris Systems Manager does not perform input validation during the De ...)
-	TODO: check
+	NOT-FOR-US: Alaris Systems Manager
 CVE-2023-30563 (A malicious file could be uploaded into a System Manager User Import F ...)
-	TODO: check
+	NOT-FOR-US: Alaris Systems Manager
 CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with and dis ...)
-	TODO: check
+	NOT-FOR-US: Balarisa Systems Manager
 CVE-2023-30561 (The data flowing between the PCU and its modules is insecure. A threat ...)
-	TODO: check
+	NOT-FOR-US: Alarisa
 CVE-2023-30560 (The configuration from the PCU can be modified without authentication  ...)
-	TODO: check
+	NOT-FOR-US: Alarisa
 CVE-2023-30559 (The configuration from the PCU can be modified without authentication  ...)
-	TODO: check
+	NOT-FOR-US: Alarisa
 CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery project cont ...)
 	NOT-FOR-US: Archery
 CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery project cont ...)
@@ -10309,7 +10309,7 @@ CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Secu
 CVE-2023-2004
 	REJECTED
 CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...)
-	TODO: check
+	NOT-FOR-US: Vision120
 CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...)
 	- linux 6.1.27-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c428e52405d664ce3761f60dd2bc5dcfda3a70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c428e52405d664ce3761f60dd2bc5dcfda3a70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/bbd29c53/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list