[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 25 19:29:12 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d08d3cc1 by Moritz Muehlenhoff at 2023-07-25T20:28:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92,13 +92,17 @@ CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read a
 CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x
 CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey modules allo ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via OTRS Sy ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly Software Trialw ...)
 	NOT-FOR-US: Assembly Software Trialworks
 CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not properly  ...)
@@ -24840,7 +24844,7 @@ CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functi
 CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
 	NOT-FOR-US: teler-waf
 CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 2.5.0 and  ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...)
 	- php-react-http <removed>
 	[buster] - php-react-http <no-dsa> (Minor issue)
@@ -27556,7 +27560,7 @@ CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devic
 CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
 	NOT-FOR-US: NOKIA
 CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2023-24590
 	RESERVED
 CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller  ...)
@@ -27568,13 +27572,13 @@ CVE-2023-23576
 CVE-2023-23570
 	RESERVED
 CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2023-22439
 	RESERVED
 CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2023-0672
 	RESERVED
 CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.)
@@ -48572,9 +48576,9 @@ CVE-2023-21408
 CVE-2023-21407
 	RESERVED
 CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components  ...)
 	NOT-FOR-US: AXIS OS
 CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
@@ -52153,6 +52157,8 @@ CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitec
 	NOTE: https://xenbits.xen.org/xsa/advisory-433.html
 	NOTE: Technically not an issue in src:linux but track as well the kernel side mitigation
 	NOTE: under the CVE entry.
+	NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further
+	NOTE: CPUs to follow in later releases
 CVE-2023-20592
 	RESERVED
 CVE-2023-20591



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230725/395c089d/attachment.htm>

More information about the debian-security-tracker-commits mailing list