[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 27 09:29:45 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5bdc32c7 by Moritz Muehlenhoff at 2023-07-27T10:29:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,93 +1,93 @@
CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3451
REJECTED
CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38425 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38424 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38421 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...)
TODO: check
CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38259 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...)
TODO: check
CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4 allows at ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-36854 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35993 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35983 (This issue was addressed with improved data protection. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32734 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access C ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32443 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32442 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32441 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32437 (The issue was addressed with improvements to the file handling protoco ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32433 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32429 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32418 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32416 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32381 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32364 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...)
NOT-FOR-US: SolarWinds
CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...)
@@ -143,7 +143,7 @@ CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sani
CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress
CVE-2023-3946 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...)
- TODO: check
+ NOT-FOR-US: ePO
CVE-2023-3945 (A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been cl ...)
NOT-FOR-US: phpscriptpoint
CVE-2023-3944 (A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified ...)
@@ -153,7 +153,7 @@ CVE-2023-3897 (Username enumeration is possible through Bypassing CAPTCHA in On-
CVE-2023-3890 (A vulnerability classified as problematic has been found in Campcodes ...)
NOT-FOR-US: Campcodes Beauty Salon Management System
CVE-2023-3548 (An unauthorized user could gain account access to IQ Wifi 6 versions p ...)
- TODO: check
+ NOT-FOR-US: IQ Wifi
CVE-2023-3486 (An authentication bypass exists in PaperCut NG versions 22.0.12 and pr ...)
NOT-FOR-US: PaperCut NG
CVE-2023-39175 (In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integr ...)
@@ -191,7 +191,7 @@ CVE-2023-38496 (Apptainer is an open source container platform. Version 1.2.0-rc
NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx
NOTE: Specific to Apptainer and not in singularity-container
CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix variables. ...)
- TODO: check
+ NOT-FOR-US: Armeria
CVE-2023-38435 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Apache Felix Healthcheck Webconsole Plugin
CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded c ...)
@@ -201,9 +201,9 @@ CVE-2023-37920 (Certifi is a curated collection of Root Certificates for validat
NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7
NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates
CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability allows act ...)
- TODO: check
+ NOT-FOR-US: Cal.com
CVE-2023-37907 (Cryptomator is data encryption software for users who store their file ...)
- TODO: check
+ NOT-FOR-US: Cryptomator
CVE-2023-37902 (Vyper is a Pythonic programming language that targets the Ethereum Vir ...)
NOT-FOR-US: Vyper
CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a re ...)
@@ -211,11 +211,11 @@ CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contai
CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create archive ...)
NOT-FOR-US: Plexis Archiver
CVE-2023-37258 (DataEase is an open source data visualization analysis tool. Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-37257 (DataEase is an open source data visualization analysis tool. Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-36826 (Sentry is an error tracking and performance monitoring platform. Start ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2023-36806 (Contao is an open source content management system. Starting in versio ...)
NOT-FOR-US: Contao CMS
CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max F ...)
@@ -265,7 +265,7 @@ CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerabil
CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...)
TODO: check
CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
- TODO: check
+ NOT-FOR-US: OpenThread
CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -10207,7 +10207,7 @@ CVE-2023-30951
CVE-2023-30950
RESERVED
CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
NOT-FOR-US: Palantir
CVE-2023-30947
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdc32c7ab834fa689c0113c2d1d56516dc5d629
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bdc32c7ab834fa689c0113c2d1d56516dc5d629
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230727/d94bc7b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list