[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 31 09:15:37 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e10d7ed by Moritz Muehlenhoff at 2023-07-31T10:15:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,11 +58,11 @@ CVE-2023-39190
 CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain a code i ...)
 	NOT-FOR-US: university compass
 CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code injection vul ...)
-	TODO: check
+	NOT-FOR-US: oscore
 CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain a code i ...)
 	NOT-FOR-US: wix-embedded-mysql
 CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a code inje ...)
-	TODO: check
+	NOT-FOR-US: stanford-parser
 CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code injection vuln ...)
 	NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI)
 CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code injection ...)
@@ -76,7 +76,7 @@ CVE-2023-39013 (Duke v1.2 and below was discovered to contain a code injection v
 CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection vulnerability v ...)
 	TODO: check
 CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2023-38685 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-38684 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
@@ -104,7 +104,7 @@ CVE-2023-31933 (Sql injection vulnerability found in Rail Pass Management System
 CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...)
 	NOT-FOR-US: Rail Pass Management System
 CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned above. A ...)
-	TODO: check
+	NOT-FOR-US: ABB AO-OPC
 CVE-2023-3990 (A vulnerability classified as problematic has been found in Mingsoft M ...)
 	NOT-FOR-US: Mingsoft MCMS
 CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store System 1.0.  ...)
@@ -126,29 +126,29 @@ CVE-2023-3774 (An unhandled error in Vault Enterprise's namespace creation may c
 CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4 ...)
 	NOT-FOR-US: CODESYS
 CVE-2023-38609 (An injection issue was addressed with improved input validation. This  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38598 (A use-after-free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-36495 (An integer overflow was addressed with improved input validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-34425 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper P ...)
 	NOT-FOR-US: TeleAdapt RoomCast TA-2400
 CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard- ...)
@@ -158,13 +158,13 @@ CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Impr
 CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Stor ...)
 	NOT-FOR-US: TeleAdapt RoomCast TA-2400
 CVE-2023-32654 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32445 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32444 (A logic issue was addressed with improved validation. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-37369
 	- qt6-base <unfixed>
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -19193,7 +19193,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed with improved input validati
 	NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
 	NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
 CVE-2023-28203 (The issue was addressed with improved checks. This issue is fixed in A ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...)
 	NOT-FOR-US: Apple
 CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...)
@@ -32280,7 +32280,7 @@ CVE-2023-23766
 CVE-2023-23765
 	RESERVED
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23763
 	RESERVED
 CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
@@ -54583,11 +54583,11 @@ CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses d
 CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...)
 	NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat
 CVE-2022-43703 (An installer that loads or executes files using an unconstrained searc ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2022-43702 (When the directory containing the installer does not have sufficiently ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2022-43701 (When the installation directory does not have sufficiently restrictive ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2022-43700
 	RESERVED
 CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230731/fa312432/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list