[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 14 21:25:06 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f160e0f9 by Salvatore Bonaccorso at 2023-06-14T22:23:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...)
TODO: check
CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...)
@@ -13,33 +13,33 @@ CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows atta
CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...)
TODO: check
CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...)
- TODO: check
+ NOT-FOR-US: Ujcms
CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
TODO: check
CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
TODO: check
CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows attackers to m ...)
- TODO: check
+ NOT-FOR-US: ujcms
CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer overflow i ...)
TODO: check
CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow in read ...)
TODO: check
CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: bloofox
CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...)
- TODO: check
+ NOT-FOR-US: ujcms
CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...)
TODO: check
CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...)
@@ -71,17 +71,17 @@ CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
TODO: check
CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via P ...)
- TODO: check
+ NOT-FOR-US: PrestaShop postfinance
CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...)
TODO: check
CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...)
@@ -203,49 +203,49 @@ CVE-2023-32061 (Discourse is an open source discussion platform. Prior to versio
CVE-2023-32032 (.NET and Visual Studio Elevation of Privilege Vulnerability)
TODO: check
CVE-2023-32029 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32022 (<div data-wrapper="true" style="font-family:'Segoe UI','Helvetica Neue ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32021 (Windows SMB Witness Service Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32020 (Windows DNS Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32019 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32018 (Windows Hello Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32017 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32016 (Windows Installer Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32015 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32014 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32013 (Windows Hyper-V Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32012 (Windows Container Manager Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32011 (Windows iSCSI Discovery Service Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32010 (Windows Bus Filter Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32009 (Windows Collaborative Translation Framework Elevation of Privilege Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-32008 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-2778 (A denial-of-service vulnerability exists in Rockwell Automation Factor ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2639 (The underlying feedback mechanism of Rockwell Automation'sFactoryTal ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2638 (Rockwell Automation's FactoryTalk System Services does not verify that ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2637 (Rockwell Automation's FactoryTalk System Services uses a hard-coded cr ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2023-2570 (A CWE-129: Improper Validation of Array Index vulnerability exists tha ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could cause l ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.)
NOT-FOR-US: Nuxt
CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f160e0f9b7c25fc4079cc8465b5d34524bcf63ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f160e0f9b7c25fc4079cc8465b5d34524bcf63ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/f2f0e66c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list