[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 15 07:50:45 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d14d37ab by Salvatore Bonaccorso at 2023-06-15T08:50:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2023-34585
 CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
 	TODO: check
 CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...)
 	NOT-FOR-US: Contiki-NG
 CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...)
@@ -279,11 +279,11 @@ CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoo
 CVE-2023-34113 (Insufficient verification of data authenticity  in Zoom for Windows cl ...)
 	NOT-FOR-US: Zoom
 CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...)
 	NOT-FOR-US: Hutool
 CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...)
@@ -303,7 +303,7 @@ CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14
 CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...)
 	NOT-FOR-US: Siemens
 CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...)
-	TODO: check
+	NOT-FOR-US: WPS Office
 CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...)
 	NOT-FOR-US: Chatwork Desktop Application
 CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...)
@@ -319,7 +319,7 @@ CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allow
 CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...)
 	TODO: check
 CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...)
-	TODO: check
+	NOT-FOR-US: ASUS Router RT-AX3000 Firmware
 CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...)
 	TODO: check
 CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...)
@@ -327,15 +327,15 @@ CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and K
 CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...)
 	TODO: check
 CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset  ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...)
-	TODO: check
+	NOT-FOR-US: Jiyu Kukan Toku-Toku coupon App for iOS
 CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. ...)
-	TODO: check
+	NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader  ...)
-	TODO: check
+	NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access]
 	- xmltooling <unfixed> (bug #1037948)
 	NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14d37ab70123a977d468385ba8e27595d4f5ee7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14d37ab70123a977d468385ba8e27595d4f5ee7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/d560d410/attachment.htm>

More information about the debian-security-tracker-commits mailing list