[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 16 10:05:10 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7dccd943 by Moritz Muehlenhoff at 2023-06-16T11:04:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
 	TODO: check
 CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: MOVEit
 CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2023-34800 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-34797 (Broken access control in the Registration page (/Registration.aspx) of ...)
-	TODO: check
+	NOT-FOR-US: Termenos CWX
 CVE-2023-34165 (Unauthorized access vulnerability in the Save for later feature provid ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-34157 (Vulnerability of HwWatchHealth being hijacked.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-34154 (Vulnerability of undefined permissions in HUAWEI VR screen projection. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-32754 (Thinking Software Efence login function has insufficient validation fo ...)
-	TODO: check
+	NOT-FOR-US: Thinking Software Efence
 CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict upload of ...)
-	TODO: check
+	NOT-FOR-US: OMICARD
 CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s file uploa ...)
-	TODO: check
+	NOT-FOR-US: L7 Networks InstantScan
 CVE-2023-32028 (Microsoft OLE DB Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass  ...)
 	TODO: check
 CVE-2023-2728
@@ -39,7 +39,7 @@ CVE-2023-2727
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
 CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Dromara HuTool
 CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...)
 	NOT-FOR-US: PHPGurukul Rail Pass Management System
 CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...)
@@ -55,25 +55,25 @@ CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Caf
 CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.)
 	- piwigo <removed>
 CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of  ...)
-	TODO: check
+	NOT-FOR-US: snappy-java
 CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
-	TODO: check
+	NOT-FOR-US: snappy-java
 CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
-	TODO: check
+	NOT-FOR-US: snappy-java
 CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...)
-	TODO: check
+	NOT-FOR-US: STARFACE
 CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...)
 	NOT-FOR-US: Bosch
 CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...)
-	TODO: check
+	NOT-FOR-US: silabs SGDK
 CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs Gecko SDK
 CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...)
-	TODO: check
+	NOT-FOR-US: silabs Bluetooth SDK
 CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
 	- rust-sequoia-openpgp 1.16.0-1
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html
@@ -96,17 +96,17 @@ CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO configura
 CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Creat ...)
 	- netbox <itp> (bug #1017079)
 CVE-2023-34452 (Grav is a flat-file content management system. In versions 1.7.42 and  ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-34449 (ink! is an embedded domain specific language to write smart contracts  ...)
-	TODO: check
+	NOT-FOR-US: ink!
 CVE-2023-34448 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-34253 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-34252 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-34251 (Grav is a flat-file content management system. Versions prior to 1.7.4 ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scriptin ...)
 	NOT-FOR-US: SoftExpert Excellence Suite
 CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dccd943c0a99b648b60f8ff1cb0fc09bba8b63a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dccd943c0a99b648b60f8ff1cb0fc09bba8b63a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/2e53e071/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list