[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 19 16:56:01 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ce84d43 by Moritz Muehlenhoff at 2023-06-19T17:55:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2023-3310 (A vulnerability, which was classified as critical, has been found
 CVE-2023-3309 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Resort Reservation System
 CVE-2023-3308 (A vulnerability classified as problematic has been found in whaleal Ic ...)
-	TODO: check
+	NOT-FOR-US: whaleal IceFrog
 CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as criti ...)
-	TODO: check
+	NOT-FOR-US: miniCal
 CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...)
 	TODO: check
 CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...)
@@ -17,25 +17,25 @@ CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active e
 CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...)
 	NOT-FOR-US: Nintendo Mario Kart Wii
 CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game server  ...)
-	TODO: check
+	NOT-FOR-US: Counter-Strike
 CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an external sourc ...)
 	TODO: check
 CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who controls an  ...)
 	TODO: check
 CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly c ...)
-	TODO: check
+	NOT-FOR-US: picoTCP
 CVE-2023-35848 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size  ...)
-	TODO: check
+	NOT-FOR-US: picoTCP
 CVE-2023-35847 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MS ...)
-	TODO: check
+	NOT-FOR-US: picoTCP
 CVE-2023-35846 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the  ...)
-	TODO: check
+	NOT-FOR-US: picoTCP
 CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has insecure  ...)
-	TODO: check
+	NOT-FOR-US: Lightdash
 CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder befor ...)
-	TODO: check
+	NOT-FOR-US: elFinder
 CVE-2023-35839 (Solon before 2.3.3 allows Deserialization of Untrusted Data.)
-	TODO: check
+	NOT-FOR-US: Solon
 CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -51,23 +51,23 @@ CVE-2023-34603 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injectio
 CVE-2023-34602 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...)
 	NOT-FOR-US: JeecgBoot
 CVE-2023-32542 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32538 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32288 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32276 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32273 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32270 (Access of memory location after end of buffer issue exists in TELLUS v ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
-	TODO: check
+	NOT-FOR-US: TELLUS
 CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V- ...)
 	TODO: check
 CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX  ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1 (unimportant)
 	NOTE: https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)
@@ -123,19 +123,19 @@ CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbit
 	NOTE: https://github.com/alanxz/rabbitmq-c/issues/575
 	NOTE: https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0
 CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract development. St ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer Te ...)
 	NOT-FOR-US: Wolters Kluwer TeamMate+
 CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...)
-	TODO: check
+	NOT-FOR-US: saleor/react-storefront
 CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
-	TODO: check
+	NOT-FOR-US: salesagility/suitecrm-core
 CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...)
 	- linux 6.3.7-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
 	NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
 CVE-2023-35784 (A double free or use after free could occur after SSL_clear in OpenBSD ...)
-	TODO: check
+	- libressl <itp> (bug #754513)
 CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x throu ...)
 	NOT-FOR-US: Typo3 extension
 CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL  ...)
@@ -143,13 +143,13 @@ CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allow
 CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer ...)
 	NOT-FOR-US: TP-Link
 CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitial ...)
-	TODO: check
+	NOT-FOR-US: xlsxio
 CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media Infotain ...)
 	NOT-FOR-US: Volkswagen Discover Media Infotainment System Software
 CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg ...)
-	TODO: check
+	NOT-FOR-US: jjeecg-boot
 CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id p ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.)
 	NOT-FOR-US: jfinal CMS
 CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to SQL Injec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ce84d4386ac537e8f7586086de51f6e1bf16229

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ce84d4386ac537e8f7586086de51f6e1bf16229
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230619/79846c1f/attachment.htm>

More information about the debian-security-tracker-commits mailing list