[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 1 20:46:08 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e9af14f by Salvatore Bonaccorso at 2023-11-01T21:45:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26643,21 +26643,21 @@ CVE-2022-48463
CVE-2022-48462
RESERVED
CVE-2022-48461 (In sensor driver, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48460 (In setting service, there is a possible undefined behavior due to inco ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48459 (In TeleService, there is a possible system crash due to improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48458 (In TeleService, there is a possible system crash due to improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48457 (In TeleService, there is a possible system crash due to improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48456 (In camera driver, there is a possible out of bounds write due to a inc ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48455 (In wifi service, there is a possible out of bounds write due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48454 (In wifi service, there is a possible out of bounds write due to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48453 (In camera driver, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-48452 (In Ifaa service, there is a possible missing permission check. This co ...)
@@ -31043,21 +31043,21 @@ CVE-2023-1722 (Yoga Class Registration System version 1.0 allows an administrato
CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an administrator to ...)
NOT-FOR-US: Yoga Class Registration System
CVE-2023-1720 (Lack of mime type response header in Bitrix24 22.0.300 allows authenti ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1719 (Global variable extraction in bitrix/modules/main/tools.php in Bitrix2 ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1718 (Improper file stream access in /desktop_app/file.ajax.php?action=uploa ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1717 (Prototype pollution in bitrix/templates/bitrix24/components/bitrix/men ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1716 (Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitri ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1715 (A logic error when using mb_strpos() to check for potential XSS payloa ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1714 (Unsafe variable extraction in bitrix/modules/main/classes/general/user ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1713 (Insecure temporary file creation in bitrix/modules/crm/lib/order/impor ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...)
NOT-FOR-US: deepset-ai haystack
CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...)
@@ -68606,7 +68606,7 @@ CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Comm
CVE-2023-20265
RESERVED
CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
NOT-FOR-US: Cisco
CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager co ...)
@@ -68622,9 +68622,9 @@ CVE-2023-20258
CVE-2023-20257
RESERVED
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20254 (A vulnerability in the session management system of the Cisco Catalyst ...)
NOT-FOR-US: Cisco
CVE-2023-20253 (A vulnerability in the command line interface (cli) management interfa ...)
@@ -68640,13 +68640,13 @@ CVE-2023-20249
CVE-2023-20248
RESERVED
CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...)
TODO: check
CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco Firepower T ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...)
NOT-FOR-US: Cisco
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -68694,9 +68694,9 @@ CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco P
CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
CVE-2023-20220 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20219 (Multiple vulnerabilities in the web management interface of Cisco Fire ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...)
NOT-FOR-US: Cisco
CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
@@ -68708,7 +68708,7 @@ CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Softwar
CVE-2023-20214 (A vulnerability in the request authentication validation for the REST ...)
NOT-FOR-US: Cisco
CVE-2023-20213 (A vulnerability in the CDP processing feature of Cisco ISE could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an unauthen ...)
- clamav 1.0.2+dfsg-1 (bug #1050057)
[bookworm] - clamav 1.0.2+dfsg-1~deb12u1
@@ -68726,7 +68726,7 @@ CVE-2023-20208
CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
NOT-FOR-US: Cisco
CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
@@ -68750,9 +68750,9 @@ CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical
[bullseye] - clamav 0.103.9+dfsg-0+deb11u1
NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html
CVE-2023-20196 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20195 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an authenticat ...)
NOT-FOR-US: Cisco
CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco ISE coul ...)
@@ -68788,11 +68788,11 @@ CVE-2023-20179 (A vulnerability in the web-based management interface of Cisco C
CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...)
NOT-FOR-US: Cisco
CVE-2023-20177 (A vulnerability in the SSL file policy implementation of Cisco Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20176 (A vulnerability in the networking component of Cisco access point (AP) ...)
NOT-FOR-US: Cisco
CVE-2023-20175 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -68802,7 +68802,7 @@ CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE)
CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
NOT-FOR-US: Cisco
CVE-2023-20170 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20169 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
NOT-FOR-US: Cisco
CVE-2023-20168 (A vulnerability in TACACS+ and RADIUS remote authentication for Cisco ...)
@@ -68832,7 +68832,7 @@ CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of cert
CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20154
RESERVED
CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
@@ -68952,7 +68952,7 @@ CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow
CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20094
RESERVED
CVE-2023-20093
@@ -68970,7 +68970,7 @@ CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as
CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive Security Applia ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20084
@@ -68994,15 +68994,15 @@ CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment
CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...)
NOT-FOR-US: Cisco
CVE-2023-20074 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20073 (A vulnerability in the web-based management interface of Cisco RV340, ...)
NOT-FOR-US: Cisco
CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol ...)
NOT-FOR-US: Cisco
CVE-2023-20071 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20070 (A vulnerability in the TLS 1.3 implementation of the Cisco Firepower T ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...)
NOT-FOR-US: Cisco
CVE-2023-20068 (A vulnerability in the web-based management interface of Cisco Prime I ...)
@@ -69016,7 +69016,7 @@ CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem o
CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...)
NOT-FOR-US: Cisco's use of GRUB
CVE-2023-20063 (A vulnerability in the inter-device communication mechanisms between d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
NOT-FOR-US: Cisco
CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
@@ -69049,7 +69049,7 @@ CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow a
CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...)
NOT-FOR-US: Cisco
CVE-2023-20048 (A vulnerability in the web services interface of Cisco Firepower Manag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
NOT-FOR-US: Cisco
CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of Cisco S ...)
@@ -69061,9 +69061,9 @@ CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authen
CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...)
NOT-FOR-US: Cisco
CVE-2023-20042 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...)
NOT-FOR-US: Cisco
CVE-2023-20039
@@ -69139,7 +69139,7 @@ CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco S
CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography functionali ...)
NOT-FOR-US: Cisco
CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20004
RESERVED
CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e9af14f819432940f57e5bf8e74c4d07fade4c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e9af14f819432940f57e5bf8e74c4d07fade4c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/910e7783/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list