[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 9 08:29:56 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
258e1d85 by Salvatore Bonaccorso at 2023-11-09T09:29:31+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,9 +9,9 @@ CVE-2023-4891 (A potential use-after-free vulnerability was reported in the Leno
 CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo preloaded  ...)
 	NOT-FOR-US: Lenovo
 CVE-2023-4632 (An uncontrolled search path vulnerability was reported in Lenovo Syste ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
-	TODO: check
+	NOT-FOR-US: Zavio
 CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinter ...)
 	NOT-FOR-US: Telit Cinterion
 CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to ex ...)
@@ -43,63 +43,63 @@ CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free v
 	- jbig2enc <unfixed>
 	NOTE: https://github.com/agl/jbig2enc/issues/84
 CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private  ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...)
 	TODO: check
 CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
-	TODO: check
+	NOT-FOR-US: Zavio
 CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm SMM drive ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-45078 (A memory leakage vulnerability was reported in the DustFilterAlertSmm  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740 DXE driver ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140 DXE driver ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-45075 (A memory leakage vulnerability was reported in the SWSMI_Shadow DXE dr ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
-	TODO: check
+	NOT-FOR-US: Zavio
 CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in some Lenovo ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in some Leno ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some Lenovo D ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some Lenovo De ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some Lenovo D ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable module in som ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43574 (A buffer over-read was reported in the LEMALLDriversConnectedEventHook ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43573 (A buffer overflow was reported in the LEMALLDriversConnectedEventHook  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader module in s ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader module in so ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43570 (A potential vulnerability was reported in the SMI callback function of ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some Lenovo Des ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey module in ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey module in  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
-	TODO: check
+	NOT-FOR-US: Zavio
 CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  CB6231, ...)
-	TODO: check
+	NOT-FOR-US: Zavio
 CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an ...)
 	TODO: check
 CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Dire ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...)
 	NOT-FOR-US: Lanaccess ONSAFE MonitorHM
 CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain  ...)
@@ -29395,7 +29395,7 @@ CVE-2023-29976
 CVE-2023-29975
 	RESERVED
 CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to co ...)
-	TODO: check
+	NOT-FOR-US: Pfsense CE
 CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...)
 	NOT-FOR-US: Pfsense CE
 CVE-2023-29972
@@ -48312,7 +48312,7 @@ CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate
 CVE-2023-0393
 	RESERVED
 CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used an unqu ...)
-	TODO: check
+	NOT-FOR-US: Okta LDAP Agent Update service
 CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...)
 	NOT-FOR-US: MGT-COMMERCE
 CVE-2022-48278
@@ -143814,7 +143814,7 @@ CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such a
 CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
 	NOT-FOR-US: Belledonne Belle-sip
 CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A ...)
-	TODO: check
+	NOT-FOR-US: Spiceworks
 CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
 	- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
 	NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258e1d858efe0b9543877ec6c3e015e629c0c373

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258e1d858efe0b9543877ec6c3e015e629c0c373
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231109/40ba8628/attachment.htm>

More information about the debian-security-tracker-commits mailing list