[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 15 09:45:53 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
233ebb45 by Moritz Muehlenhoff at 2023-11-15T10:45:25+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2023-47130 (Yii is an open source PHP web framework. yiisoft/yii before vers
CVE-2023-47125 (TYPO3 is an open source PHP based web content management system releas ...)
NOT-FOR-US: TYPO3
CVE-2023-46672 (An issue was identified by Elastic whereby sensitive information is re ...)
- TODO: check
+ - logstash <itp> (bug #664841)
CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...)
NOT-FOR-US: Inventory Management
CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...)
@@ -91,7 +91,7 @@ CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 allows
CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 ...)
NOT-FOR-US: Inventory Management
CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed ledger f ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Fabric
CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and fixes. The Ge ...)
- yt-dlp <unfixed>
[bookworm] - yt-dlp <no-dsa> (Minor issue)
@@ -136,7 +136,7 @@ CVE-2023-45615 (There are buffer overflow vulnerabilities in the underlying CLI
CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying CLI servic ...)
NOT-FOR-US: Aruba
CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: ETS Soft ybc_blog
CVE-2023-43591 (Improper privilege management in Zoom Rooms for macOS before version ...)
NOT-FOR-US: Zoom
CVE-2023-43590 (Link following in Zoom Rooms for macOS before version 5.16.0 may allo ...)
@@ -148,53 +148,53 @@ CVE-2023-43582 (Improper authorization in some Zoom clients may allow an authori
CVE-2023-41718 (When a particular process flow is initiated, an attacker may be able t ...)
NOT-FOR-US: Ivanti
CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: EyouCms
CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect acc ...)
NOT-FOR-US: MikroTik
CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to contain mul ...)
NOT-FOR-US: MyPrestaModules ordersexport
CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions 11.10, 1 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients may allow ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop C ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Cl ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom clients may al ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-38544 (A logged in user can modify specific files that may lead to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-38543 (When a specific component is loaded a local attacker and is able to se ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-38043 (When a specific component is loaded a local attacker and is able to se ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure Access Window ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication bypass vuln ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability]
- gimp <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
@@ -245,7 +245,7 @@ CVE-2023-6111 (A use-after-free vulnerability in the Linux kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 (6.7-rc1)
CVE-2023-48094 (A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows a ...)
- TODO: check
+ NOT-FOR-US: CesiumJS
CVE-2023-48021 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
NOT-FOR-US: Dreamer CMS
CVE-2023-48020 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
@@ -42090,7 +42090,7 @@ CVE-2023-26224
CVE-2023-26223
RESERVED
CVE-2023-26222 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...)
NOT-FOR-US: Spotfire Connectors component of TIBCO
CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...)
@@ -63559,7 +63559,7 @@ CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 d
CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlie ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45780
RESERVED
CVE-2022-45779
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233ebb45364d51d777cf6aa9ce3c15d3be393e80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233ebb45364d51d777cf6aa9ce3c15d3be393e80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/0d66ff34/attachment.htm>
More information about the debian-security-tracker-commits
mailing list