[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 5 16:02:06 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d86e7abf by Moritz Muehlenhoff at 2023-10-05T16:59:03+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...)
-	TODO: check
+	NOT-FOR-US: NetBSD ftpd
 CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...)
 	NOT-FOR-US: Zope
 CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...)
@@ -7,21 +7,21 @@ CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabili
 CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. Prior t ...)
 	NOT-FOR-US: Soft Serve
 CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized social medi ...)
-	TODO: check
+	NOT-FOR-US: Nexkey
 CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL ...)
-	TODO: check
+	NOT-FOR-US: Altair
 CVE-2023-43793 (Misskey is an open source, decentralized social media platform. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2023-43321 (File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3. ...)
 	NOT-FOR-US: Digital China Networks DCFW-1800-SDC
 CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and a ...)
-	TODO: check
+	NOT-FOR-US: Kong Insomnia
 CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify OpenScape Session Border Controller
 CVE-2023-36618 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify OpenScape Session Border Controller
 CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Ove ...)
-	TODO: check
+	NOT-FOR-US: IQ Engine
 CVE-2023-3430
 	- openimageio 2.4.13.0+dfsg-1
 	NOTE: https://github.com/OpenImageIO/oiio/issues/3840
@@ -81,9 +81,9 @@ CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 1.6 version, affect
 CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server 1.6 vers ...)
 	NOT-FOR-US: Easy Address Book Web Server
 CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand until  ...)
-	TODO: check
+	NOT-FOR-US: Widestand CMS
 CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interfac ...)
-	TODO: check
+	NOT-FOR-US: Conacwin
 CVE-2023-44210 (Sensitive information disclosure and manipulation due to missing autho ...)
 	NOT-FOR-US: Acronis
 CVE-2023-44209 (Local privilege escalation due to improper soft link handling. The fol ...)
@@ -99,17 +99,17 @@ CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urlli
 CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...)
 	NOT-FOR-US: Milesight
 CVE-2023-42824 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Redisson
 CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a platform for c ...)
 	NOT-FOR-US: Mozilla Common Voice
 CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2023-41094 (TouchLink packets processed after timeout or out of range due to Opera ...)
-	TODO: check
+	NOT-FOR-US: TouchLink
 CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOn ...)
 	NOT-FOR-US: IBM
 CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhance ...)
@@ -119,19 +119,19 @@ CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore D
 CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7. ...)
 	NOT-FOR-US: IBM
 CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path trave ...)
-	TODO: check
+	NOT-FOR-US: Aqua Drive
 CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 releas ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...)
 	- tiff 4.5.1~rc3-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a (v4.5.1rc1)
 CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's ConacWin C ...)
-	TODO: check
+	NOT-FOR-US: Conacwin
 CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting version 1. ...)
-	TODO: check
+	NOT-FOR-US: HelpDezk Community
 CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...)
-	TODO: check
+	NOT-FOR-US: HelpDezk Community
 CVE-2023-39194 [net: xfrm: Fix xfrm_address_filter OOB read]
 	- linux 6.4.13-1
 	[bookworm] - linux 6.1.52-1
@@ -152,15 +152,15 @@ CVE-2023-39191 (An improper input validation flaw was found in the eBPF subsyste
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1489/
 	NOTE: Debian sets BPF_UNPRIV_DEFAULT_OFF=y
 CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users of the  ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2023-38538 (A race condition in an event subsystem led to a heap use-after-free is ...)
-	TODO: check
+	NOT-FOR-US: Whatsapp
 CVE-2023-38537 (A race condition in a network transport subsystem led to a heap use-af ...)
-	TODO: check
+	NOT-FOR-US: Whatsapp
 CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
-	TODO: check
+	NOT-FOR-US: Chetan Gole WP-Copy
 CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 ...)
-	TODO: check
+	NOT-FOR-US: Sage
 CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...)
 	NOT-FOR-US: FreeBSD
 CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86e7abfa989d05a5ee2901761100b50f68ccd04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86e7abfa989d05a5ee2901761100b50f68ccd04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231005/2482dc76/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list