[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 6 08:38:08 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8fb5513 by Moritz Muehlenhoff at 2023-10-06T09:37:36+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,31 +43,31 @@ CVE-2023-44387 (Gradle is a build tool with a focus on build automation and supp
CVE-2023-44386 (Vapor is an HTTP web framework for Swift. There is a denial of service ...)
NOT-FOR-US: Vapor
CVE-2023-44024 (SQL injection vulnerability in KnowBand Module One Page Checkout, Soci ...)
- TODO: check
+ NOT-FOR-US: supercheckout
CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to contain a S ...)
NOT-FOR-US: Presto Changeo attributegrid
CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a ...)
NOT-FOR-US: Presto Changeo testsitecreator
CVE-2023-43284 (An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firm ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovere ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-43073 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43072 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43071 (Dell SmartFabric Storage Software v1.4 (and earlier) contains possible ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43070 (Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path T ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43069 (Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43068 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-40920 (Prixan prixanconnect up to v1.62 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Prixan
CVE-2023-32485 (Dell SmartFabric Storage Software version 1.3 and lower contain an imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...)
NOT-FOR-US: NetBSD ftpd
CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...)
@@ -1021,7 +1021,7 @@ CVE-2023-43665 [Denial-of-service possibility in django.utils.text.Truncator]
CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
NOT-FOR-US: ShokoServer
CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
- TODO: check
+ NOT-FOR-US: TorchServe
CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an Authenticated SQL In ...)
NOT-FOR-US: Asset Management System
CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an unauthenticated SQL ...)
@@ -1126,7 +1126,7 @@ CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote
CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...)
NOT-FOR-US: Warpgate
CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
- TODO: check
+ NOT-FOR-US: matrix-hookshot
CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user can e ...)
NOT-FOR-US: JumpServer
CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...)
@@ -1419,7 +1419,7 @@ CVE-2023-40045 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflecte
CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticate ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework, compatible ...)
- TODO: check
+ - scylladb <itp> (bug #824509)
CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack relea ...)
NOT-FOR-US: Dell
CVE-2023-XXXX [code execution via malformed XTGETTCAP]
@@ -1436,7 +1436,7 @@ CVE-2023-4737 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU de ...)
- TODO: check
+ NOT-FOR-US: Imagination GPUs
CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a SQL inje ...)
NOT-FOR-US: Super Store Finder
CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in /install/index ...)
@@ -1478,21 +1478,21 @@ CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and maintain
NOTE: https://github.com/matrix-org/synapse/pull/16327
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
CVE-2023-41996 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41995 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41986 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41984 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41981 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41980 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41979 (A race condition was addressed with improved locking. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41968 (This issue was addressed with improved validation of symlinks. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp
@@ -1532,13 +1532,13 @@ CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Fre
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476
NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41174 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41079 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41078 (An authorization issue was addressed with improved state management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixed in t ...)
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
@@ -1546,21 +1546,21 @@ CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixe
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41073 (An authorization issue was addressed with improved state management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41071 (A use-after-free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41070 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41068 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41067 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41066 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41065 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41063 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jaso ...)
@@ -1584,17 +1584,17 @@ CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in
CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes ...)
NOT-FOR-US: WordPress plugin
CVE-2023-40541 (This issue was addressed by adding an additional prompt for user conse ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40520 (The issue was addressed with improved checks. This issue is fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40456 (The issue was addressed with improved checks. This issue is fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40455 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40454 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40452 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
{DSA-5468-1}
- webkit2gtk 2.40.5-1
@@ -1603,71 +1603,71 @@ CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcemen
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-40450 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40448 (The issue was addressed with improved handling of protocols. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40443 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40441 (A resource exhaustion issue was addressed with improved input validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40436 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40434 (A configuration issue was addressed with additional restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40432 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40431 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40429 (A permissions issue was addressed with improved validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40428 (The issue was addressed with improved handling of caches. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40427 (The issue was addressed with improved handling of caches. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40426 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40424 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40422 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40420 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40419 (The issue was addressed with improved checks. This issue is fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40418 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40417 (A window management issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40412 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40410 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40409 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40402 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40400 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40399 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40395 (The issue was addressed with improved handling of caches. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40391 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40388 (A privacy issue was addressed with improved handling of temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40386 (A privacy issue was addressed with improved handling of temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40384 (A permissions issue was addressed with improved redaction of sensitive ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...)
@@ -1678,19 +1678,19 @@ CVE-2023-39434 (A use-after-free issue was addressed with improved memory manage
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39233 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38615 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38596 (The issue was addressed with improved handling of protocols. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38586 (An access issue was addressed with additional sandbox restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-37448 (A lock screen issue was addressed with improved state management. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35990 (The issue was addressed with improved checks. This issue is fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...)
NOT-FOR-US: Cassia Access Controller
CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -1703,17 +1703,17 @@ CVE-2023-35074 (The issue was addressed with improved memory handling. This issu
CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: MRV Tech Logging Administration Panel
CVE-2023-32421 (A privacy issue was addressed with improved handling of temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32396 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32377 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32361 (The issue was addressed with improved handling of caches. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-43040 [Improperly verified POST keys]
- ceph <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
@@ -2116,7 +2116,7 @@ CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library for
CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis. Prior to ver ...)
NOT-FOR-US: Galaxy
CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting in vers ...)
- TODO: check
+ NOT-FOR-US: Rust crate aes-gcm
CVE-2023-42798 (AutomataCI is a template git repository equipped with a native built-i ...)
NOT-FOR-US: AutomataCI
CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions V1.0.2,V1.0 ...)
@@ -2190,15 +2190,15 @@ CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb prio
CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash c ...)
NOT-FOR-US: OpenHarmony
CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to version 7.10, ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of PCRs is us ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43633 (On boot, the Pillar eve container checks for the existence and content ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43632 (As noted in the \u201cVTPM.md\u201d file in the eve documentation, \u2 ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and content ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in Webmin 2 ...)
- webmin <removed>
CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via th ...)
@@ -2220,11 +2220,11 @@ CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack o
CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
NOT-FOR-US: D-Link
CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...)
- TODO: check
+ NOT-FOR-US: Node systeminformation
CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...)
NOT-FOR-US: Frappe Framework
CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
- TODO: check
+ NOT-FOR-US: Hydra
CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport protocol. Prior ...)
- rust-quinn-proto <unfixed> (bug #1052546)
[bookworm] - rust-quinn-proto <no-dsa> (Minor issue)
@@ -2242,7 +2242,7 @@ CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to ...)
TODO: check
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...)
- TODO: check
+ NOT-FOR-US: mee-admin
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
@@ -2252,9 +2252,9 @@ CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixe
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...)
NOT-FOR-US: plone.namedfile
CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...)
@@ -2311,7 +2311,7 @@ CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a co
CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot solution imple ...)
NOT-FOR-US: EVE OS
CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201 ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-43501 (A missing permission check in Jenkins Build Failure Analyzer Plugin 2. ...)
@@ -2437,7 +2437,7 @@ CVE-2023-38718 (IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could dis
CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a loc ...)
NOT-FOR-US: IBM
CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 a ...)
- TODO: check
+ NOT-FOR-US: Spring for GraphQL
CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...)
NOT-FOR-US: PaperCutNG
CVE-2023-4504 (Due to failure in validating the length provided by an attacker-crafte ...)
@@ -2553,7 +2553,7 @@ CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guard
CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
NOT-FOR-US: SUSE RKE2
CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link Following') vulne ...)
- TODO: check
+ NOT-FOR-US: config_postfix (SUSE specific script)
CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard ...)
NOT-FOR-US: Technicolor
CVE-2023-2995 (The Leyka WordPress plugin through 3.30.3 does not sanitise and escape ...)
@@ -19477,7 +19477,7 @@ CVE-2023-2308
CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...)
NOT-FOR-US: builderio/qwik
CVE-2023-2306 (Qognify NiceVision versions 3.1 and prior are vulnerable to exposing s ...)
- TODO: check
+ NOT-FOR-US: Qognify NiceVision
CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -20044,7 +20044,7 @@ CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 l
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...)
NOT-FOR-US: Octopus Deploy
CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated user with ...)
- TODO: check
+ NOT-FOR-US: FlashBlade Purity
CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...)
NOT-FOR-US: Insyde
CVE-2023-31040
@@ -20232,7 +20232,7 @@ CVE-2023-30961 (Palantir Gotham was found to be vulnerable to a bug where under
CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
NOT-FOR-US: Palantir
CVE-2023-30959 (In Apollo change requests, comments added by users could contain a ja ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...)
NOT-FOR-US: Palantir
CVE-2023-30957
@@ -21118,21 +21118,21 @@ CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 42
CVE-2023-30739
RESERVED
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30735 (Improper Preservation of Permissions vulnerability in SAssistant prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30732 (Improper access control in system property prior to SMR Oct-2023 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30731 (Logic error in package installation via debugger command prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...)
NOT-FOR-US: Samsung
CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...)
@@ -21140,7 +21140,7 @@ CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to versio
CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...)
NOT-FOR-US: Samsung
CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to SMR Oct- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...)
NOT-FOR-US: Samsung
CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...)
@@ -21210,11 +21210,11 @@ CVE-2023-30694 (Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior
CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec- ...)
NOT-FOR-US: Samsung
CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to SMR Oct- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release ...)
NOT-FOR-US: Samsung
CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR Oct-2023 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-r ...)
NOT-FOR-US: Samsung
CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR A ...)
@@ -27823,7 +27823,7 @@ CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command paramete
CVE-2023-28572
RESERVED
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28570
RESERVED
CVE-2023-28569
@@ -27885,9 +27885,9 @@ CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status informat
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
NOT-FOR-US: Qualcomm
CVE-2023-28540 (Cryptographic issue in Data Modem due to improper authentication durin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes multiple WMI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...)
NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
@@ -28511,9 +28511,9 @@ CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not val
CVE-2022-48421
RESERVED
CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array administrator by c ...)
- TODO: check
+ NOT-FOR-US: FlashArray Purity
CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user w ...)
- TODO: check
+ NOT-FOR-US: FlashBlade Purity
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...)
- stellarium <unfixed> (bug #1034183)
[bookworm] - stellarium <no-dsa> (Minor issue)
@@ -31624,11 +31624,11 @@ CVE-2023-27437
CVE-2023-27436
RESERVED
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27434
RESERVED
CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Mak ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27431
@@ -32507,7 +32507,7 @@ CVE-2023-27123
CVE-2023-27122
RESERVED
CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component /framework ...)
- TODO: check
+ NOT-FOR-US: Pleasant Solutions Pleasant Password Server
CVE-2023-27120
RESERVED
CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
@@ -34743,13 +34743,13 @@ CVE-2023-26241
CVE-2023-26240
RESERVED
CVE-2023-26239 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26238 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26237 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26236 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...)
NOT-FOR-US: JD-GUI
CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...)
@@ -34785,9 +34785,9 @@ CVE-2023-26220
CVE-2023-26219
RESERVED
CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...)
- NOT-FOR-US: TIBICO Software
+ NOT-FOR-US: TIBCO
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
NOT-FOR-US: TIBCO
CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fb5513f82d1aea60086569206793b7d43ebfc0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fb5513f82d1aea60086569206793b7d43ebfc0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/17a49ea3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list