[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 6 11:43:17 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
912fe749 by Moritz Muehlenhoff at 2023-09-06T12:42:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,31 +25,31 @@ CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient Verific
 CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFl ...)
 	NOT-FOR-US: IsarNet AG IsarFlow
 CVE-2023-34352 (A permissions issue was addressed with improved redaction of sensitive ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32438 (This issue was addressed with improved checks to prevent unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32432 (A privacy issue was addressed with improved handling of temporary file ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32428 (This issue was addressed with improved file handling. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32426 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32425 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege Escalation Vu ...)
-	TODO: check
+	NOT-FOR-US: Wacom
 CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local Privil ...)
-	TODO: check
+	NOT-FOR-US: Wacom
 CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-36851
 	NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -79,13 +79,13 @@ CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 11
 CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Mestav Software E-commerce Software
 CVE-2023-4480 (Due to an out-of-date dependency in the \u201cFusion File Manager\u201 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2023-4178 (Authentication Bypass by Spoofing vulnerability in Neutron Neutron Sma ...)
 	NOT-FOR-US: Neutron Smart VMS
 CVE-2023-4034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Digita Information Technology Smartrise Document Management System
 CVE-2023-41317 (The Apollo Router is a configurable, high-performance graph router wri ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router
 CVE-2023-41108 (TEF portal 2023-07-17 is vulnerable to authenticated remote code execu ...)
 	NOT-FOR-US: TEF portal
 CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site scripti ...)
@@ -93,7 +93,7 @@ CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site s
 CVE-2023-41012 (An issue in China Mobile Communications China Mobile Intelligent Home  ...)
 	NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway
 CVE-2023-41009 (File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: bolo-solo
 CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unautho ...)
 	NOT-FOR-US: KnowStreaming
 CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -105,7 +105,7 @@ CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign Boo
 CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...)
 	NOT-FOR-US: Cuppa CMS
 CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: abupy
 CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...)
 	NOT-FOR-US: IceWarp
 CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...)
@@ -154,33 +154,33 @@ CVE-2023-39357 (Cacti is an open source operational monitoring and fault managem
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
 CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Audimexee
 CVE-2023-35124 (An information disclosure vulnerability exists in the OAS Engine confi ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-35072 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Coyav Travel Proagent
 CVE-2023-35068 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: BMA Personnel Tracking System
 CVE-2023-35065 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Paint Production Management
 CVE-2023-34998 (An authentication bypass vulnerability exists in the OAS Engine functi ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-34994 (An improper resource allocation vulnerability exists in the OAS Engine ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-34353 (An authentication bypass vulnerability exists in the OAS Engine authen ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-34317 (An improper input validation vulnerability exists in the OAS Engine Us ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-32615 (A file write vulnerability exists in the OAS Engine configuration func ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-32271 (An information disclosure vulnerability exists in the OAS Engine confi ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-32086
 	REJECTED
 CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine functi ...)
-	TODO: check
+	NOT-FOR-US: OAS Engine
 CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
 	- axis <unfixed> (bug #1051288)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1
@@ -277,11 +277,11 @@ CVE-2023-41058 (Parse Server is an open source backend server. In affected versi
 CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version in proje ...)
 	TODO: check
 CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...)
-	TODO: check
+	NOT-FOR-US: LibreY
 CVE-2023-41054 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...)
-	TODO: check
+	NOT-FOR-US: LibreY
 CVE-2023-41052 (Vyper is a Pythonic Smart Contract Language. In affected versions the  ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2023-40937
 	REJECTED
 CVE-2023-40936



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/912fe749ce6fbbf5ae8ddd242ffcdd5f251a8ed5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/912fe749ce6fbbf5ae8ddd242ffcdd5f251a8ed5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/bef79a4e/attachment.htm>


More information about the debian-security-tracker-commits mailing list