Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e651ad6 by Moritz Muehlenhoff at 2023-07-05T11:29:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin
users to exp ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in
Apache A ...)
- TODO: check
+ NOT-FOR-US: Apache Any23
CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of
service]
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486
@@ -76,7 +76,7 @@ CVE-2023-3503 (A vulnerability has been found in
SourceCodester Shopping Website
CVE-2023-3502 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Shopping Website
CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated
state para ...)
- TODO: check
+ NOT-FOR-US: @fastify/oauth2
CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not
prevent vis ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the
URL of ...)
@@ -11223,7 +11223,7 @@ CVE-2023-29461 (An arbitrary code execution
vulnerability contained in Rockwell
CVE-2023-29460 (An arbitrary code execution vulnerability contained in
Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android
exposes the ...)
- TODO: check
+ NOT-FOR-US: laola.redbull
CVE-2023-29458
RESERVED
CVE-2023-29457
@@ -13618,7 +13618,6 @@ CVE-2023-25180
NOTE: Be careful. Original fix introduces new bugs.
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
- TODO: isolate required commits from merge commit
CVE-2023-24593
RESERVED
- glib2.0 2.74.4-1
@@ -13630,7 +13629,6 @@ CVE-2023-24593
NOTE: Be careful. Original fix introduces new bugs.
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841
- TODO: isolate required commits from merge commit
CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and
classified a ...)
NOT-FOR-US: Rebuild
CVE-2023-1612 (A vulnerability, which was classified as critical, was found in
Rebuil ...)
@@ -14477,7 +14475,7 @@ CVE-2023-28544
CVE-2023-28543
RESERVED
CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status
information.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer
release ev ...)
NOT-FOR-US: Qualcomm
CVE-2023-28540
@@ -15121,9 +15119,9 @@ CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware
versions prior to 'T2600G
CVE-2023-28366
RESERVED
CVE-2023-28365 (A backup file vulnerability found in UniFi applications
(Version 7.3.8 ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2023-28364 (An Open Redirect vulnerability exists prior to version
1.52.117, where ...)
- TODO: check
+ - brave-browser <itp> (bug #864795)
CVE-2023-28363
RESERVED
CVE-2023-28362
@@ -15699,7 +15697,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed
with improved input validati
CVE-2023-28203
RESERVED
CVE-2023-28202 (This issue was addressed with improved state management. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28201 (This issue was addressed with improved state management. This
issue is ...)
NOT-FOR-US: Apple
CVE-2023-28200 (A validation issue was addressed with improved input
sanitization. Thi ...)
@@ -15721,7 +15719,7 @@ CVE-2023-28193
CVE-2023-28192 (A permissions issue was addressed with improved validation.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-28191 (This issue was addressed with improved redaction of sensitive
informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a
more secur ...)
NOT-FOR-US: Apple
CVE-2023-28189 (The issue was addressed with improved checks. This issue is
fixed in m ...)
@@ -16259,7 +16257,7 @@ CVE-2023-28031 (Dell BIOS contains an improper input
validation vulnerability. A
CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
@@ -16550,7 +16548,7 @@ CVE-2023-27966 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-27965 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2023-27964 (An authentication issue was addressed with improved state
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27963 (The issue was addressed with additional permissions checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-27962 (A logic issue was addressed with improved checks. This issue
is fixed ...)
@@ -16601,7 +16599,7 @@ CVE-2023-27942 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-27941 (A validation issue was addressed with improved input
sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2023-27940 (The issue was addressed with additional permissions checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27939
RESERVED
CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input
validati ...)
@@ -16624,7 +16622,7 @@ CVE-2023-27932 (This issue was addressed with improved
state management. This is
CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2023-27930 (A type confusion issue was addressed with improved checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-27929 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2023-27928 (A privacy issue was addressed with improved private data
redaction for ...)
@@ -16686,7 +16684,7 @@ CVE-2023-27910 (A user may be tricked into opening a
malicious FBX file that may
CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk\xae FBX\xae
SDK versi ...)
NOT-FOR-US: Autodesk
CVE-2023-27908 (A maliciously crafted DLL file can be forced to write beyond
allocated ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27907 (A malicious actor may convince a victim to open a malicious
USD file t ...)
NOT-FOR-US: Autodesk
CVE-2023-27906 (A malicious actor may convince a victim to open a malicious
USD file t ...)
@@ -18012,7 +18010,7 @@ CVE-2023-23572 (Cross-site scripting vulnerability in
SEIKO EPSON printers/netwo
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical
Records ...)
NOT-FOR-US: SourceCodester Electronic Medical Records System
CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x
products m ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in
GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
@@ -18817,7 +18815,7 @@ CVE-2023-27245 (A cross-site scripting (XSS)
vulnerability in File Management Pr
CVE-2023-27244
RESERVED
CVE-2023-27243 (An access control issue in Makves DCAP v3.0.0.122 allows
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Makves DCAP
CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to
contain a ...)
NOT-FOR-US: SourceCodester Loan Management System
CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to
contain a c ...)
@@ -20778,25 +20776,25 @@ CVE-2023-26437 (Denial of service vulnerability in
PowerDNS Recursor allows auth
NOTE:
https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8
(rec-4.7.5)
NOTE:
https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f
(rec-4.8.4)
CVE-2023-26436 (Attackers with access to the "documentconverterws" API were
able to in ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26435 (It was possible to call filesystem and network references
using the lo ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26434 (When adding an external mail account, processing of POP3
"capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26433 (When adding an external mail account, processing of IMAP
"capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26432 (When adding an external mail account, processing of SMTP
"capabilities ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local"
by the co ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26430
RESERVED
CVE-2023-26429 (Control characters were not removed when exporting user
feedback conte ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs,
including E- ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26427 (Default permissions for a properties file were too permissive.
Local s ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and
20.005.30 ...)
@@ -21036,13 +21034,13 @@ CVE-2023-0974
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a
null poi ...)
NOT-FOR-US: STEPTools ifcmesh library
CVE-2023-0972 (Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and
earlie ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0971 (A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier
allows au ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0970 (Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway
SDK ve ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0969 (A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier
allows an a ...)
- TODO: check
+ NOT-FOR-US: SiLabs
CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
NOT-FOR-US: Watu Quiz plugin for WordPress
CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with
normal user ...)
@@ -21126,7 +21124,7 @@ CVE-2023-26301
CVE-2023-26300
RESERVED
CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
NOT-FOR-US: HP
CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
@@ -21245,7 +21243,7 @@ CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x
before 6.5.2 allows sess
CVE-2023-26259
RESERVED
CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass.
The method ...)
- TODO: check
+ NOT-FOR-US: Arcserve
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems
Alliance (COV ...)
NOT-FOR-US: Connected Vehicle Systems Alliance
CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the
"STAGIL Na ...)
@@ -21379,17 +21377,17 @@ CVE-2022-48340 (In Gluster GlusterFS 11.0, there is
an xlators/cluster/dht/src/d
[buster] - glusterfs <no-dsa> (Minor issue)
NOTE: https://github.com/gluster/glusterfs/issues/3732
CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a
PRDiagPars ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a
PRDiagVeri ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48334 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a
drm_verify ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48333 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a
drm_verify ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48332 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a
drm_save_k ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48331 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a
drm_save_k ...)
- TODO: check
+ NOT-FOR-US: Widevine
CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2.
htmlfontify.el has ...)
{DSA-5360-1 DLA-3416-1}
- emacs 1:28.2+1-11 (bug #1031730)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e651ad63b1102281e7f6bb02a68c2367e9c5028
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e651ad63b1102281e7f6bb02a68c2367e9c5028
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
