Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83b26d61 by Moritz Muehlenhoff at 2023-07-07T13:17:34+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2023-37454 (An issue was discovered in the Linux kernel
through 6.4.2. A cra
CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux
kernel throu ...)
- linux <unfixed>
CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0
authorizatio ...)
- TODO: check
+ NOT-FOR-US: league/oauth2-server
CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module.
Successful ...)
NOT-FOR-US: Huawei
CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in
the atcm ...)
@@ -143,11 +143,11 @@ CVE-2022-48508 (Inappropriate authorization vulnerability
in the system apps. Su
CVE-2022-48507 (Vulnerability of identity verification being bypassed in the
storage m ...)
NOT-FOR-US: Huawei
CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows
attackers to cau ...)
- TODO: check
+ NOT-FOR-US: PX4-Autopilot
CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput
module.Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode.
Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-32258
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
@@ -186,11 +186,11 @@ CVE-2023-32247 [ksmbd: destroy expired sessions]
CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository
fossbillin ...)
NOT-FOR-US: fossbilling
CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
- TODO: check
+ NOT-FOR-US: openitcockpit
CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content
management s ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2023-36827 (Fides is an open-source privacy engineering platform for
managing the ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path
traversal vulne ...)
NOT-FOR-US: Uptime Kuma
CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an
authenticated at ...)
@@ -232,7 +232,7 @@ CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9
(13.0.9), 2021.1.7 (
CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11),
2021.0.9 (13.0 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4
allows Pr ...)
- TODO: check
+ NOT-FOR-US: protobuf.js
CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an
authenticated o ...)
NOT-FOR-US: Loxone Miniserver Go
CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before
14.2 is cal ...)
@@ -6600,9 +6600,9 @@ CVE-2023-31226 (The SDK for the MediaPlaybackController
module has improper perm
CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful
exploita ...)
NOT-FOR-US: Huawei
CVE-2023-31194 (An access violation vulnerability exists in the
GraphPlanar::Write fun ...)
- TODO: check
+ NOT-FOR-US: Diagon
CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the
Sequence::Dra ...)
- TODO: check
+ NOT-FOR-US: Diagon
CVE-2023-2314
RESERVED
CVE-2023-2313
@@ -8368,83 +8368,83 @@ CVE-2023-30680
CVE-2023-30679
RESERVED
CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar
application pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30675 (Improper authentication in Samsung Pass prior to version
4.2.03.1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30674 (Improper configuration in Samsung Internet prior to version
21.0.0.41 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart
Switch P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart
Switch fo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30671 (Logic error in package installation via adb command prior to
SMR Jul-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of
libsec-ril pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of
libsec-ril ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of
libsec-ril pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30667 (Improper access control in Audio system service prior to SMR
Jul-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30666 (Improper input validation vulnerability in
DoOemImeiSetPreconfig in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in
libsec- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN
prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30663 (Improper input validation vulnerability in
OemPersonalizationSetLock i ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds
in UwbAo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30661 (Exposure of Sensitive Information vulnerability in
getChipInfos in Uwb ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30660 (Exposure of Sensitive Information vulnerability in
getDefaultChipId in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30659 (Improper input validation vulnerability in Transaction prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30657 (Improper input validation vulnerability in
EnhancedAttestationResult p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior
to SMR Ju ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30654
RESERVED
CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput
HAL servic ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of
sysinput HAL se ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput
HAL servic ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL
service ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of
RILD prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30648 (Stack out-of-bounds write vulnerability in
IpcRxImeiUpdateImeiNoti of ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30647 (Heap out of bound write vulnerability in
IpcRxUsimPhoneBookCapa of RIL ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of
RILD pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of
RILD pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of
RILD prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes
Service p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR
Jul-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a
stored ...)
NOT-FOR-US: Archer
CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch
10 befor ...)
@@ -8529,7 +8529,7 @@ CVE-2023-30608 (sqlparse is a non-validating SQL parser
module for Python. In af
NOTE: Introduced by:
https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
(0.1.15)
NOTE: Fixed by:
https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb
(0.4.4)
CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian
Jira. Start ...)
- TODO: check
+ NOT-FOR-US: icingaweb2-module-jira
CVE-2023-30606 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery
project cont ...)
@@ -9548,21 +9548,21 @@ CVE-2023-30328 (An issue in the helper tool of
Mailbutler GmbH Shimo VPN Client
CVE-2023-30327
RESERVED
CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in
/WebCont ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in
/src/chatbotap ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30324
RESERVED
CVE-2023-30323 (SQL Injection vulnerability in username field in
/src/chatbotapp/chatW ...)
- TODO: check
+ NOT-FOR-US: Payatu chatengine
CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in
/src/cha ...)
- TODO: check
+ NOT-FOR-US: Payatu chatengine
CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field
in /src/ ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field
in /src/ ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in
/src/cha ...)
- TODO: check
+ NOT-FOR-US: wliang6 ChatEngine
CVE-2023-30318
RESERVED
CVE-2023-30317
@@ -9814,7 +9814,7 @@ CVE-2023-30197 (Incorrect Access Control in the module
"My inventory" (myinvento
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect
Access Co ...)
NOT-FOR-US: Prestashop
CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up
to 1.1. ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL
Injection via ...)
NOT-FOR-US: Prestashop
CVE-2023-30193
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b26d61edae2a0fa9657d69b79815de3beb7baa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b26d61edae2a0fa9657d69b79815de3beb7baa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
