Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e10d7ed by Moritz Muehlenhoff at 2023-07-31T10:15:21+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,11 +58,11 @@ CVE-2023-39190
CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain
a code i ...)
NOT-FOR-US: university compass
CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code
injection vul ...)
- TODO: check
+ NOT-FOR-US: oscore
CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain
a code i ...)
NOT-FOR-US: wix-embedded-mysql
CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a
code inje ...)
- TODO: check
+ NOT-FOR-US: stanford-parser
CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code
injection vuln ...)
NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI)
CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code
injection ...)
@@ -76,7 +76,7 @@ CVE-2023-39013 (Duke v1.2 and below was discovered to contain
a code injection v
CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection
vulnerability v ...)
TODO: check
CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2023-38685 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-38684 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
@@ -104,7 +104,7 @@ CVE-2023-31933 (Sql injection vulnerability found in Rail
Pass Management System
CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management
System v.1.0 ...)
NOT-FOR-US: Rail Pass Management System
CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned
above. A ...)
- TODO: check
+ NOT-FOR-US: ABB AO-OPC
CVE-2023-3990 (A vulnerability classified as problematic has been found in
Mingsoft M ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store
System 1.0. ...)
@@ -126,29 +126,29 @@ CVE-2023-3774 (An unhandled error in Vault Enterprise's
namespace creation may c
CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS
Scripting4 ...)
NOT-FOR-US: CODESYS
CVE-2023-38609 (An injection issue was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input
validat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38599 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38598 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38592 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38590 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38571 (This issue was addressed with improved validation of symlinks.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is
vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-36495 (An integer overflow was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-34425 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to
Improper P ...)
NOT-FOR-US: TeleAdapt RoomCast TA-2400
CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of
a Hard- ...)
@@ -158,13 +158,13 @@ CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through
3.1 is vulnerable to Impr
CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from
Cleartext Stor ...)
NOT-FOR-US: TeleAdapt RoomCast TA-2400
CVE-2023-32654 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32445 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32444 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32427 (This issue was addressed by using HTTPS when sending
information over ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-37369
- qt6-base <unfixed>
[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -19193,7 +19193,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed
with improved input validati
NOTE:
https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
CVE-2023-28203 (The issue was addressed with improved checks. This issue is
fixed in A ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-28202 (This issue was addressed with improved state management. This
issue is ...)
NOT-FOR-US: Apple
CVE-2023-28201 (This issue was addressed with improved state management. This
issue is ...)
@@ -32280,7 +32280,7 @@ CVE-2023-23766
CVE-2023-23765
RESERVED
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23763
RESERVED
CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
@@ -54583,11 +54583,11 @@ CVE-2022-43705 (In Botan before 2.19.3, it is
possible to forge OCSP responses d
CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware
1.3.6, a ...)
NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat
CVE-2022-43703 (An installer that loads or executes files using an
unconstrained searc ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2022-43702 (When the directory containing the installer does not have
sufficiently ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2022-43701 (When the installation directory does not have sufficiently
restrictive ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2022-43700
RESERVED
CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail
account di ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
