Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0e11cb08 by Salvatore Bonaccorso at 2023-08-08T22:31:11+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,9 @@ CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...) - TODO: check + NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...) TODO: check CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) @@ -11,23 +11,23 @@ CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer ove CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) NOT-FOR-US: TOTOLINK CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: mAyaNet E-Commerce Software CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...) TODO: check CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Oduyo Online Collection Software CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: a2 License Portal System CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: a2 Camera Trap Tracking System CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) TODO: check CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...) @@ -43,11 +43,11 @@ CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) TODO: check CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) TODO: check CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) @@ -65,37 +65,37 @@ CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All ve CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) TODO: check CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...) - TODO: check + NOT-FOR-US: ASUS CVE-2023-38815 REJECTED CVE-2023-38814 REJECTED CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) - TODO: check + NOT-FOR-US: ChurchCRM CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...) TODO: check CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) @@ -133,55 +133,55 @@ CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All vers CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...) TODO: check CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability) TODO: check CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability) TODO: check CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38169 (Microsoft OLE DB Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) - TODO: check + NOT-FOR-US: Maid Hiring Management System CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) - TODO: check + NOT-FOR-US: Maid Hiring Management System CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) - TODO: check + NOT-FOR-US: Maid Hiring Management System CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Online Nurse Hiring System CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Online Nurse Hiring System CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Online Nurse Hiring System CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Online Nurse Hiring System CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) - TODO: check + NOT-FOR-US: Online Nurse Hiring System CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) - TODO: check + NOT-FOR-US: Judging Management System CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...) TODO: check CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) @@ -191,85 +191,85 @@ CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36873 (.NET Framework Spoofing Vulnerability) TODO: check CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...) - TODO: check + NOT-FOR-US: PEStudio CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...) - TODO: check + NOT-FOR-US: Zoom CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...) TODO: check CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e11cb0889385a619bcb7e01a2fc0a1ad7d70821 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits