[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 11 Aug 2023 14:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2a1f284f by Salvatore Bonaccorso at 2023-08-11T23:10:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of 
the Data Distributi
        - fastdds 2.10.1+ds-2
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp
 CVE-2023-32267 (A potential vulnerability has been identified in OpenText / 
Micro Focu ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus
 CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor 
prior to 2. ...)
        - froxlor <itp> (bug #581792)
 CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging 
result ...)
@@ -54,7 +54,7 @@ CVE-2023-40235 (An NTLM Hash Disclosure was discovered in 
ArchiMate Archi before
 CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
        NOT-FOR-US: MISP
 CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract 
developm ...)
-       TODO: check
+       NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 
8.2.* bef ...)
        - php8.2 <unfixed>
        - php7.4 <removed>
@@ -70,7 +70,7 @@ CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* 
before 8.1.22, and 8.2
        NOTE: 
https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 
(php-8.0.30)
        NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8
 CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
-       TODO: check
+       NOT-FOR-US: Apache Airflow Drill Provider
 CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows 
reflected  ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37513 (When the app is put to the background and the user goes to the 
task sw ...)
@@ -80,7 +80,7 @@ CVE-2023-37512 (When the app is put to the background and the 
user goes to the t
 CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a 
certain  ...)
        NOT-FOR-US: HCL
 CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, 
if exploi ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds Serv-U
 CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a 
privileg ...)
        NOT-FOR-US: Intel
 CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID 
softwar ...)
@@ -96,31 +96,31 @@ CVE-2023-33877 (Out-of-bounds write in some Intel(R) 
RealSense(TM) ID software f
 CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID 
softwar ...)
        NOT-FOR-US: Intel
 CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) 
SDKs in v ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID 
softwar ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, 
Intel(R) NU ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32609 (Improper access control in the Intel Unite(R) android 
application befo ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software 
for Inte ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware 
before versi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may 
allow a ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool 
software befor ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software 
for Inte ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) 
NUCs may  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID 
software for  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK 
before versi ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) 
NUCs may al ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in 
RealMedia file handling]
        - gst-plugins-ugly1.0 <unfixed>
        - gst-plugins-ugly0.10 <removed>
@@ -163,7 +163,7 @@ CVE-2023-39959 (Nextcloud Server provides data storage for 
Nextcloud, an open so
 CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open 
source c ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio 
calls thr ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Talk Android
 CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud 
platfor ...)
        NOT-FOR-US: Notes app for NextCloud
 CVE-2023-39954 (user_oidc provides the OIDC connect user backend for 
Nextcloud, an ope ...)
@@ -837,7 +837,7 @@ CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability 
in Adiscon Aiscon Log
 CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the 
passwor ...)
        NOT-FOR-US: PHPJabbers
 CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure 
Vulnerab ...)
@@ -885,7 +885,7 @@ CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in GT
 CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in GetB ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor 
PowerF ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to