[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 07 Sep 2023 13:28:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fdf5add8 by Salvatore Bonaccorso at 2023-09-07T22:27:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft 
versions 4.0. ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior 
to2023.1.9  ...)
-       TODO: check
+       NOT-FOR-US: JSCAPE MFT Server
 CVE-2023-41316 (Tolgee is an open-source localization platform. Due to lack of 
validat ...)
        TODO: check
 CVE-2023-41064 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-41061 (A validation issue was addressed with improved logic. This 
issue is fi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-40942 (Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack 
overflow ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-40060 (A vulnerability has been identified within Serv-U 15.4 and 
15.4 Hotfix ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds Serv-U
 CVE-2023-3747 (Zero Trust Administrators have the ability to disallow end 
users from  ...)
        TODO: check
 CVE-2023-39711 (Multiple cross-site scripting (XSS) vulnerabilities in Free 
and Open S ...)
-       TODO: check
+       NOT-FOR-US: Free and Open Source Inventory Management System
 CVE-2023-39424 (A vulnerability inRDPngFileUpload.dll, as used in theIRM Next 
Generati ...)
-       TODO: check
+       NOT-FOR-US: IRM Next Generation booking system
 CVE-2023-39423 (The RDPData.dll file exposes the/irmdata/api/common endpoint 
that hand ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2023-39422 (The/irmdata/api/ endpoints exposed by theIRM Next Generation 
booking e ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2023-39421 (The RDPWin.dll component as used in the IRM Next Generation 
booking en ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2023-39420 (The RDPCore.dll component as used in the IRM Next Generation 
booking e ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2023-37798 (A stored cross-site scripting (XSS) vulnerability in the new 
REDCap pr ...)
-       TODO: check
+       NOT-FOR-US: Vanderbilt REDCap
 CVE-2023-36635 (An improper access control in Fortinet FortiSwitchManager 
version 7.2. ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-4815 (Missing Authentication for Critical Function in GitHub 
repository answ ...)
        NOT-FOR-US: answerdev/answer
 CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for 
WordPress i ...)
@@ -16744,7 +16744,7 @@ CVE-2023-30802
 CVE-2023-30801
        RESERVED
 CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected 
by a he ...)
-       TODO: check
+       NOT-FOR-US: MikroTik
 CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 
6.48.6 ar ...)
        NOT-FOR-US: MikroTik RouterOS
 CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python 
framework bef ...)
@@ -97001,25 +97001,25 @@ CVE-2022-30648 (Adobe Illustrator versions 26.0.2 
(and earlier) and 25.4.5 (and
 CVE-2022-30647 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
        NOT-FOR-US: Adobe
 CVE-2022-30646 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30645 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30644 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30643 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30642 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30641 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30640 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30639 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30638 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30637 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-30636
        RESERVED
 CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob 
before Go 1.1 ...)
@@ -130645,21 +130645,21 @@ CVE-2021-4013
 CVE-2021-4012
        RESERVED
 CVE-2021-44195 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44194 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44193 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44192 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44191 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44190 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44189 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44188 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 
(and earlie ...)
        NOT-FOR-US: Adobe
 CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 
(and earlie ...)
@@ -133136,11 +133136,11 @@ CVE-2021-43755 (Adobe After Effects versions 22.0 
(and earlier) and 18.4.2 (and
 CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an 
Out-of-bo ...)
        NOT-FOR-US: Adobe
 CVE-2021-43753 (Adobe Lightroom versions 4.4 (and earlier) are affected by a 
use-after ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 
(and earlie ...)
        NOT-FOR-US: Adobe
 CVE-2021-43751 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected 
by a Nu ...)
        NOT-FOR-US: Adobe
 CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected 
by a Nu ...)
@@ -136254,7 +136254,7 @@ CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 
(and earlier) is affected by
 CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected 
by a memo ...)
        NOT-FOR-US: Adobe
 CVE-2021-43027 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected 
by a memo ...)
        NOT-FOR-US: Adobe
 CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected 
by a memo ...)
@@ -136272,7 +136272,7 @@ CVE-2021-43020
 CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by 
a privi ...)
        NOT-FOR-US: Adobe
 CVE-2021-43018 (Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are 
affected  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by 
an Appl ...)
        NOT-FOR-US: Adobe
 CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null 
pointer  ...)
@@ -136990,7 +136990,7 @@ CVE-2021-42736
 CVE-2021-42735 (Adobe Photoshop version 22.5.1 (and earlier versions ) is 
affected by  ...)
        NOT-FOR-US: Adobe
 CVE-2021-42734 (Adobe Photoshop version 22.5.1 and earlierversionsare affected 
by an o ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a 
Null pointe ...)
        NOT-FOR-US: Adobe
 CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788))
@@ -139465,7 +139465,7 @@ CVE-2021-42267 (Adobe Animate version 21.0.9 (and 
earlier) is affected by a memo
 CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a 
memory cor ...)
        NOT-FOR-US: Adobe
 CVE-2021-42265 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null 
pointer  ...)
        NOT-FOR-US: Adobe
 CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null 
pointer  ...)
@@ -143284,7 +143284,7 @@ CVE-2021-40797 (An issue was discovered in the routes 
middleware in OpenStack Ne
 CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null 
pointer  ...)
        NOT-FOR-US: Adobe
 CVE-2021-40795 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by 
a memor ...)
        NOT-FOR-US: Adobe
 CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by 
a memor ...)
@@ -143292,9 +143292,9 @@ CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 
(and earlier) is affected by a
 CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by 
a memor ...)
        NOT-FOR-US: Adobe
 CVE-2021-40791 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40790 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) 
is affect ...)
        NOT-FOR-US: Adobe
 CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) 
is affect ...)
@@ -143433,7 +143433,7 @@ CVE-2021-40725 (Acrobat Reader DC versions 
2021.005.20060 (and earlier), 2020.00
 CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are 
affected  ...)
        NOT-FOR-US: Adobe
 CVE-2021-40723 (Acrobat Reader DC versions versions 2020.013.20074 (and 
earlier), 2020 ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 
(and bel ...)
        NOT-FOR-US: Adobe
 CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a 
reflected  ...)
@@ -143486,9 +143486,9 @@ CVE-2021-40701 (Adobe Premiere Elements version 
2021.2235820 (and earlier) is af
 CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is 
affected ...)
        NOT-FOR-US: Adobe
 CVE-2021-40699 (ColdFusion version 2021 update 1 (and earlier) and versions 
2018.10 (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40698 (ColdFusion version 2021 update 1 (and earlier) and versions 
2018.10 (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 
Release ...)
        NOT-FOR-US: Adobe
 CVE-2021-40696
@@ -252716,15 +252716,15 @@ CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2 
and earlier may permit an una
 CVE-2020-10133
        RESERVED
 CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin 
resource s ...)
-       TODO: check
+       NOT-FOR-US: SearchBlox
 CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro 
injection i ...)
-       TODO: check
+       NOT-FOR-US: SearchBlox
 CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic 
bypass w ...)
-       TODO: check
+       NOT-FOR-US: SearchBlox
 CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged 
Escalation ...)
-       TODO: check
+       NOT-FOR-US: SearchBlox
 CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to 
stored c ...)
-       TODO: check
+       NOT-FOR-US: SearchBlox
 CVE-2020-10127
        RESERVED
 CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly 
validate  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf5add84554f22fa714d291d52a448eeb24ac6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdf5add84554f22fa714d291d52a448eeb24ac6e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to