[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 05 Oct 2023 08:02:35 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d86e7abf by Moritz Muehlenhoff at 2023-10-05T16:59:03+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about 
the host ...)
-       TODO: check
+       NOT-FOR-US: NetBSD ftpd
 CVE-2023-44389 (Zope is an open-source web application server. The title 
property, ava ...)
        NOT-FOR-US: Zope
 CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) 
vulnerabilities t ...)
@@ -7,21 +7,21 @@ CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site 
scripting (XSS) vulnerabili
 CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. 
Prior t ...)
        NOT-FOR-US: Soft Serve
 CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized 
social medi ...)
-       TODO: check
+       NOT-FOR-US: Nexkey
 CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair 
GraphQL ...)
-       TODO: check
+       NOT-FOR-US: Altair
 CVE-2023-43793 (Misskey is an open source, decentralized social media 
platform. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Misskey
 CVE-2023-43321 (File Upload vulnerability in Digital China Networks 
DCFW-1800-SDC v.3. ...)
        NOT-FOR-US: Digital China Networks DCFW-1800-SDC
 CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute 
code and a ...)
-       TODO: check
+       NOT-FOR-US: Kong Insomnia
 CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 
R3.01.03 al ...)
-       TODO: check
+       NOT-FOR-US: Atos Unify OpenScape Session Border Controller
 CVE-2023-36618 (Atos Unify OpenScape Session Border Controller through V10 
R3.01.03 al ...)
-       TODO: check
+       NOT-FOR-US: Atos Unify OpenScape Session Border Controller
 CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a 
Buffer Ove ...)
-       TODO: check
+       NOT-FOR-US: IQ Engine
 CVE-2023-3430
        - openimageio 2.4.13.0+dfsg-1
        NOTE: https://github.com/OpenImageIO/oiio/issues/3840
@@ -81,9 +81,9 @@ CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 
1.6 version, affect
 CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server 
1.6 vers ...)
        NOT-FOR-US: Easy Address Book Web Server
 CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand 
until  ...)
-       TODO: check
+       NOT-FOR-US: Widestand CMS
 CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web 
interfac ...)
-       TODO: check
+       NOT-FOR-US: Conacwin
 CVE-2023-44210 (Sensitive information disclosure and manipulation due to 
missing autho ...)
        NOT-FOR-US: Acronis
 CVE-2023-44209 (Local privilege escalation due to improper soft link handling. 
The fol ...)
@@ -99,17 +99,17 @@ CVE-2023-43804 (urllib3 is a user-friendly HTTP client 
library for Python. urlli
 CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, 
UR35, UR41 b ...)
        NOT-FOR-US: Milesight
 CVE-2023-42824 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: Redisson
 CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a 
platform for c ...)
        NOT-FOR-US: Mozilla Common Voice
 CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior 
to vers ...)
-       TODO: check
+       NOT-FOR-US: Hydra
 CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior 
to vers ...)
-       TODO: check
+       NOT-FOR-US: Hydra
 CVE-2023-41094 (TouchLink packets processed after timeout or out of range due 
to Opera ...)
-       TODO: check
+       NOT-FOR-US: TouchLink
 CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM 
Daeja ViewOn ...)
        NOT-FOR-US: IBM
 CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore 
Enhance ...)
@@ -119,19 +119,19 @@ CVE-2023-40559 (Cross-Site Request Forgery (CSRF) 
vulnerability in theDotstore D
 CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 
7.2.3.5, and 7. ...)
        NOT-FOR-US: IBM
 CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative 
path trave ...)
-       TODO: check
+       NOT-FOR-US: Aqua Drive
 CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 
releas ...)
-       TODO: check
+       NOT-FOR-US: Trellix
 CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. 
This issue ...)
        - tiff 4.5.1~rc3-1
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475
        NOTE: Fixed by: 
https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a
 (v4.5.1rc1)
 CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's 
ConacWin C ...)
-       TODO: check
+       NOT-FOR-US: Conacwin
 CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting 
version 1. ...)
-       TODO: check
+       NOT-FOR-US: HelpDezk Community
 CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community 
affecting v ...)
-       TODO: check
+       NOT-FOR-US: HelpDezk Community
 CVE-2023-39194 [net: xfrm: Fix xfrm_address_filter OOB read]
        - linux 6.4.13-1
        [bookworm] - linux 6.1.52-1
@@ -152,15 +152,15 @@ CVE-2023-39191 (An improper input validation flaw was 
found in the eBPF subsyste
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1489/
        NOTE: Debian sets BPF_UNPRIV_DEFAULT_OFF=y
 CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users 
of the  ...)
-       TODO: check
+       NOT-FOR-US: Hydra
 CVE-2023-38538 (A race condition in an event subsystem led to a heap 
use-after-free is ...)
-       TODO: check
+       NOT-FOR-US: Whatsapp
 CVE-2023-38537 (A race condition in a network transport subsystem led to a 
heap use-af ...)
-       TODO: check
+       NOT-FOR-US: Whatsapp
 CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole 
WP-Copy ...)
-       TODO: check
+       NOT-FOR-US: Chetan Gole WP-Copy
 CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain 
2023.38.001 ...)
-       TODO: check
+       NOT-FOR-US: Sage
 CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before 
SMCCC sup ...)
        NOT-FOR-US: FreeBSD
 CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only 
for the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86e7abfa989d05a5ee2901761100b50f68ccd04

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86e7abfa989d05a5ee2901761100b50f68ccd04
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to