[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) Thu, 09 Nov 2023 00:30:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
258e1d85 by Salvatore Bonaccorso at 2023-11-09T09:29:31+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,9 +9,9 @@ CVE-2023-4891 (A potential use-after-free vulnerability was 
reported in the Leno
 CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo 
preloaded  ...)
        NOT-FOR-US: Lenovo
 CVE-2023-4632 (An uncontrolled search path vulnerability was reported in 
Lenovo Syste ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
-       TODO: check
+       NOT-FOR-US: Zavio
 CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in 
Telit Cinter ...)
        NOT-FOR-US: Telit Cinterion
 CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local 
attacker to ex ...)
@@ -43,63 +43,63 @@ CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a 
heap-use-after-free v
        - jbig2enc <unfixed>
        NOTE: https://github.com/agl/jbig2enc/issues/84
 CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a 
private  ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Server
 CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the 
confident ...)
        TODO: check
 CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
-       TODO: check
+       NOT-FOR-US: Zavio
 CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm 
SMM drive ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-45078 (A memory leakage vulnerability was reported in the 
DustFilterAlertSmm  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740 
DXE driver ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140 
DXE driver ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-45075 (A memory leakage vulnerability was reported in the 
SWSMI_Shadow DXE dr ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
-       TODO: check
+       NOT-FOR-US: Zavio
 CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in 
some Lenovo ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in 
some Leno ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some 
Lenovo  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some 
Lenovo D ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some 
Lenovo De ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some 
Lenovo D ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable 
module in som ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43574 (A buffer over-read was reported in the 
LEMALLDriversConnectedEventHook ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43573 (A buffer overflow was reported in the 
LEMALLDriversConnectedEventHook  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader 
module in s ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader 
module in so ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43570 (A potential vulnerability was reported in the SMI callback 
function of ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some 
Lenovo Des ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey 
module in ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey 
module in  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
-       TODO: check
+       NOT-FOR-US: Zavio
 CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,  
CB6231, ...)
-       TODO: check
+       NOT-FOR-US: Zavio
 CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to 
contain an ...)
        TODO: check
 CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site 
scripting (XSS)  ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 
allows Dire ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Server
 CVE-2023-6012 (An improper input validation vulnerability has been found in 
Lanaccess ...)
        NOT-FOR-US: Lanaccess ONSAFE MonitorHM
 CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under 
certain  ...)
@@ -29395,7 +29395,7 @@ CVE-2023-29976
 CVE-2023-29975
        RESERVED
 CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows 
attackers to co ...)
-       TODO: check
+       NOT-FOR-US: Pfsense CE
 CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which 
can lead ...)
        NOT-FOR-US: Pfsense CE
 CVE-2023-29972
@@ -48312,7 +48312,7 @@ CVE-2023-0395 (The menu shortcode WordPress plugin 
through 1.0 does not validate
 CVE-2023-0393
        RESERVED
 CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used 
an unqu ...)
-       TODO: check
+       NOT-FOR-US: Okta LDAP Agent Update service
 CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to 
encrypt ...)
        NOT-FOR-US: MGT-COMMERCE
 CVE-2022-48278
@@ -143814,7 +143814,7 @@ CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 
can crash applications such a
 CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such 
as Linp ...)
        NOT-FOR-US: Belledonne Belle-sip
 CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before 
1.3.3. A ...)
-       TODO: check
+       NOT-FOR-US: Spiceworks
 CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The 
escaping of o ...)
        - php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
        NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 
3.1.4+dfsg-1 and



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258e1d858efe0b9543877ec6c3e015e629c0c373

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258e1d858efe0b9543877ec6c3e015e629c0c373
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to