[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 15 Nov 2023 01:46:00 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
233ebb45 by Moritz Muehlenhoff at 2023-11-15T10:45:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2023-47130 (Yii is an open source PHP web framework. 
yiisoft/yii before vers
 CVE-2023-47125 (TYPO3 is an open source PHP based web content management 
system releas ...)
        NOT-FOR-US: TYPO3
 CVE-2023-46672 (An issue was identified by Elastic whereby sensitive 
information is re ...)
-       TODO: check
+       - logstash <itp> (bug #664841)
 CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0 
allows a loc ...)
        NOT-FOR-US: Inventory Management
 CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 
allows a loc ...)
@@ -91,7 +91,7 @@ CVE-2023-46581 (SQL injection vulnerability in Inventory 
Management v.1.0 allows
 CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory 
Management V1.0  ...)
        NOT-FOR-US: Inventory Management
 CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed 
ledger f ...)
-       TODO: check
+       NOT-FOR-US: Hyperledger Fabric
 CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and 
fixes. The Ge ...)
        - yt-dlp <unfixed>
        [bookworm] - yt-dlp <no-dsa> (Minor issue)
@@ -136,7 +136,7 @@ CVE-2023-45615 (There are buffer overflow vulnerabilities 
in the underlying CLI
 CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying 
CLI servic ...)
        NOT-FOR-US: Aruba
 CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: ETS Soft ybc_blog
 CVE-2023-43591 (Improper privilege management  in Zoom Rooms for macOS before 
version  ...)
        NOT-FOR-US: Zoom
 CVE-2023-43590 (Link following  in Zoom Rooms for macOS before version 5.16.0 
may allo ...)
@@ -148,53 +148,53 @@ CVE-2023-43582 (Improper authorization in some Zoom 
clients may allow an authori
 CVE-2023-41718 (When a particular process flow is initiated, an attacker may 
be able t ...)
        NOT-FOR-US: Ivanti
 CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected 
cross-site script ...)
-       TODO: check
+       NOT-FOR-US: EyouCms
 CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain 
incorrect acc ...)
        NOT-FOR-US: MikroTik
 CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to 
contain mul ...)
        NOT-FOR-US: MyPrestaModules ordersexport
 CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker 
may use  ...)
-       TODO: check
+       NOT-FOR-US: AMI
 CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker 
may use  ...)
-       TODO: check
+       NOT-FOR-US: AMI
 CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker 
may use  ...)
-       TODO: check
+       NOT-FOR-US: AMI
 CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 
older a ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions 
11.10, 1 ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an 
unauthenticated user ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients 
may allow ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an 
unauthenticated user ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom 
Desktop C ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and 
Zoom VDI Cl ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom 
clients may al ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-38544 (A logged in user can modify specific files that may lead to 
unauthoriz ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-38543 (When a specific component is loaded a local attacker and is 
able to se ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-38043 (When a specific component is loaded a local attacker and is 
able to se ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365 
Spoofing Vulner ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure 
Access Window ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication 
bypass vuln ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution 
Vulnerability]
        - gimp <unfixed>
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
@@ -245,7 +245,7 @@ CVE-2023-6111 (A use-after-free vulnerability in the Linux 
kernel's netfilter: n
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 (6.7-rc1)
 CVE-2023-48094 (A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 
allows a ...)
-       TODO: check
+       NOT-FOR-US: CesiumJS
 CVE-2023-48021 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site 
Request Forg ...)
        NOT-FOR-US: Dreamer CMS
 CVE-2023-48020 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site 
Request Forg ...)
@@ -42090,7 +42090,7 @@ CVE-2023-26224
 CVE-2023-26223
        RESERVED
 CVE-2023-26222 (The Web Application component of TIBCO Software Inc.'s TIBCO 
EBX and T ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s 
Spotfire An ...)
        NOT-FOR-US: Spotfire Connectors component of TIBCO
 CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s 
Spotfire Analy ...)
@@ -63559,7 +63559,7 @@ CVE-2022-4107 (The SMSA Shipping for WooCommerce 
WordPress plugin before 1.0.5 d
 CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 
1.0.7 doe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 
and earlie ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45780
        RESERVED
 CVE-2022-45779



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233ebb45364d51d777cf6aa9ce3c15d3be393e80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/233ebb45364d51d777cf6aa9ce3c15d3be393e80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to