Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e498844c by Salvatore Bonaccorso at 2023-12-14T09:33:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory
Management Sy ...)
- TODO: check
+ NOT-FOR-US: CodeAstro POS and Inventory Management System
CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check
vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open
Redirect\u2019 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior
to vers ...)
TODO: check
CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows
before ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before
Q.2020.4 (A ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5
can be m ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before
Q.2020.3 (ANS ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before
Q.2020.3 (ANS ...)
- TODO: check
+ NOT-FOR-US: PRIMX
CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable
to stac ...)
TODO: check
CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG
images Do ...)
TODO: check
CVE-2023-50248 (CKAN is an open-source data management system for powering
data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable
to heap ...)
TODO: check
CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC,
3948-VED and ...)
@@ -31,13 +31,13 @@ CVE-2023-49878 (IBM System Storage Virtualization Engine
TS7700 3957-VEC, 3948-V
CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC,
3948-VED and ...)
NOT-FOR-US: IBM
CVE-2023-49646 (Improper authentication in some Zoom clients before version
5.16.5 may ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior
to versio ...)
TODO: check
CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a
remote cod ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server.
In versi ...)
TODO: check
CVE-2023-47623 (Scrypted is a home video integration and automation platform.
In versi ...)
@@ -57,25 +57,25 @@ CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow
a non-privileged loca
CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and
before wa ...)
TODO: check
CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI
Client for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom
SDKs for i ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile
App for ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and
IBM Stora ...)
NOT-FOR-US: IBM
CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect
Secure below ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect
Secure below ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in
Emlog Pro ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in
Common Serv ...)
TODO: check
CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3
allows atta ...)
- TODO: check
+ NOT-FOR-US: DedeBIZ
CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption -
incomplete fix for CVE-2020-25659]
- python-cryptography <unfixed>
NOTE: https://github.com/pyca/cryptography/issues/9785
@@ -37061,7 +37061,7 @@ CVE-2023-29400 (Templates containing actions in
unquoted HTML attributes (e.g. "
NOTE:
https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5
(go1.19.9)
NOTE:
https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad
(go1.20.4)
CVE-2023-1904 (In affected versions of Octopus Server it is possible for the
OpenID c ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not
perform ...)
NOT-FOR-US: SAP
CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global
reference to ...)
@@ -48999,13 +48999,13 @@ CVE-2023-25652 (Git is a revision control system.
Prior to versions 2.30.9, 2.31
NOTE: https://lore.kernel.org/lkml/[email protected]/
NOTE:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
(v2.30.9)
CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile
internetprod ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD
iRAI. Sin ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25649 (There is a command injection vulnerability in a mobile
internet produc ...)
NOT-FOR-US: ZTE
CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's
ZXCLOUD iRAI ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25647 (There is a permission and access control vulnerability in some
ZTE mob ...)
NOT-FOR-US: ZTE
CVE-2023-25646
@@ -49013,11 +49013,11 @@ CVE-2023-25646
CVE-2023-25645 (There is a permission and access control vulnerability in some
ZTE And ...)
NOT-FOR-US: ZTE
CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile
internet ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile
internet ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile
internetpro ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to
5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
@@ -63396,7 +63396,7 @@ CVE-2023-21753 (Event Tracing for Windows Information
Disclosure Vulnerability)
CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e498844cfcca9f995430de85e9f73ec517f92153
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
