[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 05 Jul 2023 06:40:35 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9cd8fcea by Moritz Muehlenhoff at 2023-07-05T15:39:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -452,7 +452,7 @@ CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure 
CAP_SYS_ADMIN privilege
 CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to 
error-b ...)
        NOT-FOR-US: Property Cloud Platform Management Center
 CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical 
information o ...)
-       TODO: check
+       NOT-FOR-US: Telegram on iOS
 CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin 
Communi ...)
        NOT-FOR-US: Xiamen Si Xin Communication Technology Video management 
system
 CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been 
identifi ...)
@@ -21581,11 +21581,11 @@ CVE-2023-26137
 CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are 
vulnerable to Pr ...)
        TODO: check
 CVE-2023-26135 (All versions of the package flatnest are vulnerable to 
Prototype Pollu ...)
-       TODO: check
+       NOT-FOR-US: Node flatnest
 CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: Node git-commit-info
 CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to 
Prototype ...)
-       TODO: check
+       NOT-FOR-US: progressbar.js
 CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to 
Prototyp ...)
        TODO: check
 CVE-2023-26131 (All versions of the package 
github.com/xyproto/algernon/engine; all ve ...)
@@ -21599,7 +21599,7 @@ CVE-2023-26130 (Versions of the package 
yhirose/cpp-httplib before 0.12.4 are vu
 CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command 
Injection ...)
        NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng)
 CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable 
to Comma ...)
-       TODO: check
+       NOT-FOR-US: Node keep-module-latest
 CVE-2023-26127 (All versions of the package n158 are vulnerable to Command 
Injection d ...)
        TODO: check
 CVE-2023-26126 (All versions of the package m.static are vulnerable to 
Directory Trave ...)
@@ -21691,7 +21691,7 @@ CVE-2023-0922 (The Samba AD DC administration tool, 
when operating against a rem
 CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all 
versions fro ...)
        - gitlab 15.10.8+ds1-2
 CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write 
vulnerability. A ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a 
Flowmon user  ...)
        NOT-FOR-US: Progress Flowmon Packet Investigator
 CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint 
failed to s ...)
@@ -21725,7 +21725,7 @@ CVE-2023-26087
 CVE-2023-26086
        RESERVED
 CVE-2023-26085 (A possible out-of-bounds read and write (due to an improper 
length che ...)
-       TODO: check
+       NOT-FOR-US: Arm NN Android-NN-Driver
 CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib 
before 86065c ...)
        NOT-FOR-US: AArch64cryptolib
 CVE-2023-26083 (Memory leak vulnerability in Mali GPU Kernel Driver in Midgard 
GPU Ker ...)
@@ -22003,7 +22003,7 @@ CVE-2023-26015
 CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Minify HT ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Denz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Read More ...)
@@ -22081,7 +22081,7 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) 
vulnerability in CRM Perks Int
 CVE-2023-25975
        RESERVED
 CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in psic ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian 
Apostol Auto ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in IKSW ...)
@@ -22103,7 +22103,7 @@ CVE-2023-25965
 CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Noah ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Joom ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Bipl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Catch Th ...)
@@ -22161,11 +22161,11 @@ CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 
contains improper link res
 CVE-2023-25939
        RESERVED
 CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-25935
        RESERVED
 CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of 
cryptog ...)
@@ -23267,7 +23267,7 @@ CVE-2023-25647
 CVE-2023-25646
        RESERVED
 CVE-2023-25645 (There is a permission and access control vulnerability in some 
ZTE And ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2023-25644
        RESERVED
 CVE-2023-25643
@@ -23715,15 +23715,15 @@ CVE-2023-25524
 CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a 
vulnerability in  ...)
        TODO: check
 CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where 
an attack ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where 
an attack ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in 
nvbootc ...)
        TODO: check
 CVE-2023-25519
        RESERVED
 CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the 
PCIe contro ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual 
GPU Manag ...)
        TODO: check
 CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability 
in the ke ...)
@@ -23818,9 +23818,9 @@ CVE-2023-25502
 CVE-2023-25501
        RESERVED
 CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 
11.0.0 to ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2023-25499 (When adding non-visible components to the UI in server side, 
content i ...)
-       TODO: check
+       NOT-FOR-US: Vaadin
 CVE-2023-24019
        RESERVED
 CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 
110.0.5481.77 allow ...)
@@ -24156,7 +24156,7 @@ CVE-2023-25368 (Siglent SDS 1104X-E 
SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In
 CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered 
user in ...)
        NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
 CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI 
interfa ...)
-       TODO: check
+       NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
 CVE-2023-25365
        RESERVED
 CVE-2023-25364
@@ -24290,9 +24290,9 @@ CVE-2023-25309 (Cross Site Scripting (XSS) 
Vulnerability in Fetlife rollout-ui v
 CVE-2023-25308
        RESERVED
 CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory 
Traversal.)
-       TODO: check
+       NOT-FOR-US: nothub mrpack-install
 CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory 
Traversal.)
-       TODO: check
+       NOT-FOR-US: MultiMC Launcher
 CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. 
A mrpac ...)
        NOT-FOR-US: PolyMC Launcher
 CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.)
@@ -24603,13 +24603,13 @@ CVE-2017-20175 (A vulnerability classified as 
problematic has been found in DaSc
 CVE-2023-25189
        RESERVED
 CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
-       TODO: check
+       NOT-FOR-US: NOKIA
 CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
-       TODO: check
+       NOT-FOR-US: NOKIA
 CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
-       TODO: check
+       NOT-FOR-US: NOKIA
 CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
-       TODO: check
+       NOT-FOR-US: NOKIA
 CVE-2023-25074
        RESERVED
 CVE-2023-24590
@@ -25117,13 +25117,13 @@ CVE-2023-25006 (A malicious actor may convince a user 
to open a malicious USD fi
 CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond 
allocated  ...)
        NOT-FOR-US: Autodesk
 CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products 
is used t ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 
2023 and M ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to 
trigger ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 
2022 be ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2023-0634
        REJECTED
 CVE-2023-0633
@@ -25524,13 +25524,13 @@ CVE-2023-0601
 CVE-2023-24855
        RESERVED
 CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware 
respons ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-24853
        RESERVED
 CVE-2023-24852
        RESERVED
 CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response 
message from ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-24850
        RESERVED
 CVE-2023-24849
@@ -27441,7 +27441,7 @@ CVE-2023-24263
 CVE-2023-24262
        RESERVED
 CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 
allows  ...)
-       TODO: check
+       NOT-FOR-US: GL.iNET
 CVE-2023-24260
        RESERVED
 CVE-2023-24259
@@ -27481,7 +27481,7 @@ CVE-2023-24245
 CVE-2023-24244
        RESERVED
 CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a 
Server-Side R ...)
-       TODO: check
+       NOT-FOR-US: CData RSB Connect
 CVE-2023-24242
        RESERVED
 CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL 
injectio ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cd8fcea2856a0fd3b36799ec2fbfdb4da8710e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to