[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 31 Jul 2023 01:15:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3e10d7ed by Moritz Muehlenhoff at 2023-07-31T10:15:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58,11 +58,11 @@ CVE-2023-39190
 CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain 
a code i ...)
        NOT-FOR-US: university compass
 CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: oscore
 CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain 
a code i ...)
        NOT-FOR-US: wix-embedded-mysql
 CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a 
code inje ...)
-       TODO: check
+       NOT-FOR-US: stanford-parser
 CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code 
injection vuln ...)
        NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI)
 CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code 
injection ...)
@@ -76,7 +76,7 @@ CVE-2023-39013 (Duke v1.2 and below was discovered to contain 
a code injection v
 CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection 
vulnerability v ...)
        TODO: check
 CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: jeecg-boot
 CVE-2023-38685 (Discourse is an open source discussion platform. Prior to 
version 3.0. ...)
        NOT-FOR-US: Discourse
 CVE-2023-38684 (Discourse is an open source discussion platform. Prior to 
version 3.0. ...)
@@ -104,7 +104,7 @@ CVE-2023-31933 (Sql injection vulnerability found in Rail 
Pass Management System
 CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management 
System v.1.0 ...)
        NOT-FOR-US: Rail Pass Management System
 CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned 
above. A ...)
-       TODO: check
+       NOT-FOR-US: ABB AO-OPC
 CVE-2023-3990 (A vulnerability classified as problematic has been found in 
Mingsoft M ...)
        NOT-FOR-US: Mingsoft MCMS
 CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store 
System 1.0.  ...)
@@ -126,29 +126,29 @@ CVE-2023-3774 (An unhandled error in Vault Enterprise's 
namespace creation may c
 CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS 
Scripting4 ...)
        NOT-FOR-US: CODESYS
 CVE-2023-38609 (An injection issue was addressed with improved input 
validation. This  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input 
validat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This 
issue i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38599 (A logic issue was addressed with improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38598 (A use-after-free issue was addressed with improved memory 
management.  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38592 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38590 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38571 (This issue was addressed with improved validation of symlinks. 
This is ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is 
vulnerable to ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds 
checking. Thi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-36495 (An integer overflow was addressed with improved input 
validation. This ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-34425 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to 
Improper P ...)
        NOT-FOR-US: TeleAdapt RoomCast TA-2400
 CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of 
a Hard- ...)
@@ -158,13 +158,13 @@ CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 
3.1 is vulnerable to Impr
 CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from 
Cleartext Stor ...)
        NOT-FOR-US: TeleAdapt RoomCast TA-2400
 CVE-2023-32654 (A logic issue was addressed with improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-32445 (This issue was addressed with improved checks. This issue is 
fixed in  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-32444 (A logic issue was addressed with improved validation. This 
issue is fi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-32427 (This issue was addressed by using HTTPS when sending 
information over  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-37369
        - qt6-base <unfixed>
        [bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -19193,7 +19193,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed 
with improved input validati
        NOTE: 
https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
        NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
 CVE-2023-28203 (The issue was addressed with improved checks. This issue is 
fixed in A ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-28202 (This issue was addressed with improved state management. This 
issue is ...)
        NOT-FOR-US: Apple
 CVE-2023-28201 (This issue was addressed with improved state management. This 
issue is ...)
@@ -32280,7 +32280,7 @@ CVE-2023-23766
 CVE-2023-23765
        RESERVED
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub 
Enterpr ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2023-23763
        RESERVED
 CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub 
Enterpr ...)
@@ -54583,11 +54583,11 @@ CVE-2022-43705 (In Botan before 2.19.3, it is 
possible to forge OCSP responses d
 CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 
1.3.6, a ...)
        NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat
 CVE-2022-43703 (An installer that loads or executes files using an 
unconstrained searc ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2022-43702 (When the directory containing the installer does not have 
sufficiently ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2022-43701 (When the installation directory does not have sufficiently 
restrictive ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2022-43700
        RESERVED
 CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail 
account di ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to