Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3e10d7ed by Moritz Muehlenhoff at 2023-07-31T10:15:21+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -58,11 +58,11 @@ CVE-2023-39190 CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain a code i ...) NOT-FOR-US: university compass CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code injection vul ...) - TODO: check + NOT-FOR-US: oscore CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain a code i ...) NOT-FOR-US: wix-embedded-mysql CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a code inje ...) - TODO: check + NOT-FOR-US: stanford-parser CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code injection vuln ...) NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code injection ...) @@ -76,7 +76,7 @@ CVE-2023-39013 (Duke v1.2 and below was discovered to contain a code injection v CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection vulnerability v ...) TODO: check CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerabil ...) - TODO: check + NOT-FOR-US: jeecg-boot CVE-2023-38685 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-38684 (Discourse is an open source discussion platform. Prior to version 3.0. ...) @@ -104,7 +104,7 @@ CVE-2023-31933 (Sql injection vulnerability found in Rail Pass Management System CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) NOT-FOR-US: Rail Pass Management System CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned above. A ...) - TODO: check + NOT-FOR-US: ABB AO-OPC CVE-2023-3990 (A vulnerability classified as problematic has been found in Mingsoft M ...) NOT-FOR-US: Mingsoft MCMS CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store System 1.0. ...) @@ -126,29 +126,29 @@ CVE-2023-3774 (An unhandled error in Vault Enterprise's namespace creation may c CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4 ...) NOT-FOR-US: CODESYS CVE-2023-38609 (An injection issue was addressed with improved input validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input validat ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-36495 (An integer overflow was addressed with improved input validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-34425 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper P ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard- ...) @@ -158,13 +158,13 @@ CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Impr CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Stor ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-32654 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-32445 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-32444 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-37369 - qt6-base <unfixed> [bookworm] - qt6-base <no-dsa> (Minor issue) @@ -19193,7 +19193,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed with improved input validati NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c NOTE: https://webkitgtk.org/security/WSA-2023-0004.html CVE-2023-28203 (The issue was addressed with improved checks. This issue is fixed in A ...) - TODO: check + NOT-FOR-US: Apple CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...) @@ -32280,7 +32280,7 @@ CVE-2023-23766 CVE-2023-23765 RESERVED CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) - TODO: check + NOT-FOR-US: Github Enterprise Server CVE-2023-23763 RESERVED CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) @@ -54583,11 +54583,11 @@ CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses d CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...) NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat CVE-2022-43703 (An installer that loads or executes files using an unconstrained searc ...) - TODO: check + NOT-FOR-US: Arm CVE-2022-43702 (When the directory containing the installer does not have sufficiently ...) - TODO: check + NOT-FOR-US: Arm CVE-2022-43701 (When the installation directory does not have sufficiently restrictive ...) - TODO: check + NOT-FOR-US: Arm CVE-2022-43700 RESERVED CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e10d7ed4fa8c67ce7540ea16df3f6295e735a60 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits