[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 10 Aug 2023 13:55:54 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6baf211b by Salvatore Bonaccorso at 2023-08-10T22:55:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,19 +144,19 @@ CVE-2023-34374 (Auth. (editor+) Stored Cross-Site 
Scripting (XSS) vulnerability
 CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. 
Fixed in  ...)
        NOT-FOR-US: Ivanti
 CVE-2023-32566 (An attacker can send a specially crafted request which could 
lead to l ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32565 (An attacker can send a specially crafted request which could 
lead to l ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32564 (An unrestricted upload of file with dangerous type 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32563 (An unauthenticated attacker could achieve the code execution 
through a ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32562 (An unrestricted upload of file with dangerous type 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32561 (A previously generated artifact by an administrator could be 
accessed  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-32560 (An attacker can send a specially crafted message to the 
Wavelink Avala ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
        - postgresql-15 15.4-1
        - postgresql-13 <not-affected> (Only affects 15.x)
@@ -433,7 +433,7 @@ CVE-2023-3898 (Improper Neutralization of Special Elements 
used in an SQL Comman
 CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be 
vulnera ...)
        TODO: check
 CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Farmakom Remote Administration Console
 CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Oduyo Online Collection Software
 CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -447,7 +447,7 @@ CVE-2023-3522 (Improper Neutralization of Special Elements 
used in an SQL Comman
 CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: a2 Camera Trap Tracking System
 CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-       TODO: check
+       NOT-FOR-US: Siemens Solid Edge
 CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking 
Stack. Pri ...)
        TODO: check
 CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of 
arbitrar ...)
@@ -459,7 +459,7 @@ CVE-2023-39419 (A vulnerability has been identified in 
Solid Edge SE2023 (All ve
 CVE-2023-39342 (Dangerzone is software for converting potentially dangerous 
PDFs, offi ...)
        TODO: check
 CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, 
RUGGEDCOM i800N ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-39218 (Client-side enforcement of server-side security in Zoom 
clients before ...)
        NOT-FOR-US: Zoom
 CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 
may allow  ...)
@@ -515,9 +515,9 @@ CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in 
ChurchCRM v.5.0.0 al
 CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a 
remote attac ...)
        NOT-FOR-US: ChurchCRM
 CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger 
Project wger W ...)
-       TODO: check
+       NOT-FOR-US: wger Project wger Workout Manager
 CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger 
Workout Manage ...)
-       TODO: check
+       NOT-FOR-US: wger Project wger Workout Manager
 CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < 
V14.2.0.5 ...)
        NOT-FOR-US: Siemens
 CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < 
V14.2.0.5 ...)
@@ -601,13 +601,13 @@ CVE-2023-37683 (Online Nurse Hiring System v1.0 was 
discovered to contain a cros
 CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL 
injecti ...)
        NOT-FOR-US: Judging Management System
 CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File 
Opener v ...)
-       TODO: check
+       NOT-FOR-US: Bitberry File Opener
 CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center 
Management Suit d ...)
-       TODO: check
+       NOT-FOR-US: ESDS Emagic Data Center Management Suit
 CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All 
version ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All 
version ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature 
Bypass  ...)
        NOT-FOR-US: Microsoft
 CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability)
@@ -689,61 +689,61 @@ CVE-2023-36533 (Uncontrolled resource consumption in Zoom 
SDKs before 5.14.7 may
 CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an 
unauthentic ...)
        NOT-FOR-US: Zoom
 CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, 
S3NSEN4, SEN8 ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and 
before al ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic View Console
 CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon 
LogAnalyz ...)
-       TODO: check
+       NOT-FOR-US: Adiscon Aiscon LogAnalyzer
 CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the 
passwor ...)
-       TODO: check
+       NOT-FOR-US: PHPJabbers
 CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability)
        TODO: check
 CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure 
Vulnerab ...)
        NOT-FOR-US: Microsoft .NET
 CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft .NET
 CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) 
Elevation of  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35378 (Windows Projected File System Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
GTmetrix ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in GetB ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor 
PowerF ...)
        TODO: check
 CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6baf211b8600218e8caa00cadf1bfc929175153f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to