Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2a1f284f by Salvatore Bonaccorso at 2023-08-11T23:10:07+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -25,7 +25,7 @@ CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distributi - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp CVE-2023-32267 (A potential vulnerability has been identified in OpenText / Micro Focu ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) - froxlor <itp> (bug #581792) CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging result ...) @@ -54,7 +54,7 @@ CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.) NOT-FOR-US: MISP CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...) - TODO: check + NOT-FOR-US: OpenZeppelin Contracts CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) - php8.2 <unfixed> - php7.4 <removed> @@ -70,7 +70,7 @@ CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2 NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software Foundation ...) - TODO: check + NOT-FOR-US: Apache Airflow Drill Provider CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows reflected ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-37513 (When the app is put to the background and the user goes to the task sw ...) @@ -80,7 +80,7 @@ CVE-2023-37512 (When the app is put to the background and the user goes to the t CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a certain ...) NOT-FOR-US: HCL CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, if exploi ...) - TODO: check + NOT-FOR-US: SolarWinds Serv-U CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) NOT-FOR-US: Intel CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID softwar ...) @@ -96,31 +96,31 @@ CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software f CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) NOT-FOR-US: Intel CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in v ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NU ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32609 (Improper access control in the Intel Unite(R) android application befo ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software for Inte ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware before versi ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may allow a ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool software befor ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Inte ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) NUCs may ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID software for ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before versi ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-XXXX [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling] - gst-plugins-ugly1.0 <unfixed> - gst-plugins-ugly0.10 <removed> @@ -163,7 +163,7 @@ CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open so CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server <itp> (bug #941708) CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio calls thr ...) - TODO: check + NOT-FOR-US: Nextcloud Talk Android CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...) NOT-FOR-US: Notes app for NextCloud CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...) @@ -837,7 +837,7 @@ CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon Log CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...) NOT-FOR-US: PHPJabbers CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...) @@ -885,7 +885,7 @@ CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GT CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...) NOT-FOR-US: WordPress plugin CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet] - linux <unfixed> NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a1f284f04206e89f7b2d9ae8c409144f7f5db47 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits