[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 14 Jun 2023 23:51:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d14d37ab by Salvatore Bonaccorso at 2023-06-15T08:50:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2023-34585
 CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
        TODO: check
 CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking 
attack. The v ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-34101 (Contiki-NG is an operating system for internet of things 
devices. In v ...)
        NOT-FOR-US: Contiki-NG
 CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication 
Bypass v ...)
@@ -279,11 +279,11 @@ CVE-2023-34114 (Exposure of resource to wrong sphere in 
Zoom for Windows and Zoo
 CVE-2023-34113 (Insufficient verification of data authenticity  in Zoom for 
Windows cl ...)
        NOT-FOR-US: Zoom
 CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an 
information disc ...)
        NOT-FOR-US: Hutool
 CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin 
authentication ...)
@@ -303,7 +303,7 @@ CVE-2023-33122 (A vulnerability has been identified in 
JT2Go (All versions < V14
 CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < 
V14.2.0.3 ...)
        NOT-FOR-US: Siemens
 CVE-2023-32548 (OS command injection vulnerability exists in WPS Office 
version 10.8.0 ...)
-       TODO: check
+       NOT-FOR-US: WPS Office
 CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop 
Application (M ...)
        NOT-FOR-US: Chatwork Desktop Application
 CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the 
\u2018B ...)
@@ -319,7 +319,7 @@ CVE-2023-31198 (OS command injection vulnerability exists 
in Wi-Fi AP UNIT allow
 CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT 
allows a ...)
        TODO: check
 CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 
3.0.0.4.388.23403 use ...)
-       TODO: check
+       NOT-FOR-US: ASUS Router RT-AX3000 Firmware
 CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP 
series. ...)
        TODO: check
 CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and 
KB-IRIP ...)
@@ -327,15 +327,15 @@ CVE-2023-30764 (OS command injection vulnerability exists 
in KB-AHR series and K
 CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series 
and KB-I ...)
        TODO: check
 CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password 
reset  ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and 
earlier, an ...)
-       TODO: check
+       NOT-FOR-US: Jiyu Kukan Toku-Toku coupon App for iOS
 CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader 
v1.1.0.3. ...)
-       TODO: check
+       NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC 
Loader  ...)
-       TODO: check
+       NOT-FOR-US: FRENIC RHC Loader
 CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access]
        - xmltooling <unfixed> (bug #1037948)
        NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14d37ab70123a977d468385ba8e27595d4f5ee7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14d37ab70123a977d468385ba8e27595d4f5ee7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to