[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 25 Jul 2023 11:29:21 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d08d3cc1 by Moritz Muehlenhoff at 2023-07-25T20:28:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92,13 +92,17 @@ CVE-2023-3321 (A vulnerability exists by allowing 
low-privileged users to read a
 CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 
2.1.2 doe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType 
parameter f ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Could possibly affect Znuny, we'll let their security team figure 
it out
 CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in 
the agen ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which 
forked from 6.x
 CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey 
modules allo ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Could possibly affect Znuny, we'll let their security team figure 
it out
 CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via 
OTRS Sy ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Could possibly affect Znuny, we'll let their security team figure 
it out
 CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly 
Software Trialw ...)
        NOT-FOR-US: Assembly Software Trialworks
 CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not 
properly  ...)
@@ -24840,7 +24844,7 @@ CVE-2023-26047 (teler-waf is a Go HTTP middleware that 
provides teler IDS functi
 CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS 
functionalit ...)
        NOT-FOR-US: teler-waf
 CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 
2.5.0 and  ...)
-       TODO: check
+       NOT-FOR-US: NodeBB
 CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and 
server implem ...)
        - php-react-http <removed>
        [buster] - php-react-http <no-dsa> (Minor issue)
@@ -27556,7 +27560,7 @@ CVE-2023-25186 (An issue was discovered on NOKIA 
Airscale ASIKA Single RAN devic
 CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
        NOT-FOR-US: NOKIA
 CVE-2023-25074 (Improper privilege validation in Command Centre Server allows 
authenti ...)
-       TODO: check
+       NOT-FOR-US: Gallagher
 CVE-2023-24590
        RESERVED
 CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the 
Controller  ...)
@@ -27568,13 +27572,13 @@ CVE-2023-23576
 CVE-2023-23570
        RESERVED
 CVE-2023-23568 (Improper privilege validation in Command Centre Server allows 
authenti ...)
-       TODO: check
+       NOT-FOR-US: Gallagher
 CVE-2023-22439
        RESERVED
 CVE-2023-22428 (Improper privilege validation in Command Centre Server allows 
authenti ...)
-       TODO: check
+       NOT-FOR-US: Gallagher
 CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server 
allows an a ...)
-       TODO: check
+       NOT-FOR-US: Gallagher
 CVE-2023-0672
        RESERVED
 CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 
2.0.10.)
@@ -48572,9 +48576,9 @@ CVE-2023-21408
 CVE-2023-21407
        RESERVED
 CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in 
the AXIS A ...)
-       TODO: check
+       NOT-FOR-US: AXIS
 CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network 
Door Contro ...)
-       TODO: check
+       NOT-FOR-US: AXIS
 CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy 
LUA-components  ...)
        NOT-FOR-US: AXIS OS
 CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive 
extraction rout ...)
@@ -52153,6 +52157,8 @@ CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, 
under specific microarchitec
        NOTE: https://xenbits.xen.org/xsa/advisory-433.html
        NOTE: Technically not an issue in src:linux but track as well the 
kernel side mitigation
        NOTE: under the CVE entry.
+       NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen 
Epyc CPUs, further
+       NOTE: CPUs to follow in later releases
 CVE-2023-20592
        RESERVED
 CVE-2023-20591



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08d3cc1d1dfbc480ddcbaba30fbac7c6dd61249
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to