[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 12 Dec 2023 02:05:55 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0ac1e493 by Moritz Muehlenhoff at 2023-12-12T11:05:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-6709 (Improper Neutralization of Special Elements Used 
in a Template En
 CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for 
Android, ...)
        NOT-FOR-US: Emarsys SDK for Android
 CVE-2023-5536 (A feature in LXD (LP#1829071), affects the default 
configuration of Ub ...)
-       TODO: check
+       NOT-FOR-US: Ubuntu server configuration
 CVE-2023-50424 (SAPBTPSecurity Services Integration Library ([Golang] 
github.com/sap/c ...)
        NOT-FOR-US: SAP
 CVE-2023-50423 (SAPBTPSecurity Services Integration Library 
([Python]sap-xssec) - vers ...)
@@ -11,13 +11,13 @@ CVE-2023-50423 (SAPBTPSecurity Services Integration Library 
([Python]sap-xssec)
 CVE-2023-50422 (SAPBTPSecurity Services Integration Library ([Java] 
cloud-security-ser ...)
        NOT-FOR-US: SAP
 CVE-2023-50245 (OpenEXR-viewer is a viewer for OpenEXR files with detailed 
metadata pr ...)
-       TODO: check
+       NOT-FOR-US: OpenEXR-viewer
 CVE-2023-49805 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. 
Prior to ve ...)
        NOT-FOR-US: Uptime Kuma
 CVE-2023-49804 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. 
Prior to ve ...)
        NOT-FOR-US: Uptime Kuma
 CVE-2023-49803 (@koa/cors npm provides Cross-Origin Resource Sharing (CORS) 
for koa, a ...)
-       TODO: check
+       NOT-FOR-US: Node @koa/cors
 CVE-2023-49802 (The LinkedCustomFields plugin for MantisBT allows users to 
link values ...)
        NOT-FOR-US: LinkedCustomFields plugin for MantisBT
 CVE-2023-49796 (MindsDB connects artificial intelligence models to real time 
data. Ver ...)
@@ -45,121 +45,121 @@ CVE-2023-49488 (A cross-site scripting (XSS) 
vulnerability in Openfiler ESA v2.9
 CVE-2023-49058 (SAP Master Data Governance File Upload applicationallows an 
attacker t ...)
        NOT-FOR-US: SAP
 CVE-2023-48642 (Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an 
authenticate ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-48641 (Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains 
an insecu ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-45292 (When using the default implementation of Verify to check a 
Captcha, ve ...)
-       TODO: check
+       NOT-FOR-US: base64Captcha
 CVE-2023-42932 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42927 (A privacy issue was addressed with improved private data 
redaction for ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42926 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42924 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42923 (This issue was addressed through improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42922 (This issue was addressed with improved redaction of sensitive 
informat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42919 (A privacy issue was addressed with improved private data 
redaction for ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42914 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42912 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42911 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42910 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42909 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42908 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42907 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42906 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42905 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42904 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42903 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42902 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42901 (Multiple memory corruption issues were addressed with improved 
input v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42900 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42899 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42898 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42897 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42894 (This issue was addressed with improved redaction of sensitive 
informat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42891 (An authentication issue was addressed with improved state 
management.  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42890 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds 
checking. Thi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42884 (This issue was addressed with improved redaction of sensitive 
informat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42883 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42882 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42874 (This issue was addressed with improved state management. This 
issue is ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-42481 (In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, 
HY_COM2105, ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-42479 (An unauthenticated attacker can embed a hidden access to a 
Biller Dire ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-42478 (SAP Business ObjectsBusiness Intelligence Platform is 
vulnerable to st ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-42476 (SAP Business Objects Web Intelligence - version 420,  allows 
an authen ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-41120 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41119 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41118 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41117 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41116 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41115 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41114 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-41113 (An issue was discovered in EnterpriseDB Postgres Advanced 
Server (EPAS ...)
-       TODO: check
+       NOT-FOR-US: EnterpriseDB Postgres Advanced Server
 CVE-2023-40446 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-36654 (Directory traversal in the log-download REST API endpoint in 
ProLion C ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36652 (A SQL Injection in the users searching REST API endpoint in 
ProLion Cr ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36651 (Hidden and hard-coded credentials in ProLion CryptoSpike 
3.0.15P2 allo ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36650 (A missing integrity check in the update system in ProLion 
CryptoSpike  ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36649 (Insertion of sensitive information in the centralized 
(Grafana) loggin ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36648 (Missing authentication in the internal data streaming system 
in ProLio ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36647 (A hard-coded cryptographic private key used to sign JWT 
authentication ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-36646 (Incorrect user role checking in multiple REST API endpoints in 
ProLion ...)
-       TODO: check
+       NOT-FOR-US: ProLion CryptoSpike
 CVE-2022-48616 (A Huawei data communication product has a command injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2022-48615 (An improper access control vulnerability exists in a Huawei 
datacom pr ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class]
        - wordpress <unfixed>
        [bookworm] - wordpress <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac1e493acbd49489e7bc664a0286c29c49df07b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac1e493acbd49489e7bc664a0286c29c49df07b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to