Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8fb5513 by Moritz Muehlenhoff at 2023-10-06T09:37:36+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,31 +43,31 @@ CVE-2023-44387 (Gradle is a build tool with a focus on
build automation and supp
CVE-2023-44386 (Vapor is an HTTP web framework for Swift. There is a denial of
service ...)
NOT-FOR-US: Vapor
CVE-2023-44024 (SQL injection vulnerability in KnowBand Module One Page
Checkout, Soci ...)
- TODO: check
+ NOT-FOR-US: supercheckout
CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to
contain a S ...)
NOT-FOR-US: Presto Changeo attributegrid
CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to
contain a ...)
NOT-FOR-US: Presto Changeo testsitecreator
CVE-2023-43284 (An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router
DIR-846 firm ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Milesight
CVE-2023-43073 (Dell SmartFabric Storage Software v1.4 (and earlier) contains
an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43072 (Dell SmartFabric Storage Software v1.4 (and earlier) contains
an impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43071 (Dell SmartFabric Storage Software v1.4 (and earlier) contains
possible ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43070 (Dell SmartFabric Storage Software v1.4 (and earlier) contains
a Path T ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43069 (Dell SmartFabric Storage Software v1.4 (and earlier)
contain(s) an OS ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-43068 (Dell SmartFabric Storage Software v1.4 (and earlier) contains
an OS Co ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-40920 (Prixan prixanconnect up to v1.62 was discovered to contain a
SQL injec ...)
- TODO: check
+ NOT-FOR-US: Prixan
CVE-2023-32485 (Dell SmartFabric Storage Software version 1.3 and lower
contain an imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about
the host ...)
NOT-FOR-US: NetBSD ftpd
CVE-2023-44389 (Zope is an open-source web application server. The title
property, ava ...)
@@ -1021,7 +1021,7 @@ CVE-2023-43665 [Denial-of-service possibility in
django.utils.text.Truncator]
CVE-2023-43662 (ShokoServer is a media server which specializes in organizing
anime. I ...)
NOT-FOR-US: ShokoServer
CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in
product ...)
- TODO: check
+ NOT-FOR-US: TorchServe
CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an
Authenticated SQL In ...)
NOT-FOR-US: Asset Management System
CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an
unauthenticated SQL ...)
@@ -1126,7 +1126,7 @@ CVE-2023-44080 (An issue in PGYER codefever
v.2023.8.14-2ce4006 allows a remote
CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for
Linux that d ...)
NOT-FOR-US: Warpgate
CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external
services li ...)
- TODO: check
+ NOT-FOR-US: matrix-hookshot
CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated
user can e ...)
NOT-FOR-US: JumpServer
CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4
thru v.8.0, ...)
@@ -1419,7 +1419,7 @@ CVE-2023-40045 (In WS_FTP Server versions prior to 8.7.4
and 8.8.2, a reflecte
CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a
pre-authenticate ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework,
compatible ...)
- TODO: check
+ - scylladb <itp> (bug #824509)
CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service
Pack relea ...)
NOT-FOR-US: Dell
CVE-2023-XXXX [code execution via malformed XTGETTCAP]
@@ -1436,7 +1436,7 @@ CVE-2023-4737 (Improper Neutralization of Special
Elements used in an SQL Comman
CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations,
Sell Ticke ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and
later GPU de ...)
- TODO: check
+ NOT-FOR-US: Imagination GPUs
CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a
SQL inje ...)
NOT-FOR-US: Super Store Finder
CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in
/install/index ...)
@@ -1478,21 +1478,21 @@ CVE-2023-42453 (Synapse is an open-source Matrix
homeserver written and maintain
NOTE: https://github.com/matrix-org/synapse/pull/16327
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
CVE-2023-41996 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41995 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41986 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41984 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41981 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41980 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41979 (A race condition was addressed with improved locking. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41968 (This issue was addressed with improved validation of symlinks.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp
@@ -1532,13 +1532,13 @@ CVE-2023-41320 (GLPI stands for Gestionnaire Libre de
Parc Informatique is a Fre
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476
NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41174 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41079 (The issue was addressed with improved permissions logic. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41078 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41074 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
@@ -1546,21 +1546,21 @@ CVE-2023-41074 (The issue was addressed with improved
checks. This issue is fixe
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41073 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41071 (A use-after-free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41070 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41068 (An access issue was addressed with improved access
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41067 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41066 (An authentication issue was addressed with improved state
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41065 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41063 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jaso ...)
@@ -1584,17 +1584,17 @@ CVE-2023-40605 (Auth. (contributor) Cross-Site
Scripting (XSS) vulnerability in
CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jes ...)
NOT-FOR-US: WordPress plugin
CVE-2023-40541 (This issue was addressed by adding an additional prompt for
user conse ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40520 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40456 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40455 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40454 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40452 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40451 (This issue was addressed with improved iframe sandbox
enforcement. Thi ...)
{DSA-5468-1}
- webkit2gtk 2.40.5-1
@@ -1603,71 +1603,71 @@ CVE-2023-40451 (This issue was addressed with improved
iframe sandbox enforcemen
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-40450 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40448 (The issue was addressed with improved handling of protocols.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40443 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40441 (A resource exhaustion issue was addressed with improved input
validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40436 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40434 (A configuration issue was addressed with additional
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40432 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40431 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40429 (A permissions issue was addressed with improved validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40428 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40427 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40426 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40424 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40422 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40420 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40419 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40418 (An authentication issue was addressed with improved state
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40417 (A window management issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40412 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40410 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40409 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40407 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40406 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40402 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40400 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40399 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40395 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40391 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40388 (A privacy issue was addressed with improved handling of
temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40386 (A privacy issue was addressed with improved handling of
temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40384 (A permissions issue was addressed with improved redaction of
sensitive ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Milan Pe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-39434 (A use-after-free issue was addressed with improved memory
management. ...)
@@ -1678,19 +1678,19 @@ CVE-2023-39434 (A use-after-free issue was addressed
with improved memory manage
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39233 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38615 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38596 (The issue was addressed with improved handling of protocols.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-38586 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-37448 (A lock screen issue was addressed with improved state
management. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35990 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35984 (The issue was addressed with improved checks. This issue is
fixed in t ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-35793 (An issue was discovered in Cassia Access Controller
2.1.1.2303271039. ...)
NOT-FOR-US: Cassia Access Controller
CVE-2023-35074 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -1703,17 +1703,17 @@ CVE-2023-35074 (The issue was addressed with improved
memory handling. This issu
CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MRV Tech Logging Administration Panel
CVE-2023-32421 (A privacy issue was addressed with improved handling of
temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32396 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32377 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-32361 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to
versions 9. ...)
NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-29497 (A privacy issue was addressed with improved handling of
temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-43040 [Improperly verified POST keys]
- ceph <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
@@ -2116,7 +2116,7 @@ CVE-2023-42821 (The package
`github.com/gomarkdown/markdown` is a Go library for
CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis.
Prior to ver ...)
NOT-FOR-US: Galaxy
CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting
in vers ...)
- TODO: check
+ NOT-FOR-US: Rust crate aes-gcm
CVE-2023-42798 (AutomataCI is a template git repository equipped with a native
built-i ...)
NOT-FOR-US: AutomataCI
CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions
V1.0.2,V1.0 ...)
@@ -2190,15 +2190,15 @@ CVE-2023-5104 (Improper Input Validation in GitHub
repository nocodb/nocodb prio
CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may
crash c ...)
NOT-FOR-US: OpenHarmony
CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to
version 7.10, ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of
PCRs is us ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43633 (On boot, the Pillar eve container checks for the existence and
content ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43632 (As noted in the \u201cVTPM.md\u201d file in the eve
documentation, \u2 ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and
content ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in
Webmin 2 ...)
- webmin <removed>
CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL
Injection via th ...)
@@ -2220,11 +2220,11 @@ CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was
discovered to contain a stack o
CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack
overflow v ...)
NOT-FOR-US: D-Link
CVE-2023-42810 (systeminformation is a System Information Library for Node.JS.
Version ...)
- TODO: check
+ NOT-FOR-US: Node systeminformation
CVE-2023-42807 (Frappe LMS is an open source learning management system. In
versions 1 ...)
NOT-FOR-US: Frappe Framework
CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Hydra
CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport
protocol. Prior ...)
- rust-quinn-proto <unfixed> (bug #1052546)
[bookworm] - rust-quinn-proto <no-dsa> (Minor issue)
@@ -2242,7 +2242,7 @@ CVE-2023-42457 (plone.rest allows users to use HTTP verbs
such as GET, POST, PUT
CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows
users to ...)
TODO: check
CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The
download metho ...)
- TODO: check
+ NOT-FOR-US: mee-admin
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in S ...)
@@ -2252,9 +2252,9 @@ CVE-2023-41993 (The issue was addressed with improved
checks. This issue is fixe
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41991 (A certificate validation issue was addressed. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image`
fields targe ...)
NOT-FOR-US: plone.namedfile
CVE-2023-40183 (DataEase is an open source data visualization and analysis
tool. Prior ...)
@@ -2311,7 +2311,7 @@ CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d
mechanism prevents a co
CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot
solution imple ...)
NOT-FOR-US: EVE OS
CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the
\u201cvault\u201 ...)
- TODO: check
+ NOT-FOR-US: EVE OS
CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Build Fai ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-43501 (A missing permission check in Jenkins Build Failure Analyzer
Plugin 2. ...)
@@ -2437,7 +2437,7 @@ CVE-2023-38718 (IBM Robotic Process Automation 21.0.0
through 21.0.7.8 could dis
CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could
allow a loc ...)
NOT-FOR-US: IBM
CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 -
1.1.5 a ...)
- TODO: check
+ NOT-FOR-US: Spring for GraphQL
CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application
allows an ...)
NOT-FOR-US: PaperCutNG
CVE-2023-4504 (Due to failure in validating the length provided by an
attacker-crafte ...)
@@ -2553,7 +2553,7 @@ CVE-2023-32649 (A Denial of Service (Dos) vulnerability
in Nozomi Networks Guard
CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling
vulnerability i ...)
NOT-FOR-US: SUSE RKE2
CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link
Following') vulne ...)
- TODO: check
+ NOT-FOR-US: config_postfix (SUSE specific script)
CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts
with hard ...)
NOT-FOR-US: Technicolor
CVE-2023-2995 (The Leyka WordPress plugin through 3.30.3 does not sanitise and
escape ...)
@@ -19477,7 +19477,7 @@ CVE-2023-2308
CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository
builderio/qwik ...)
NOT-FOR-US: builderio/qwik
CVE-2023-2306 (Qognify NiceVision versions 3.1 and prior are vulnerable to
exposing s ...)
- TODO: check
+ NOT-FOR-US: Qognify NiceVision
CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored
Cross-Site ...)
@@ -20044,7 +20044,7 @@ CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced
Server (EPAS) before 14.6.0 l
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask
variab ...)
NOT-FOR-US: Octopus Deploy
CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated
user with ...)
- TODO: check
+ NOT-FOR-US: FlashBlade Purity
CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O
with ker ...)
NOT-FOR-US: Insyde
CVE-2023-31040
@@ -20232,7 +20232,7 @@ CVE-2023-30961 (Palantir Gotham was found to be
vulnerable to a bug where under
CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that
enabled u ...)
NOT-FOR-US: Palantir
CVE-2023-30959 (In Apollo change requests, comments added by users could
contain a ja ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2023-30958 (A security defect was identified in Foundry Frontend that
enabled user ...)
NOT-FOR-US: Palantir
CVE-2023-30957
@@ -21118,21 +21118,21 @@ CVE-2023-30740 (SAP BusinessObjects Business
Intelligence Platform - versions 42
CVE-2023-30739
RESERVED
CVE-2023-30738 (An improper input validation in UEFI Firmware prior to
Firmware update ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30735 (Improper Preservation of Permissions vulnerability in
SAssistant prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30732 (Improper access control in system property prior to SMR
Oct-2023 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30731 (Logic error in package installation via debugger command prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to
versions 11 ...)
NOT-FOR-US: Samsung
CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to
version 6.1. ...)
@@ -21140,7 +21140,7 @@ CVE-2023-30729 (Improper Certificate Validation in
Samsung Email prior to versio
CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior
to versi ...)
NOT-FOR-US: Samsung
CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to
SMR Oct- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to
version ...)
NOT-FOR-US: Samsung
CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to
version 14 ...)
@@ -21210,11 +21210,11 @@ CVE-2023-30694 (Out-of-bounds Write in
IpcTxPcscTransmitApdu of libsec-ril prior
CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of
libsec- ...)
NOT-FOR-US: Samsung
CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to
SMR Oct- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023
Release ...)
NOT-FOR-US: Samsung
CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR
Oct-2023 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of
libsec-r ...)
NOT-FOR-US: Samsung
CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior
to SMR A ...)
@@ -27823,7 +27823,7 @@ CVE-2023-28573 (Memory corruption in WLAN HAL while
parsing WMI command paramete
CVE-2023-28572
RESERVED
CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN
scan des ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28570
RESERVED
CVE-2023-28569
@@ -27885,9 +27885,9 @@ CVE-2023-28542 (Memory Corruption in WLAN HOST while
fetching TX status informat
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer
release ev ...)
NOT-FOR-US: Qualcomm
CVE-2023-28540 (Cryptographic issue in Data Modem due to improper
authentication durin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes
multiple WMI ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update
driver ...)
NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module
in Audi ...)
@@ -28511,9 +28511,9 @@ CVE-2022-48423 (In the Linux kernel before 6.1.3,
fs/ntfs3/record.c does not val
CVE-2022-48421
RESERVED
CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array
administrator by c ...)
- TODO: check
+ NOT-FOR-US: FlashArray Purity
CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby
a user w ...)
- TODO: check
+ NOT-FOR-US: FlashBlade Purity
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that
are typic ...)
- stellarium <unfixed> (bug #1034183)
[bookworm] - stellarium <no-dsa> (Minor issue)
@@ -31624,11 +31624,11 @@ CVE-2023-27437
CVE-2023-27436
RESERVED
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed
Siddiqui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27434
RESERVED
CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global
Team Mak ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WpSimple ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27431
@@ -32507,7 +32507,7 @@ CVE-2023-27123
CVE-2023-27122
RESERVED
CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component
/framework ...)
- TODO: check
+ NOT-FOR-US: Pleasant Solutions Pleasant Password Server
CVE-2023-27120
RESERVED
CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation
fault via ...)
@@ -34743,13 +34743,13 @@ CVE-2023-26241
CVE-2023-26240
RESERVED
CVE-2023-26239 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to
a weak ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26238 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is
possible ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26237 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is
possible ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26236 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to
a weak ...)
- TODO: check
+ NOT-FOR-US: WatchGuard EPDR
CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via
util/net/InterProcessCommunicationUtil.jav ...)
NOT-FOR-US: JD-GUI
CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via
UIMainWindowPreferencesProvide ...)
@@ -34785,9 +34785,9 @@ CVE-2023-26220
CVE-2023-26219
RESERVED
CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus
contain ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s
TIBCO EBX ...)
- NOT-FOR-US: TIBICO Software
+ NOT-FOR-US: TIBCO
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX
Add-ons contai ...)
NOT-FOR-US: TIBCO
CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX
Add-ons contai ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fb5513f82d1aea60086569206793b7d43ebfc0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8fb5513f82d1aea60086569206793b7d43ebfc0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
