Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e9af14f by Salvatore Bonaccorso at 2023-11-01T21:45:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26643,21 +26643,21 @@ CVE-2022-48463
CVE-2022-48462
RESERVED
CVE-2022-48461 (In sensor driver, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48460 (In setting service, there is a possible undefined behavior due
to inco ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48459 (In TeleService, there is a possible system crash due to
improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48458 (In TeleService, there is a possible system crash due to
improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48457 (In TeleService, there is a possible system crash due to
improper input ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48456 (In camera driver, there is a possible out of bounds write due
to a inc ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48455 (In wifi service, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48454 (In wifi service, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-48453 (In camera driver, there is a possible out of bounds write due
to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-48452 (In Ifaa service, there is a possible missing permission check.
This co ...)
@@ -31043,21 +31043,21 @@ CVE-2023-1722 (Yoga Class Registration System version
1.0 allows an administrato
CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an
administrator to ...)
NOT-FOR-US: Yoga Class Registration System
CVE-2023-1720 (Lack of mime type response header in Bitrix24 22.0.300 allows
authenti ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1719 (Global variable extraction in bitrix/modules/main/tools.php in
Bitrix2 ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1718 (Improper file stream access in
/desktop_app/file.ajax.php?action=uploa ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1717 (Prototype pollution in
bitrix/templates/bitrix24/components/bitrix/men ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1716 (Cross-site scripting (XSS) vulnerability in Invoice Edit Page
in Bitri ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1715 (A logic error when using mb_strpos() to check for potential XSS
payloa ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1714 (Unsafe variable extraction in
bitrix/modules/main/classes/general/user ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1713 (Insecure temporary file creation in
bitrix/modules/crm/lib/order/impor ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub
repository de ...)
NOT-FOR-US: deepset-ai haystack
CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging
component, it o ...)
@@ -68606,7 +68606,7 @@ CVE-2023-20266 (A vulnerability in Cisco Emergency
Responder, Cisco Unified Comm
CVE-2023-20265
RESERVED
CVE-2023-20264 (A vulnerability in the implementation of Security Assertion
Markup Lan ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco
HyperFl ...)
NOT-FOR-US: Cisco
CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN
Manager co ...)
@@ -68622,9 +68622,9 @@ CVE-2023-20258
CVE-2023-20257
RESERVED
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of
Cisco Ada ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco
Meeting S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20254 (A vulnerability in the session management system of the Cisco
Catalyst ...)
NOT-FOR-US: Cisco
CVE-2023-20253 (A vulnerability in the command line interface (cli) management
interfa ...)
@@ -68640,13 +68640,13 @@ CVE-2023-20249
CVE-2023-20248
RESERVED
CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco
Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in
Snort acces ...)
TODO: check
CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of
Cisco Ada ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco
Firepower T ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of
Cisco Iden ...)
NOT-FOR-US: Cisco
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco
Unified ...)
@@ -68694,9 +68694,9 @@ CVE-2023-20222 (A vulnerability in the web-based
management interface of Cisco P
CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
NOT-FOR-US: Cisco
CVE-2023-20220 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20219 (Multiple vulnerabilities in the web management interface of
Cisco Fire ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20218 (A vulnerability in web-based management interface of Cisco
SPA500 Seri ...)
NOT-FOR-US: Cisco
CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise
Agent, Vir ...)
@@ -68708,7 +68708,7 @@ CVE-2023-20215 (A vulnerability in the scanning engines
of Cisco AsyncOS Softwar
CVE-2023-20214 (A vulnerability in the request authentication validation for
the REST ...)
NOT-FOR-US: Cisco
CVE-2023-20213 (A vulnerability in the CDP processing feature of Cisco ISE
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an
unauthen ...)
- clamav 1.0.2+dfsg-1 (bug #1050057)
[bookworm] - clamav 1.0.2+dfsg-1~deb12u1
@@ -68726,7 +68726,7 @@ CVE-2023-20208
CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo
Authentication P ...)
NOT-FOR-US: Cisco
CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
@@ -68750,9 +68750,9 @@ CVE-2023-20197 (A vulnerability in the filesystem image
parser for Hierarchical
[bullseye] - clamav 0.103.9+dfsg-0+deb11u1
NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html
CVE-2023-20196 (Two vulnerabilities in Cisco ISE could allow an authenticated,
remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20195 (Two vulnerabilities in Cisco ISE could allow an authenticated,
remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an
authenticat ...)
NOT-FOR-US: Cisco
CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco
ISE coul ...)
@@ -68788,11 +68788,11 @@ CVE-2023-20179 (A vulnerability in the web-based
management interface of Cisco C
CVE-2023-20178 (A vulnerability in the client update process of Cisco
AnyConnect Secur ...)
NOT-FOR-US: Cisco
CVE-2023-20177 (A vulnerability in the SSL file policy implementation of Cisco
Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20176 (A vulnerability in the networking component of Cisco access
point (AP) ...)
NOT-FOR-US: Cisco
CVE-2023-20175 (A vulnerability in a specific Cisco ISE CLI command could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -68802,7 +68802,7 @@ CVE-2023-20172 (Multiple vulnerabilities in Cisco
Identity Services Engine (ISE)
CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
NOT-FOR-US: Cisco
CVE-2023-20170 (A vulnerability in a specific Cisco ISE CLI command could
allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20169 (A vulnerability in the Intermediate System-to-Intermediate
System (IS- ...)
NOT-FOR-US: Cisco
CVE-2023-20168 (A vulnerability in TACACS+ and RADIUS remote authentication
for Cisco ...)
@@ -68832,7 +68832,7 @@ CVE-2023-20157 (Multiple vulnerabilities in the
web-based user interface of cert
CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management
Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20154
RESERVED
CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services
Engine (I ...)
@@ -68952,7 +68952,7 @@ CVE-2023-20097 (A vulnerability in Cisco access points
(AP) software could allow
CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco
Adaptive Sec ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20094
RESERVED
CVE-2023-20093
@@ -68970,7 +68970,7 @@ CVE-2023-20088 (A vulnerability in the nginx
configurations that are provided as
CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive
Security Applia ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20084
@@ -68994,15 +68994,15 @@ CVE-2023-20076 (A vulnerability in the Cisco IOx
application hosting environment
CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could
allow an ...)
NOT-FOR-US: Cisco
CVE-2023-20074 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20073 (A vulnerability in the web-based management interface of Cisco
RV340, ...)
NOT-FOR-US: Cisco
CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel
protocol ...)
NOT-FOR-US: Cisco
CVE-2023-20071 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20070 (A vulnerability in the TLS 1.3 implementation of the Cisco
Firepower T ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
NOT-FOR-US: Cisco
CVE-2023-20068 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
@@ -69016,7 +69016,7 @@ CVE-2023-20065 (A vulnerability in the Cisco IOx
application hosting subsystem o
CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for
Cisco IOS X ...)
NOT-FOR-US: Cisco's use of GRUB
CVE-2023-20063 (A vulnerability in the inter-device communication mechanisms
between d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center
could al ...)
NOT-FOR-US: Cisco
CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center
could al ...)
@@ -69049,7 +69049,7 @@ CVE-2023-20050 (A vulnerability in the CLI of Cisco
NX-OS Software could allow a
CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection
(BFD) hardwa ...)
NOT-FOR-US: Cisco
CVE-2023-20048 (A vulnerability in the web services interface of Cisco
Firepower Manag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature of ...)
NOT-FOR-US: Cisco
CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of
Cisco S ...)
@@ -69061,9 +69061,9 @@ CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent
of could allow an authen
CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an
authenticate ...)
NOT-FOR-US: Cisco
CVE-2023-20042 (A vulnerability in the AnyConnect SSL VPN feature of Cisco
Adaptive Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network
Services Orche ...)
NOT-FOR-US: Cisco
CVE-2023-20039
@@ -69139,7 +69139,7 @@ CVE-2023-20007 (A vulnerability in the web-based
management interface of Cisco S
CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography
functionali ...)
NOT-FOR-US: Cisco
CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20004
RESERVED
CVE-2023-20003 (A vulnerability in the social login configuration option for
the guest ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e9af14f819432940f57e5bf8e74c4d07fade4c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e9af14f819432940f57e5bf8e74c4d07fade4c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
