[Git][security-tracker-team/security-tracker][master] NFUs

Tue, 12 Dec 2023 08:12:18 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18d41a1f by Moritz Muehlenhoff at 2023-12-12T17:11:38+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2023-6727 (Mattermost fails to perform correct authorization checks when 
creating ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop 
Manager 20 ...)
-       NOT-FOR-US: Devolutions
+       NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-6547 (Mattermost fails to validate team membership when a user 
attempts to a ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable 
to unb ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare quiche
 CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation 
fault vi ...)
        TODO: check
 CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting 
(XSS). ...)
-       TODO: check
+       NOT-FOR-US: SAS
 CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point 
Exceptio ...)
        - espeak-ng <unfixed>
        [bookworm] - espeak-ng <no-dsa> (Minor issue)
@@ -41,8 +41,9 @@ CVE-2023-49809 (Mattermost fails to handle a null request 
body in the /add endpo
        - mattermost-server <itp> (bug #823556)
 CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS 
service of HMI ...)
        NOT-FOR-US: NetBIOS service of HMI GC-A2 series
+       NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, 
WRC-X3000GS ...)
-       NOT-FOR-US: Elecom
+       NOT-FOR-US: ELECOM
 CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 
LTE(4G) EU (Al ...)
        NOT-FOR-US: Siemens
 CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 
LTE(4G) EU (Al ...)
@@ -52,9 +53,9 @@ CVE-2023-49607 (Mattermost fails to validate the type of the 
"reminder" body req
 CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro 
v.1.1 allow ...)
        NOT-FOR-US: Voltronic Power SNMP Web Pro
 CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of 
HMI GC- ...)
-       TODO: check
+       NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link 
service  ...)
-       TODO: check
+       NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability. 
The fol ...)
        NOT-FOR-US: Acronis
 CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions 
< V1.0  ...)
@@ -92,11 +93,11 @@ CVE-2023-45847 (Mattermost fails to to check the length 
when setting the title i
 CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in 
/plugins/ ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of 
HMI GC- ...)
-       TODO: check
+       NOT-FOR-US: JTEKT ELECTRONICS CORPORATION
 CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL 
injection vuln ...)
-       TODO: check
+       NOT-FOR-US: EMlog
 CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 
(incl. SIP ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template 
Engine  ...)
        NOT-FOR-US: mlflow
 CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for 
Android, ...)
@@ -63104,9 +63105,9 @@ CVE-2023-21675 (Windows Kernel Elevation of Privilege 
Vulnerability)
 CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of 
Privilege Vu ...)
        NOT-FOR-US: Microsoft
 CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus 
(All ver ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus 
(All ver ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of 
Module Libra ...)
        NOT-FOR-US: Pandora FMS
 CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event 
section  ...)
@@ -66970,7 +66971,7 @@ CVE-2022-46143 (Affected devices do not check the TFTP 
blocksize correctly. This
 CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in 
flash memor ...)
        NOT-FOR-US: Siemens
 CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA 
Portal) (Al ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the 
debug zip ...)
        NOT-FOR-US: Siemens
 CVE-2022-44620 (Improper authentication vulnerability in 
UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
@@ -79456,7 +79457,7 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer 
Series are prone to an XS
 CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an 
authenti ...)
        NOT-FOR-US: Wiesemann & Theis GmbH products
 CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All 
versions >= ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb 
prior to ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
@@ -220821,7 +220822,7 @@ CVE-2020-28371 (An issue was discovered in ReadyTalk 
Avian 1.2.0 before 2020-10-
 CVE-2020-28370
        RESERVED
 CVE-2020-28369 (In BeyondTrust Privilege Management for Windows (aka PMfW) 
through 5.7 ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain 
sensitive  ...)
        {DSA-4804-1}
        - xen 4.14.0+80-gd101b417b7-1
@@ -260564,13 +260565,13 @@ CVE-2020-12617
 CVE-2020-12616
        RESERVED
 CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management 
for Window ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management 
for Window ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management 
for Window ...)
        NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management 
for Window ...)
-       TODO: check
+       NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12611
        RESERVED
 CVE-2020-12610



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18d41a1fc1dbfde21265aea0e624d10f556d2985
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to