From 53bbf9473f03e67a29f4b4a25e1c1a9d655db281 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Mon, 4 Sep 2023 12:12:03 +0200 Subject: NFUs --- data/CVE/list | 83 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 41 insertions(+), 42 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index d99a63453a..4ac6379139 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -540,13 +540,13 @@ CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to unauthorize CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...) - TODO: check + NOT-FOR-US: archive Dart library CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...) NOT-FOR-US: ZIPFoundation CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...) - TODO: check + NOT-FOR-US: archive Dart library CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...) - TODO: check + NOT-FOR-US: SSZipArchive CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...) NOT-FOR-US: Zip Swift CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) @@ -814,7 +814,7 @@ CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_cente NOTE: https://hackmd.io/@cspl/B1ZkFZv23 TODO: check if reported upstream CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) - TODO: check + NOT-FOR-US: SpringBlade CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) NOT-FOR-US: Arista CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...) @@ -17067,9 +17067,9 @@ CVE-2022-48455 CVE-2022-48454 RESERVED CVE-2022-48453 (In camera driver, there is a possible out of bounds write due to a mis ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48452 (In Ifaa service, there is a possible missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...) NOT-FOR-US: Unisoc CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...) @@ -20979,7 +20979,6 @@ CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools sof NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 (mdadm-4.2-rc2) NOTE: Negligible security impact as the memory leak is after "mdadm --detail" which NOTE: is one shoot action. - TODO: check details, fixes should be somewhere prior to mdadm-4.2-rc2 CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...) - mdadm 4.2-1 [bullseye] - mdadm (Minor issue) @@ -37624,7 +37623,7 @@ CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub E CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...) - TODO: check + NOT-FOR-US: Github Enterprise Server CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...) @@ -46762,9 +46761,9 @@ CVE-2022-47355 (In log service, there is a missing permission check. This could CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47353 (In vdsp device, there is a possible system crash due to improper input ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47352 (In camera driver, there is a possible out of bounds read due to a miss ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47351 (In camera driver, there is a possible out of bounds read due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-47350 (In camera driver, there is a possible out of bounds read due to a miss ...) @@ -57610,69 +57609,69 @@ CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to dow CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...) NOT-FOR-US: PHOENIX CVE-2023-20851 (In stc, there is a possible out of bounds read due to a race condition ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20850 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20849 (In imgsys_cmdq, there is a possible use after free due to a missing va ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20848 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20847 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20846 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20845 (In imgsys, there is a possible out of bounds read due to a missing val ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20844 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20843 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20842 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20841 (In imgsys, there is a possible out of bounds write due to a missing va ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20840 (In imgsys, there is a possible out of bounds read and write due to a m ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20839 (In imgsys, there is a possible out of bounds read due to a missing val ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20838 (In imgsys, there is a possible out of bounds read due to a race condit ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20837 (In seninf, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20836 (In camsys, there is a possible out of bounds read due to a missing bou ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20835 (In camsys, there is a possible use after free due to a race condition. ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20834 (In pda, there is a possible use after free due to a race condition. Th ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20833 (In keyinstall, there is a possible information disclosure due to a mis ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20832 (In gps, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20831 (In gps, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20830 (In gps, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20829 (In gps, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20828 (In gps, there is a possible out of bounds write due to a missing bound ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20827 (In ims service, there is a possible memory corruption due to a race co ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20826 (In cta, there is a possible information disclosure due to a missing pe ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20825 (In duraspeed, there is a possible information disclosure due to a miss ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20824 (In duraspeed, there is a possible information disclosure due to a miss ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20823 (In cmdq, there is a possible out of bounds read due to an incorrect st ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20822 (In netdagent, there is a possible out of bounds write due to a missing ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missing bou ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-20819 RESERVED CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...) -- cgit v1.2.3