[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 3 09:17:26 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c02bba9 by Moritz Mühlenhoff at 2023-08-03T10:17:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2023-36858 (An insufficient verification of data vulnerability exists in BIG
 CVE-2023-36494 (Audit logs on F5OS-A may contain undisclosed sensitive information. No ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-36081 (Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/ ...)
-	TODO: check
+	NOT-FOR-US: GatesAIr Flexiva FM Transmitter
 CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to  ...)
 	NOT-FOR-US: Shelly 4PM Pro four-channel smart switch
 CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML  ...)
@@ -24675,33 +24675,33 @@ CVE-2023-26453
 CVE-2023-26452
 	RESERVED
 CVE-2023-26451 (Functions with insufficient randomness were used to generate authoriza ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26450 (The "OX Count" web service did not specify a media-type when processin ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26449 (The "OX Chat" web service did not specify a media-type when processing ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26448 (Custom log-in and log-out locations are used-defined as jslob but were ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26447 (The "upsell" widget for the portal allows to specify a product descrip ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26446 (The users clientID at "application passwords" was not sanitized or esc ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26445 (Frontend themes are defined by user-controllable jslob settings and co ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26444
 	RESERVED
 CVE-2023-26443 (Full-text autocomplete search allows user-provided SQL syntax to be in ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26442 (In case Cacheservice was configured to use a sproxyd object-storage ba ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26441 (Cacheservice did not correctly check if relative cache object were poi ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26440 (The cacheservice API could be abused to indirectly inject parameters w ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26439 (The cacheservice API could be abused to inject parameters with SQL syn ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26438 (External service lookups for a number of protocols were vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...)
 	- pdns-recursor 4.8.4-1 (bug #1033941)
 	[bullseye] - pdns-recursor <no-dsa> (Minor issue)
@@ -24723,7 +24723,7 @@ CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabi
 CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...)
 	NOT-FOR-US: OX App Suite
 CVE-2023-26430 (Attackers with access to user accounts can inject arbitrary control ch ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...)
 	NOT-FOR-US: OX App Suite
 CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...)
@@ -24949,9 +24949,9 @@ CVE-2023-26319
 CVE-2023-26318
 	RESERVED
 CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could allow ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-26315
 	RESERVED
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -44281,9 +44281,9 @@ CVE-2022-46487
 CVE-2022-46486
 	RESERVED
 CVE-2022-46485 (Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and be ...)
-	TODO: check
+	NOT-FOR-US: ngSurvey
 CVE-2022-46484 (Information disclosure in password protected surveys in Data Illusion  ...)
-	TODO: check
+	NOT-FOR-US: ngSurvey
 CVE-2022-46483
 	RESERVED
 CVE-2022-46482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/76c91d63/attachment.htm>

More information about the debian-security-tracker-commits mailing list