[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 4 20:34:24 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f56f6a5b by Salvatore Bonaccorso at 2023-12-04T21:30:40+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,43 +5,43 @@ CVE-2023-6481 (A serialization vulnerability in logback receiver component part
 CVE-2023-6460 (A potential logging of the firestore key via logging within nodejs-fir ...)
 	TODO: check
 CVE-2023-5768 (A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5767 (A vulnerability exists in the webserver that affects the  RTU500 serie ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-48967 (Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untru ...)
-	TODO: check
+	NOT-FOR-US: Ssolon
 CVE-2023-48966 (An arbitrary file upload vulnerability in the component /admin/api.upl ...)
-	TODO: check
+	NOT-FOR-US: ThinkAdmin
 CVE-2023-48965 (An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.5 ...)
-	TODO: check
+	NOT-FOR-US: ThinkAdmin
 CVE-2023-48910 (Microcks up to 1.17.1 was discovered to contain a Server-Side Request  ...)
-	TODO: check
+	NOT-FOR-US: Microcks
 CVE-2023-48866 (A Cross-Site Scripting (XSS) vulnerability in the recipe preparation c ...)
 	- grocy <itp> (bug #969056)
 CVE-2023-48863 (SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security ...)
-	TODO: check
+	NOT-FOR-US: SEMCMS
 CVE-2023-48815 (kkFileView v4.3.0 is vulnerable to Incorrect Access Control.)
-	TODO: check
+	NOT-FOR-US: kkFileView
 CVE-2023-48800 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-48799 (TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Comma ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-44306 (Dell DM5500 contains a path traversal vulnerability in PPOE Component. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44305 (Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44304 (Dell DM5500 contains a privilege escalation vulnerability in PPOE Comp ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44302 (Dell DM5500 5.14.0.0 and prior contain an improper authentication vuln ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44301 (Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44300 (Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-44291 (Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-41613 (EzViz Studio v2.2.0 is vulnerable to DLL hijacking.)
-	TODO: check
+	NOT-FOR-US: EzViz Studio
 CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Dri ...)
 	TODO: check
 CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-checks' to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f56f6a5bd6e9e6bedc992c4bd7dd159f756d2727

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f56f6a5bd6e9e6bedc992c4bd7dd159f756d2727
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231204/ba1abd66/attachment.htm>


More information about the debian-security-tracker-commits mailing list