[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 6 20:25:19 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bd8f54a by Salvatore Bonaccorso at 2023-12-06T21:24:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,63 +1,63 @@
 CVE-2023-6514 (The Bluetooth module of some Huawei Smart Screen products has an ident ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-6459 (Mattermost is grouping calls inthe /metrics endpoint by id and reports ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-6458 (Mattermost webapp fails to validateroute parameters in/<TEAM_NAME>/cha ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-6393 (A flaw was found in the Quarkus Cache Runtime. When request processing ...)
-	TODO: check
+	NOT-FOR-US: Quarkus
 CVE-2023-6288 (Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on mac ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2023-6273 (Permission management vulnerability in the module for disabling Sound  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49248 (Vulnerability of unauthorized file access in the Settings app. Success ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49247 (Permission verification vulnerability in distributed scenarios. Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49246 (Unauthorized access vulnerability in the card management module. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49245 (Unauthorized access vulnerability in the Huawei Share module. Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49244 (Permission management vulnerability in the multi-user module. Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49243 (Vulnerability of unauthorized access to email attachments in the email ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49242 (Free broadcast vulnerability in the running management module. Success ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49241 (API permission control vulnerability in the network management module. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49240 (Unauthorized access vulnerability in the launcher module. Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49239 (Unauthorized access vulnerability in the card management module. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-49096 (Jellyfin is a Free Software Media System for managing and streaming me ...)
 	- jellyfin <itp> (bug #994189)
 CVE-2023-48859 (TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authenticatio ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-48123 (An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v ...)
-	TODO: check
+	NOT-FOR-US: Netgate pfSense Plus
 CVE-2023-46773 (Permission management vulnerability in the PMS module. Successful expl ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-46751 (An issue was discovered in the function gdev_prn_open_printer_seekable ...)
 	TODO: check
 CVE-2023-46688 (Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows  ...)
-	TODO: check
+	NOT-FOR-US: Pleasanter
 CVE-2023-45210 (Pleasanter 1.3.47.0 and earlier contains an improper access control vu ...)
-	TODO: check
+	NOT-FOR-US: Pleasanter
 CVE-2023-44113 (Vulnerability of missing permission verification for APIs in the Desig ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-44099 (Vulnerability of data verification errors in the kernel module. Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-39539 (AMI AptioV contains a vulnerability in BIOS where a User may cause an  ...)
-	TODO: check
+	NOT-FOR-US: AMI AptioV
 CVE-2023-39538 (AMI AptioV contains a vulnerability in BIOS where a User may cause an  ...)
-	TODO: check
+	NOT-FOR-US: AMI AptioV
 CVE-2023-36655 (The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Activ ...)
-	TODO: check
+	NOT-FOR-US: ProLion CryptoSpike
 CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: Pleasanter
 CVE-2023-32268 (Exposure of Proxy Administrator Credentials  An authenticated administ ...)
-	TODO: check
+	NOT-FOR-US: Microfocus
 CVE-2023-46218 [curl: cookie mixed case PSL bypass]
 	- curl <unfixed> (bug #1057646)
 	NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bd8f54aada77e2f071786ca17f06070727a613b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bd8f54aada77e2f071786ca17f06070727a613b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231206/4a4038b9/attachment.htm>

More information about the debian-security-tracker-commits mailing list