[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 8 20:42:00 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c812f959 by Salvatore Bonaccorso at 2023-12-08T21:41:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,93 +33,93 @@ CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX
 CVE-2023-6245 (The Candid library causes a Denial of Service while  parsing a special ...)
 	TODO: check
 CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Qualys
 CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online
 CVE-2023-49782 (Collabora Online is a collaborative online office suite based on Libre ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online
 CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attacke ...)
-	TODO: check
+	NOT-FOR-US: DoraCMS
 CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for verification ...)
-	TODO: check
+	NOT-FOR-US: DoraCMS
 CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-bas ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48420 (there is a possible use after free due to a race condition. This could ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48416 (In multiple locations, there is a possible null dereference due to a m ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out of bounds ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free due to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapt ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset due to a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot unverif ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48405 (there is a possible way for the secure world to write to NS memory due ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.c ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnet ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of bounds  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-47565 (An OS command injection vulnerability has been found to affect legacy  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
-	TODO: check
+	NOT-FOR-US: EverShop NPM
 CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest p ...)
-	TODO: check
+	NOT-FOR-US: MGT CloudPanel
 CVE-2023-32975 (A buffer copy without checking size of input vulnerability has been re ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2023-32968 (A buffer copy without checking size of input vulnerability has been re ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...)
 	NOT-FOR-US: microweber
 CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...)
@@ -137,7 +137,7 @@ CVE-2023-6576 (A vulnerability was found in Beijing Baichuo S210 up to 20231123.
 CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL  ...)
 	NOT-FOR-US: Iconics SCADA Suite
 CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2023-5008 (Student Information System v1.0 is vulnerable to an unauthenticated SQ ...)
 	NOT-FOR-US: Student Information System
 CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure File Uplo ...)
@@ -54874,7 +54874,7 @@ CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
 CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...)
 	NOT-FOR-US: QNAP
 CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
 	NOT-FOR-US: QNAP
 CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231208/285c9b19/attachment.htm>

More information about the debian-security-tracker-commits mailing list