[Git][security-tracker-team/security-tracker][master] two more CVEs for tinyxml

Fri Dec 22 13:46:12 GMT 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90767b0e by Moritz Muehlenhoff at 2023-12-22T14:45:11+01:00
two more CVEs for tinyxml

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2378,7 +2378,6 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neu
 CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...)
 	- tinyxml <unfixed>
 	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
-	TODO: check details and embedded copies once assessment for tinyxml done
 CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...)
 	{DSA-5577-1}
 	- chromium 120.0.6099.109-1
@@ -3939,7 +3938,8 @@ CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcod
 CVE-2023-40463 (When configured in debugging mode by an authenticated user with    adm ...)
 	NOT-FOR-US: ALEOS
 CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not    perform ...)
-	NOT-FOR-US: ALEOS
+	- tinyxml <unfixed>
+	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an    authen ...)
 	NOT-FOR-US: ALEOS
 CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not    validat ...)
@@ -4960,7 +4960,8 @@ CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0
 CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...)
 	NOT-FOR-US: p2pa
 CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	NOT-FOR-US: Sierra Wireless
+	- tinyxml <unfixed>
+	NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
 CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...)
 	NOT-FOR-US: NEC
 CVE-2023-37928 (A post-authentication command injection vulnerability in the WSGI serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90767b0ea7a84688f34450c8f79ddd867ed13328

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90767b0ea7a84688f34450c8f79ddd867ed13328
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/48d5fbe6/attachment-0001.htm>
