[Git][security-tracker-team/security-tracker][master] Update entries wich are for opennds

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 25 20:40:59 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ae727f1 by Salvatore Bonaccorso at 2023-12-25T21:40:12+01:00
Update entries wich are for opennds

By mistake previously tracked as NFU, whereas opennds exists in Debian
itself.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,8 +8,6 @@ CVE-2023-48650 (Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to a
 	NOT-FOR-US: Concrete CMS
 CVE-2023-41165 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...)
 	NOT-FOR-US: Stormshield Network Security (SNS)
-CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...)
-	TODO: check
 CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7. ...)
 	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...)
@@ -6782,9 +6780,9 @@ CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 2.1.
 CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a  ...)
 	NOT-FOR-US: CubeCart
 CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS  ...)
 	NOT-FOR-US: OpenNMS
 CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
@@ -6798,19 +6796,29 @@ CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and ear
 CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
 	NOT-FOR-US: CLUSTERPRO
 CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
+CVE-2023-38323
+	- opennds <unfixed>
 CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
+CVE-2023-38321
+	- opennds <unfixed>
 CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
+CVE-2023-38319
+	- opennds <unfixed>
+CVE-2023-38318
+	- opennds <unfixed>
+CVE-2023-38317
+	- opennds <unfixed>
 CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...)
-	NOT-FOR-US: OpenNDS
+	- opennds <unfixed>
 CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...)
 	NOT-FOR-US: CubeCart
 CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae727f193f80ad7f59c6f024f547218d3d8de06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae727f193f80ad7f59c6f024f547218d3d8de06
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/b5e3825b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list