[Git][security-tracker-team/security-tracker][master] Process some additional NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 28 08:33:59 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6a11634 by Salvatore Bonaccorso at 2023-11-28T09:33:35+01:00
Process some additional NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,23 +21,23 @@ CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of the
 CVE-2023-4667 (The web interface of the PAC Device allows the device administrator us ...)
 	TODO: check
 CVE-2023-4398 (An integer overflow vulnerability in the source code of the QuickSec I ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-4226 (Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo  ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4225 (Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Cham ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4224 (Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chami ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4223 (Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Cham ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4222 (Command injection in `main/lp/openoffice_text_document.class.php` in C ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4221 (Command injection in `main/lp/openoffice_presentation.class.php` in Ch ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-4220 (Unrestricted file upload in big file upload functionality in `/main/in ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-49145 (Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Process ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2023-49075 (The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBund ...)
@@ -51,21 +51,21 @@ CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and se
 CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4 ...)
 	NOT-FOR-US: PrestaShop opartdevis
 CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker  ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2023-48023 (Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor' ...)
-	TODO: check
+	NOT-FOR-US: Anyscale Ray
 CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbit ...)
-	TODO: check
+	NOT-FOR-US: Anyscale Ray
 CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: jflyfox jfinalCMS
 CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing an authen ...)
 	TODO: check
 CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitr ...)
 	TODO: check
 CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for P ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...)
 	- busybox <unfixed>
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874
@@ -79,31 +79,31 @@ CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf funct
 	- busybox <unfixed>
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865
 CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo  ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-3533 (Path traversal in file upload functionality in `/main/webservices/addi ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-3368 (Command injection in `/main/webservices/additional_webservices.php` in ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2023-37926 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-37925 (An improper privilege management vulnerability in the debug CLI comman ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-35139 (A cross-site scripting (XSS) vulnerability in the CGI program of the Z ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-35136 (An improper input validation vulnerability in the \u201cQuagga\u201d p ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-34054 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...)
 	TODO: check
 CVE-2023-34053 (In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...)
 	TODO: check
 CVE-2023-32065 (OroCommerce is an open-source Business to Business Commerce applicatio ...)
-	TODO: check
+	NOT-FOR-US: OroCommerce
 CVE-2023-32064 (OroCommerce package with customer portal and non authenticated visitor ...)
-	TODO: check
+	NOT-FOR-US: OroCommerce
 CVE-2023-32063 (OroCalendarBundle enables a Calendar feature and related functionality ...)
-	TODO: check
+	NOT-FOR-US: OroCalendarBundle
 CVE-2023-32062 (OroPlatform is a package that assists system and user calendar managem ...)
-	TODO: check
+	NOT-FOR-US: OroPlatform
 CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
 	NOT-FOR-US: Control iD iDSecure
 CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
@@ -79054,7 +79054,7 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled wil
 	NOTE: https://github.com/matrix-org/synapse/pull/11936
 	NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue.
 CVE-2022-41951 (OroPlatform is a PHP Business Application Platform (BAP) designed to m ...)
-	TODO: check
+	NOT-FOR-US: OroPlatform
 CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...)
 	NOT-FOR-US: super-xray
 CVE-2022-41949 (DHIS 2 is an open source information system for data capture, manageme ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a11634434ec8d95cb62d4ef752a7faddee4936

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6a11634434ec8d95cb62d4ef752a7faddee4936
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231128/9319f319/attachment.htm>

More information about the debian-security-tracker-commits mailing list