[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 30 13:46:59 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eaf40c64 by Moritz Muehlenhoff at 2023-11-30T14:46:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to Cross
 CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control of File ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-4474 (The improper neutralization of special elements in the WSGI server of  ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-4473 (A command injection vulnerability in the web server of the Zyxel NAS32 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init)
 	NOT-FOR-US: USIMPhase2init
 CVE-2023-49700 (Security best practices violations, a string operation in Streamingmed ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia Interface)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2023-49694 (A low-privileged OS user with access to a Windows host where NETGEAR P ...)
 	NOT-FOR-US: NETGEAR
 CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol ...)
@@ -23,9 +23,9 @@ CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire Pr
 CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the notific ...)
 	NOT-FOR-US: ZITADEL
 CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of Activit ...)
-	TODO: check
+	NOT-FOR-US: nexkey
 CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces and min ...)
-	TODO: check
+	NOT-FOR-US: Symbolicator
 CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...)
 	TODO: check
 CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
@@ -33,7 +33,7 @@ CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyn
 CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite based on d ...)
-	TODO: check
+	NOT-FOR-US: Mailcow
 CVE-2023-49076 (Customer-data-framework allows management of customer data within Pimc ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a remote attack ...)
@@ -55,23 +55,23 @@ CVE-2023-48946 (An issue in the box_mpy function of openlink virtuoso-opensource
 CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 allows attack ...)
 	TODO: check
 CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet AX1800
 CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet AX1800
 CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...)
-	TODO: check
+	NOT-FOR-US: p2pa
 CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Sierra Wireless
 CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2023-37928 (A post-authentication command injection vulnerability in the WSGI serv ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-37927 (The improper neutralization of special elements in the CGI program of  ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-35138 (A command injection vulnerability in the \u201cshow_zysync_server_cont ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-35137 (An improper authentication vulnerability in the authentication module  ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-6378 (A serialization vulnerability in logback receiver component part of  l ...)
 	- logback <unfixed>
 	[bookworm] - logback <no-dsa> (Minor issue)
@@ -77688,17 +77688,17 @@ CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out
 CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
 	NOT-FOR-US: Android
 CVE-2022-42541 (Remote code execution)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42540 (Elevation of privilege)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42539 (Information disclosure)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42538 (Elevation of privilege)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42537 (Remote code execution)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42536 (Remote code execution)
-	TODO: check
+	NOT-FOR-US: Google Chromecast
 CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access to restr ...)
 	NOT-FOR-US: Android
 CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf40c64afc2d0d43aab03289fc2542ff4b81771

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf40c64afc2d0d43aab03289fc2542ff4b81771
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231130/37f23675/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list