[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Oct 22 21:31:25 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1ea755c by Moritz Muehlenhoff at 2023-10-22T22:31:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...)
-	TODO: check
+	NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
 	TODO: check
 CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) before 2.15 ...)
-	TODO: check
+	NOT-FOR-US: Django Grappelli
 CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or co ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CRX CodeRed Extensions
 CVE-2023-XXXX [SQUID-2023:5 Denial of Service in FTP]
 	- squid <unfixed>
 	[bullseye] - squid <not-affected> (Vulnerable code not present)
@@ -71,7 +71,7 @@ CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution b
 CVE-2023-46300 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...)
 	NOT-FOR-US: iTerm2
 CVE-2023-46298 (Next.js before 13.4.20-canary.13 lacks a cache-control header and thus ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2023-46078 (Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Seria ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-46067 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Fon ...)
@@ -580,7 +580,7 @@ CVE-2023-45814 (Bunkum is an open-source protocol-agnostic request server for cu
 CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In affected ve ...)
 	NOT-FOR-US: Torbot
 CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph router wri ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router
 CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...)
 	NOT-FOR-US: XXL-RPC
 CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
@@ -622,7 +622,7 @@ CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6
 	- roundcube 1.6.4+dfsg-1 (bug #1054079)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4)
 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...)
-	TODO: check
+	NOT-FOR-US: NI System Configuration
 CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception (FPE) vulne ...)
 	- gifsicle <unfixed> (unimportant)
 	NOTE: https://github.com/kohler/gifsicle/issues/196
@@ -769,7 +769,7 @@ CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resour
 	NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
 	NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
 CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...)
-	TODO: check
+	NOT-FOR-US: COVESA
 CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...)
 	NOT-FOR-US: Ivanti
 CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...)
@@ -65882,7 +65882,7 @@ CVE-2023-20600
 CVE-2023-20599
 	RESERVED
 CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
 	NOT-FOR-US: AMD
 CVE-2023-20596



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ea755ce2ff09ce431e9466d9d67d2ca27bc207

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ea755ce2ff09ce431e9466d9d67d2ca27bc207
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/127e75ee/attachment.htm>

More information about the debian-security-tracker-commits mailing list