[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 3 17:50:29 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6ab432e by Salvatore Bonaccorso at 2024-01-03T18:49:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106,17 +106,17 @@ CVE-2023-49550 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause
 CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...)
 	NOT-FOR-US: Cesenta MJS
 CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...)
 	NOT-FOR-US: fuwushe.org iFair
 CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...)
 	NOT-FOR-US: SpringBlade
 CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...)
-	TODO: check
+	NOT-FOR-US: Plotly.js
 CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in  ...)
-	TODO: check
+	NOT-FOR-US: Floorsight Customer Portal
 CVE-2023-45892 (An issue discovered in the Order and Invoice pages in Floorsight Insig ...)
-	TODO: check
+	NOT-FOR-US: Floorsight Insights
 CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated file uplo ...)
 	NOT-FOR-US: HCL
 CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal vulnerability whic ...)
@@ -126,7 +126,7 @@ CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary fi
 CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers ...)
 	NOT-FOR-US: A-WORLD OIRASE BEER_waiting Line
 CVE-2023-42358 (An issue was discovered in O-RAN Software Community ric-plt-e2mgr in t ...)
-	TODO: check
+	NOT-FOR-US: ric-plt-e2mgr in G-Release environment
 CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due  ...)
 	NOT-FOR-US: ZTE
 CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due  ...)
@@ -156,9 +156,9 @@ CVE-2023-6752
 CVE-2023-6436 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Ekol Informatics Website Template
 CVE-2023-51652 (OWASP AntiSamy .NET is a library for performing cleansing of HTML comi ...)
-	TODO: check
+	NOT-FOR-US: OWASP AntiSamy .NET library
 CVE-2023-50711 (vmm-sys-util is a collection of modules that provides helpers and util ...)
-	TODO: check
+	NOT-FOR-US: vmm-sys-util rust modules
 CVE-2023-50333 (Mattermost fails to update the permissions of the current session for  ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-4280 (An unvalidated input in Silicon Labs TrustZone implementation in v4.3. ...)
@@ -170,13 +170,13 @@ CVE-2023-48732 (Mattermost fails to scope the WebSocket response around notified
 CVE-2023-48721
 	REJECTED
 CVE-2023-48419 (An attacker in the wifi vicinity of a target Google Home can spy on th ...)
-	TODO: check
+	NOT-FOR-US: Google Home
 CVE-2023-47858 (Mattermost fails to properly verify the permissions needed for viewing ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2018-25097 (A vulnerability, which was classified as problematic, was found in Acu ...)
 	NOT-FOR-US: Acumos Design Studio
 CVE-2017-20188 (A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and class ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2015-10128 (A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6693 (A stack based buffer overflow was found in the virtio-net device of QE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ab432e91d0640bb05908f94cc6c24f00d03973

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ab432e91d0640bb05908f94cc6c24f00d03973
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240103/75887fc5/attachment.htm>

More information about the debian-security-tracker-commits mailing list