[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Sun, 22 Oct 2023 13:31:33 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a1ea755c by Moritz Muehlenhoff at 2023-10-22T22:31:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-46306 (The web administration interface in NetModule Router Software 
(NRSW) 4 ...)
-       TODO: check
+       NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py 
in calib ...)
        TODO: check
 CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) 
before 2.15 ...)
-       TODO: check
+       NOT-FOR-US: Django Grappelli
 CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed 
CMS or co ...)
-       TODO: check
+       NOT-FOR-US: Wagtail CRX CodeRed Extensions
 CVE-2023-XXXX [SQUID-2023:5 Denial of Service in FTP]
        - squid <unfixed>
        [bullseye] - squid <not-affected> (Vulnerable code not present)
@@ -71,7 +71,7 @@ CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially 
remote) code execution b
 CVE-2023-46300 (iTerm2 before 3.4.20 allow (potentially remote) code execution 
because ...)
        NOT-FOR-US: iTerm2
 CVE-2023-46298 (Next.js before 13.4.20-canary.13 lacks a cache-control header 
and thus ...)
-       TODO: check
+       NOT-FOR-US: Next.js
 CVE-2023-46078 (Cross-Site Request Forgery (CSRF) vulnerability in PluginEver 
WC Seria ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-46067 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 
Rocket Fon ...)
@@ -580,7 +580,7 @@ CVE-2023-45814 (Bunkum is an open-source protocol-agnostic 
request server for cu
 CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In 
affected ve ...)
        NOT-FOR-US: Torbot
 CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph 
router wri ...)
-       TODO: check
+       NOT-FOR-US: Apollo Router
 CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With 
it, a T ...)
        NOT-FOR-US: XXL-RPC
 CVE-2023-45145 (Redis is an in-memory database that persists on disk. On 
startup, Redi ...)
@@ -622,7 +622,7 @@ CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, 
and 1.6.x before 1.6
        - roundcube 1.6.4+dfsg-1 (bug #1054079)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
 (1.6.4)
 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System 
Config ...)
-       TODO: check
+       NOT-FOR-US: NI System Configuration
 CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception 
(FPE) vulne ...)
        - gifsicle <unfixed> (unimportant)
        NOTE: https://github.com/kohler/gifsicle/issues/196
@@ -769,7 +769,7 @@ CVE-2023-38552 (When the Node.js policy feature checks the 
integrity of a resour
        NOTE: 
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552
        NOTE: 
https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c
 CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was 
discover ...)
-       TODO: check
+       NOT-FOR-US: COVESA
 CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution 
of Unauth ...)
        NOT-FOR-US: Ivanti
 CVE-2023-35083 (Allows an authenticated attacker with network access to read 
arbitrary ...)
@@ -65882,7 +65882,7 @@ CVE-2023-20600
 CVE-2023-20599
        RESERVED
 CVE-2023-20598 (An improper privilege management in the AMD 
Radeon\u2122Graphics drive ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may 
allow a pri ...)
        NOT-FOR-US: AMD
 CVE-2023-20596



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ea755ce2ff09ce431e9466d9d67d2ca27bc207

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ea755ce2ff09ce431e9466d9d67d2ca27bc207
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to