Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eaf40c64 by Moritz Muehlenhoff at 2023-11-30T14:46:17+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2023-5772 (The Debug Log Manager plugin for WordPress is
vulnerable to Cross
CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control
of File ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4474 (The improper neutralization of special elements in the WSGI
server of ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-4473 (A command injection vulnerability in the web server of the
Zyxel NAS32 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init)
NOT-FOR-US: USIMPhase2init
CVE-2023-49700 (Security best practices violations, a string operation in
Streamingmed ...)
- TODO: check
+ NOT-FOR-US: ASR Falcon
CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia
Interface)
- TODO: check
+ NOT-FOR-US: ASR Falcon
CVE-2023-49694 (A low-privileged OS user with access to a Windows host where
NETGEAR P ...)
NOT-FOR-US: NETGEAR
CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire
Protocol ...)
@@ -23,9 +23,9 @@ CVE-2023-49693 (NETGEAR ProSAFE Network Management System has
Java Debug Wire Pr
CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the
notific ...)
NOT-FOR-US: ZITADEL
CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of
Activit ...)
- TODO: check
+ NOT-FOR-US: nexkey
CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces
and min ...)
- TODO: check
+ NOT-FOR-US: Symbolicator
CVE-2023-49087 (xml-security is a library that implements XML signatures and
encryptio ...)
TODO: check
CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
@@ -33,7 +33,7 @@ CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server
framework for asyn
CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
TODO: check
CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite
based on d ...)
- TODO: check
+ NOT-FOR-US: Mailcow
CVE-2023-49076 (Customer-data-framework allows management of customer data
within Pimc ...)
NOT-FOR-US: Pimcore
CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a
remote attack ...)
@@ -55,23 +55,23 @@ CVE-2023-48946 (An issue in the box_mpy function of
openlink virtuoso-opensource
CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11
allows attack ...)
TODO: check
CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version
4.0.0 bef ...)
- TODO: check
+ NOT-FOR-US: GL.iNet AX1800
CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version
4.0.0 bef ...)
- TODO: check
+ NOT-FOR-US: GL.iNet AX1800
CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version
8.1.2 and be ...)
- TODO: check
+ NOT-FOR-US: p2pa
CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Sierra Wireless
CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900
and DT900 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2023-37928 (A post-authentication command injection vulnerability in the
WSGI serv ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-37927 (The improper neutralization of special elements in the CGI
program of ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-35138 (A command injection vulnerability in the
\u201cshow_zysync_server_cont ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-35137 (An improper authentication vulnerability in the authentication
module ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-6378 (A serialization vulnerability in logback receiver component
part of l ...)
- logback <unfixed>
[bookworm] - logback <no-dsa> (Minor issue)
@@ -77688,17 +77688,17 @@ CVE-2022-42543 (In fdt_path_offset_namelen of
fdt_ro.c, there is a possible out
CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a
possible ...)
NOT-FOR-US: Android
CVE-2022-42541 (Remote code execution)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42540 (Elevation of privilege)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42539 (Information disclosure)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42538 (Elevation of privilege)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42537 (Remote code execution)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42536 (Remote code execution)
- TODO: check
+ NOT-FOR-US: Google Chromecast
CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access
to restr ...)
NOT-FOR-US: Android
CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a
possible ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf40c64afc2d0d43aab03289fc2542ff4b81771
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eaf40c64afc2d0d43aab03289fc2542ff4b81771
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
