Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c812f959 by Salvatore Bonaccorso at 2023-12-08T21:41:31+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,93 +33,93 @@ CVE-2023-6507 (An issue was found in CPython 3.12.0
`subprocess` module on POSIX
CVE-2023-6245 (The Candid library causes a Denial of Service while parsing a
special ...)
TODO: check
CVE-2023-6146 (A Qualys web application was found to have a stored XSS
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2023-49788 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2023-49782 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site
scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site
scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site
scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site
scripting (X ...)
- TODO: check
+ NOT-FOR-US: Dreamer CMS
CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow
attacke ...)
- TODO: check
+ NOT-FOR-US: DoraCMS
CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for
verification ...)
- TODO: check
+ NOT-FOR-US: DoraCMS
CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a
stack-bas ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible
out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of
bounds r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of
private/google-mod ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48420 (there is a possible use after free due to a race condition.
This could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48416 (In multiple locations, there is a possible null dereference
due to a m ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out
of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free
due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of
bounds r ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a
possible info ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of
protocolmiscadapt ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of
bounds read d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of
private/google-mod ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset
due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot
unverif ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48405 (there is a possible way for the secure world to write to NS
memory due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of
protocolmiscadapter.c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a
missing p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of
protocolmiscadapter.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of
protocolnet ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-47565 (An OS command injection vulnerability has been found to affect
legacy ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions
before v.1 ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a
remote ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions
before v.1. ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions
before v.1. ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions
before v.1 ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions
before v.1 ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions
before v.1. ...)
- TODO: check
+ NOT-FOR-US: EverShop NPM
CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the
lowest p ...)
- TODO: check
+ NOT-FOR-US: MGT CloudPanel
CVE-2023-32975 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32968 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub
repository mic ...)
NOT-FOR-US: microweber
CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to
20231126 and c ...)
@@ -137,7 +137,7 @@ CVE-2023-6576 (A vulnerability was found in Beijing Baichuo
S210 up to 20231123.
CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a
Phantom DLL ...)
NOT-FOR-US: Iconics SCADA Suite
CVE-2023-5058 (Improper Input Validation in the processing of user-supplied
splash sc ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2023-5008 (Student Information System v1.0 is vulnerable to an
unauthenticated SQ ...)
NOT-FOR-US: Student Information System
CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure
File Uplo ...)
@@ -54874,7 +54874,7 @@ CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote
Code Execution Vulnerabil
CVE-2023-23373 (An OS command injection vulnerability has been reported to
affect QUSB ...)
NOT-FOR-US: QNAP
CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23371 (A cleartext transmission of sensitive information
vulnerability has be ...)
NOT-FOR-US: QNAP
CVE-2023-23370 (An insufficiently protected credentials vulnerability has been
reporte ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c812f9596e66bc62ed552efb1ed3aa783ba122ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
