Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1a21d7b by Salvatore Bonaccorso at 2023-12-22T21:31:23+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,66 +1,66 @@
CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It
has been ...)
- TODO: check
+ NOT-FOR-US: slawkens MyAAC
CVE-2023-7075 (A vulnerability was found in code-projects Point of Sales and
Inventor ...)
- TODO: check
+ NOT-FOR-US: code-projects Point of Sales and Inventory Management System
CVE-2023-51662 (The Snowflake .NET driver provides an interface to the
Microsoft .NET ...)
TODO: check
CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run
anywher ...)
TODO: check
CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation
Platform ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2023-51448 (Cacti provides an operational monitoring and fault management
framewor ...)
- cacti <unfixed>
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594
CVE-2023-51035 (TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to
arbitrary com ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51034 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to
arbitrary com ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51033 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to
arbitrary com ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51028 (TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51027 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51025 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an
unauthori ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51024 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51023 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
arbitrary co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51022 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51021 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51020 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51019 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51018 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51017 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51016 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51015 (TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
arbitrary co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51014 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51013 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51012 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-51011 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-50725 (Resque is a Redis-backed Ruby library for creating background
jobs, pl ...)
- TODO: check
+ NOT-FOR-US: Resque
CVE-2023-50714 (yii2-authclient is an extension that adds OpenID, OAuth,
OAuth2 and Op ...)
- TODO: check
+ NOT-FOR-US: ii2-authclient extension for Yii framework
CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident
responder ...)
- TODO: check
+ NOT-FOR-US: Iris
CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth,
OAuth2 and Op ...)
- TODO: check
+ NOT-FOR-US: ii2-authclient extension for Yii framework
CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti
v1.2.25, a ...)
- cacti <unfixed>
NOTE: https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf
@@ -74,15 +74,15 @@ CVE-2023-50250 (Cacti is an open source operational
monitoring and fault managem
- cacti <unfixed>
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
CVE-2023-50147 (There is an arbitrary command execution vulnerability in the
setDiagno ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-49792 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
TODO: check
CVE-2023-49791 (Nextcloud Server provides data storage for Nextcloud, an open
source c ...)
TODO: check
CVE-2023-49790 (The Nextcloud iOS Files app allows users of iOS to interact
with Nextc ...)
- TODO: check
+ NOT-FOR-US: Nextcloud iOS Files app
CVE-2023-49391 (An issue was discovered in free5GC version 3.3.0, allows
remote attack ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows
an atta ...)
TODO: check
CVE-2023-49088 (Cacti is an open source operational monitoring and fault
management fr ...)
@@ -95,7 +95,7 @@ CVE-2023-49085 (Cacti provides an operational monitoring and
fault management fr
CVE-2023-48704 (ClickHouse is an open-source column-oriented database
management syste ...)
TODO: check
CVE-2023-48670 (Dell SupportAssist for Home PCs version 3.14.1 and prior
versions cont ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-45957 (A stored cross-site scripting (XSS) vulnerability in the
component adm ...)
TODO: check
CVE-2023-45165 (IBM AIX 7.2 and 7.3 could allow a non-privileged local user to
exploit ...)
@@ -105,11 +105,11 @@ CVE-2023-43741 (A time-of-check-time-of-use race
condition vulnerability in Buil
CVE-2023-43116 (A symbolic link following vulnerability in Buildkite Elastic
CI for AW ...)
TODO: check
CVE-2023-43088 (Dell Client BIOS contains a pre-boot direct memory access
(DMA) vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker
to uplo ...)
NOT-FOR-US: IBM
CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-XXXX [XSS issue fixed in 4.1.13 upstream]
- spip 4.1.13+dfsg-1 (bug #1059331)
[bookworm] - spip <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a21d7bd20f34de184ebe3104a9d193dfbd03b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a21d7bd20f34de184ebe3104a9d193dfbd03b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
