[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c02bba9 by Moritz Mühlenhoff at 2023-08-03T10:17:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2023-36858 (An insufficient verification of data 
vulnerability exists in BIG
 CVE-2023-36494 (Audit logs on F5OS-A may contain undisclosed sensitive 
information. No ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2023-36081 (Cross Site Scripting vulnerability in GatesAIr Flexiva FM 
Transmitter/ ...)
-       TODO: check
+       NOT-FOR-US: GatesAIr Flexiva FM Transmitter
 CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an 
attacker to  ...)
        NOT-FOR-US: Shelly 4PM Pro four-channel smart switch
 CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable 
to HTML  ...)
@@ -24675,33 +24675,33 @@ CVE-2023-26453
 CVE-2023-26452
        RESERVED
 CVE-2023-26451 (Functions with insufficient randomness were used to generate 
authoriza ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26450 (The "OX Count" web service did not specify a media-type when 
processin ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26449 (The "OX Chat" web service did not specify a media-type when 
processing ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26448 (Custom log-in and log-out locations are used-defined as jslob 
but were ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26447 (The "upsell" widget for the portal allows to specify a product 
descrip ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26446 (The users clientID at "application passwords" was not 
sanitized or esc ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26445 (Frontend themes are defined by user-controllable jslob 
settings and co ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26444
        RESERVED
 CVE-2023-26443 (Full-text autocomplete search allows user-provided SQL syntax 
to be in ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26442 (In case Cacheservice was configured to use a sproxyd 
object-storage ba ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26441 (Cacheservice did not correctly check if relative cache object 
were poi ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26440 (The cacheservice API could be abused to indirectly inject 
parameters w ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26439 (The cacheservice API could be abused to inject parameters with 
SQL syn ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26438 (External service lookups for a number of protocols were 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows 
authoritat ...)
        - pdns-recursor 4.8.4-1 (bug #1033941)
        [bullseye] - pdns-recursor <no-dsa> (Minor issue)
@@ -24723,7 +24723,7 @@ CVE-2023-26432 (When adding an external mail account, 
processing of SMTP "capabi
 CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" 
by the co ...)
        NOT-FOR-US: OX App Suite
 CVE-2023-26430 (Attackers with access to user accounts can inject arbitrary 
control ch ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2023-26429 (Control characters were not removed when exporting user 
feedback conte ...)
        NOT-FOR-US: OX App Suite
 CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, 
including E- ...)
@@ -24949,9 +24949,9 @@ CVE-2023-26319
 CVE-2023-26318
        RESERVED
 CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that 
could allow ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service 
Application pro ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2023-26315
        RESERVED
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -44281,9 +44281,9 @@ CVE-2022-46487
 CVE-2022-46486
        RESERVED
 CVE-2022-46485 (Data Illusion Survey Software Solutions ngSurvey version 
2.4.28 and be ...)
-       TODO: check
+       NOT-FOR-US: ngSurvey
 CVE-2022-46484 (Information disclosure in password protected surveys in Data 
Illusion  ...)
-       TODO: check
+       NOT-FOR-US: ngSurvey
 CVE-2022-46483
        RESERVED
 CVE-2022-46482



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c02bba9e44c1f9c9035851a330de5c8d8fa6681
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits