[Git][security-tracker-team/security-tracker][master] 2 commits: Process some more NFUs

Salvatore Bonaccorso (@carnil) Tue, 23 May 2023 03:31:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d1f185a by Salvatore Bonaccorso at 2023-05-23T12:31:24+02:00
Process some more NFUs

- - - - -
dae66a11 by Salvatore Bonaccorso at 2023-05-23T12:31:25+02:00
Add CVE-2023-25440/civicrm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14413,7 +14413,7 @@ CVE-2023-27070 (A stored cross-site scripting (XSS) 
vulnerability in TotalJS Ope
 CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS 
OpenPlatf ...)
        NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27068 (Deserialization of Untrusted Data in Sitecore Experience 
Platform thro ...)
-       TODO: check
+       NOT-FOR-US: Sitecore
 CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience 
Platform thro ...)
        NOT-FOR-US: Sitecore
 CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience 
Platform 10. ...)
@@ -19141,7 +19141,7 @@ CVE-2023-25442 (Auth. (admin+) Stored Cross-site 
Scripting (XSS) vulnerability i
 CVE-2023-25441
        RESERVED
 CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add 
contact fun ...)
-       TODO: check
+       - civicrm <unfixed>
 CVE-2023-25439
        RESERVED
 CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows 
remote at ...)
@@ -24079,9 +24079,9 @@ CVE-2023-23696 (Dell Command Intel vPro Out of Band, 
versions prior to 4.3.1, co
 CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains 
a broken ...)
        NOT-FOR-US: Dell
 CVE-2023-23694 (Dell VxRail versions earlier than 7.0.450, contain(s) an OS 
command in ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-23693 (Dell VxRail, versions prior to 7.0.450, contains an OS command 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command 
injection  ...)
        NOT-FOR-US: EMC
 CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, 
contains a Clie ...)
@@ -29919,15 +29919,15 @@ CVE-2022-47891
 CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 
2.0.0 up  ...)
        NOT-FOR-US: Sewio
 CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in 
initial de ...)
-       TODO: check
+       NOT-FOR-US: Dataprobe
 CVE-2022-47311 (A proprietary protocol for iBoot devices is used for control 
and keepa ...)
-       TODO: check
+       NOT-FOR-US: Dataprobe
 CVE-2022-46738 (The affected product exposes multiple sensitive data fields of 
the aff ...)
-       TODO: check
+       NOT-FOR-US: Dataprobe
 CVE-2022-46733 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 
2.0.0 up  ...)
        NOT-FOR-US: Sewio
 CVE-2022-46658 (The affected product is vulnerable to a stack-based buffer 
overflow wh ...)
-       TODO: check
+       NOT-FOR-US: Dataprobe
 CVE-2022-4634 (All versions prior to Delta Electronic\u2019s CNCSoft version 
1.01.34  ...)
        NOT-FOR-US: Delta Electronics
 CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and 
classi ...)
@@ -40551,7 +40551,7 @@ CVE-2022-44741 (Cross-Site Request Forgery (CSRF) 
vulnerability leading to Cross
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in 
Creative ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in 
ThingsForRestaurant ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44738
        RESERVED
 CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities 
inAll-In-One Secur ...)
@@ -211187,7 +211187,7 @@ CVE-2020-20014
 CVE-2020-20013
        RESERVED
 CVE-2020-20012 (WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access 
Control.)
-       TODO: check
+       NOT-FOR-US: WebPlus Pro
 CVE-2020-20011
        RESERVED
 CVE-2020-20010



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37c9243b60ee472d7c0df765e2b5f6847f3a190f...dae66a11426bf68bac993b481e2670125bea7d3f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37c9243b60ee472d7c0df765e2b5f6847f3a190f...dae66a11426bf68bac993b481e2670125bea7d3f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some more NFUs

Reply via email to