[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 31 May 2023 08:54:36 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7d4dc504 by Moritz Muehlenhoff at 2023-05-31T17:53:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2023-33962 (JStachio is a  type-safe Java Mustache templating engine. 
Prior to ver ...)
-       TODO: check
+       NOT-FOR-US: JStachio
 CVE-2023-33961 (Leantime is a lean open source project management system. 
Starting in  ...)
-       TODO: check
+       NOT-FOR-US: Leantime
 CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password 
when shar ...)
-       TODO: check
+       NOT-FOR-US: Macrovideo
 CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers 
to access ...)
-       TODO: check
+       NOT-FOR-US: luowice
 CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection 
vulnerability v ...)
-       TODO: check
+       NOT-FOR-US: BlueCMS
 CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 
3.0.0 a ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive 
informatio ...)
        NOT-FOR-US: IBM
 CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
-       TODO: check
+       NOT-FOR-US: phpmyfaq
 CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
-       TODO: check
+       NOT-FOR-US: phpmyfaq
 CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization 
bypass ...)
        NOT-FOR-US: Wordapp plugin for WordPress
 CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 
3.6.0 to 3 ...)
@@ -27,7 +27,7 @@ CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 
to 4.0.5 and 3.6.0
 CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to 
Stored Cross ...)
        NOT-FOR-US: CRM Perks Forms plugin for WordPress
 CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in 
the Ub ...)
-       TODO: check
+       NOT-FOR-US: shiftfs (part of Ubuntu kernels, not not upstream)
 CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to 
Cross-Sit ...)
        NOT-FOR-US: Feather Login Page plugin for WordPress
 CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to 
unauthori ...)
@@ -41,11 +41,11 @@ CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is 
vulnerable to Local File
 CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to 
unauthorized lo ...)
        NOT-FOR-US: Nested Pages plugin for WordPress
 CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ 
Plugin up  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 
1.3.2 on ...)
-       TODO: check
+       NOT-FOR-US: Twitter plugin
 CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 
2.14 on  ...)
-       TODO: check
+       NOT-FOR-US: Twitter plugin
 CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) 
devices, con ...)
        NOT-FOR-US: RIOT-OS
 CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) 
devices, con ...)
@@ -53,7 +53,7 @@ CVE-2023-33974 (RIOT-OS, an operating system for Internet of 
Things (IoT) device
 CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) 
devices, con ...)
        NOT-FOR-US: RIOT-OS
 CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: NanoMQ
 CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes 
provider ve ...)
        NOT-FOR-US: Apache Airflow CNCF Kubernetes provider
 CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
@@ -65,13 +65,13 @@ CVE-2023-32699 (MeterSphere is an open source continuous 
testing platform. Versi
 CVE-2023-32696 (CKAN is an open-source data management system for powering 
data hubs a ...)
        NOT-FOR-US: CKAN
 CVE-2023-32689 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Node parse-server
 CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for 
running  ...)
-       TODO: check
+       NOT-FOR-US: Lima
 CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains 
License Key St ...)
-       TODO: check
+       NOT-FOR-US: PowerPath
 CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL 
Redirection  ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2023-2994
        REJECTED
 CVE-2023-2985 [fs: hfsplus: fix UAF issue in hfsplus_put_super]
@@ -80,17 +80,17 @@ CVE-2023-2985 [fs: hfsplus: fix UAF issue in 
hfsplus_put_super]
        [buster] - linux 4.19.282-1
        NOTE: 
https://git.kernel.org/linus/07db5e247ab5858439b14dd7cc1fe538b9efcf32 (6.3-rc1)
 CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository 
pimcore/pimcore pr ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository 
pimcore/pim ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-2981 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium 
Pydio Cel ...)
-       TODO: check
+       NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2979 (A vulnerability classified as critical has been found in 
Abstrium Pydi ...)
-       TODO: check
+       NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has 
been r ...)
-       TODO: check
+       NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2977
        - opensc <unfixed>
        NOTE: https://github.com/OpenSC/OpenSC/issues/2785



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4dc504df1ff7942a119d480cae619b727aefbf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4dc504df1ff7942a119d480cae619b727aefbf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to