[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sat, 10 Jun 2023 08:56:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
794a40e8 by Salvatore Bonaccorso at 2023-06-10T17:56:06+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17952,7 +17952,7 @@ CVE-2023-26467 (A man in the middle can redirect 
traffic to a malicious server i
 CVE-2023-26466 (A user with non-Admin access can change a configuration file 
on the cl ...)
        NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS 
issue.)
-       TODO: check
+       NOT-FOR-US: Pega Platform
 CVE-2023-25944
        RESERVED
 CVE-2023-25779
@@ -18383,7 +18383,7 @@ CVE-2023-0956
 CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape 
a param ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 
Dome and ...)
-       TODO: check
+       NOT-FOR-US: Sensormatic Electronics Illustra Pro
 CVE-2023-0953 (Insufficient input sanitization in the documentation feature of 
Devolu ...)
        NOT-FOR-US: Devolutions Server
 CVE-2023-0952 (Improper access controls on entries in Devolutions Server  
2022.3.12 a ...)
@@ -20679,9 +20679,9 @@ CVE-2015-10077 (A vulnerability was found in 
webbuilders-group silverstripe-kapo
 CVE-2023-25612
        RESERVED
 CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and 
prior are  v ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and 
prior are  v ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions 
before 1 ...)
        - gitlab <unfixed>
 CVE-2023-0755 (The affected products are vulnerable to an improper validation 
of arra ...)
@@ -20962,11 +20962,11 @@ CVE-2023-0712 (The Wicked Folders plugin for 
WordPress is vulnerable to authoriz
 CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to 
authorization ...)
        NOT-FOR-US: Wicked Folders plugin for WordPress
 CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate 
Genera ...)
        NOT-FOR-US: SourceCodester
 CVE-2023-0706 (A vulnerability, which was classified as critical, has been 
found in S ...)
@@ -21106,21 +21106,21 @@ CVE-2023-0696 (Type confusion in V8 in Google Chrome 
prior to 110.0.5481.77 allo
        - chromium 110.0.5481.77-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue 
where w ...)
        NOT-FOR-US: HashiCorp Boundary
 CVE-2023-0689
        RESERVED
 CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress
 CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has 
been rat ...)
        NOT-FOR-US: XpressEngine
 CVE-2023-25498
@@ -23919,7 +23919,7 @@ CVE-2023-24512 (On affected platforms running Arista 
EOS, an authorized attacker
 CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, 
a speci ...)
        NOT-FOR-US: Arista
 CVE-2023-24510 (On the affected platforms running EOS, a malformed DHCP packet 
might c ...)
-       TODO: check
+       NOT-FOR-US: Arista
 CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with 
both re ...)
        NOT-FOR-US: Arista
 CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and 
Nova 246  ...)
@@ -26689,7 +26689,7 @@ CVE-2023-23586 (Due to a vulnerability in the io_uring 
subsystem, it is possible
 CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable 
to Cross ...)
        NOT-FOR-US: Quiz And Survey Master plugin for WordPress
 CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to 
authorizatio ...)
-       TODO: check
+       NOT-FOR-US: Quiz And Survey Master for WordPress
 CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID 
parameter  ...)
        NOT-FOR-US: Rapid7
 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository 
craigk5n/webc ...)
@@ -34182,7 +34182,7 @@ CVE-2022-4571 (The Seriously Simple Podcasting 
WordPress plugin before 2.19.1 do
 CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and 
escape  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4569 (A local privilege escalation vulnerability in the ThinkPad 
Hybrid USB- ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2022-4568 (A directory permissions management vulnerability in Lenovo 
System Upda ...)
        NOT-FOR-US: Lenovo
 CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr 
prior to  ...)
@@ -36660,9 +36660,9 @@ CVE-2022-4335 (A blind SSRF vulnerability was 
identified in all versions of GitL
 CVE-2022-4334
        REJECTED
 CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of 
Sprecher A ...)
-       TODO: check
+       NOT-FOR-US: Sprecher Automation
 CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x 
avulnera ...)
-       TODO: check
+       NOT-FOR-US: Sprecher Automation
 CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not 
sanitise and ...)
@@ -36690,9 +36690,9 @@ CVE-2023-21672
 CVE-2023-21671
        RESERVED
 CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command 
execution  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action 
frame to  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21668
        RESERVED
 CVE-2023-21667
@@ -36708,17 +36708,17 @@ CVE-2023-21663
 CVE-2023-21662
        RESERVED
 CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response 
frame.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information 
Elements.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21659 (Transient DOS in WLAN Firmware while processing frames with 
missing he ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21658 (Transient DOS in WLAN Firmware while processing the received 
beacon or ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record 
use cas ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event 
from firmw ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21655
        RESERVED
 CVE-2023-21654
@@ -36766,7 +36766,7 @@ CVE-2023-21634
 CVE-2023-21633
        RESERVED
 CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl 
memory node.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21631
        RESERVED
 CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer 
overflow when ...)
@@ -36774,7 +36774,7 @@ CVE-2023-21630 (Memory Corruption in Multimedia 
Framework due to integer overflo
 CVE-2023-21629
        RESERVED
 CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command 
or FTM  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2023-21627
        RESERVED
 CVE-2023-21626



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a40e843991c6cc2e5c6b0dac416f2c4cdaecd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a40e843991c6cc2e5c6b0dac416f2c4cdaecd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to