[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
06149314 by Salvatore Bonaccorso at 2023-06-15T11:22:09+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,11 +23,11 @@ CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is 
vulnerable to Cross Site Sc
 CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 
router  ...)
        NOT-FOR-US: adslr VW2100 router
 CVE-2023-2847 (During internal security analysis, a local privilege escalation 
vulner ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in 
Proofpo ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint
 CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI 
in Proof ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint
 CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as 
proble ...)
        NOT-FOR-US: OTCMS
 CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and 
classified as p ...)
@@ -4219,7 +4219,7 @@ CVE-2023-31250 (The file download facility doesn't 
sufficiently sanitize file pa
        - drupal7 <removed>
        NOTE: https://www.drupal.org/sa-core-2023-005
 CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 
family ( ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-31237
        RESERVED
 CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in unFo ...)
@@ -4509,7 +4509,7 @@ CVE-2023-31144 (Craft CMS is a content management system. 
Starting in version 3.
 CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming 
and inte ...)
        NOT-FOR-US: mage-ai
 CVE-2023-31142 (Discourse is an open source discussion platform. Prior to 
version 3.0. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-31141 (OpenSearch is open-source software suite for search, 
analytics, and ob ...)
        NOT-FOR-US: OpenSearch
 CVE-2023-31140 (OpenProject is open source project management software. 
Starting with  ...)
@@ -4585,7 +4585,7 @@ CVE-2023-27881 (A user could use the \u201cUpload 
Resource\u201d functionality t
 CVE-2023-24476 (An attacker with local access to the machine could record the 
traffic, ...)
        NOT-FOR-US: Vuforia
 CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges 
accepts  ...)
-       TODO: check
+       NOT-FOR-US: Netskope
 CVE-2023-2269 (A denial of service problem was found, due to a possible 
recursive loc ...)
        - linux 6.3.7-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
@@ -5221,7 +5221,7 @@ CVE-2023-30903
 CVE-2023-30902
        RESERVED
 CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 
family ( ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-30900
        RESERVED
 CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 
R2 (All  ...)
@@ -5242,7 +5242,7 @@ CVE-2023-2194 (An out-of-bounds write vulnerability was 
found in the Linux kerne
 CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes 
when deaut ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All 
versions < V ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-2192
        RESERVED
 CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository 
azuracast/azu ...)
@@ -5847,7 +5847,7 @@ CVE-2023-30769 (Vulnerability discovered is related to 
the peer-to-peer (p2p) co
        - dogecoin <unfixed> (bug #1034806)
        NOTE: 
https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks
 CVE-2023-30757 (A vulnerability has been identified in Totally Integrated 
Automation P ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-30756
        RESERVED
 CVE-2023-30755
@@ -7464,7 +7464,7 @@ CVE-2023-30181
 CVE-2023-30180
        RESERVED
 CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2023-30178
        RESERVED
 CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An 
attacker  ...)
@@ -7522,7 +7522,7 @@ CVE-2023-30152
 CVE-2023-30151
        RESERVED
 CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL 
Injection ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop leocustomajax
 CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete 
(cityautocomplete ...)
        NOT-FOR-US: PrestaShop module
 CVE-2023-30148
@@ -8764,7 +8764,7 @@ CVE-2023-29564
 CVE-2023-29563
        RESERVED
 CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a 
stack ov ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2023-29561
        RESERVED
 CVE-2023-29560
@@ -9614,51 +9614,51 @@ CVE-2023-29375 (An issue was discovered in Progress 
Sitefinity 13.3 before 13.3.
 CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows 
prompt inj ...)
        NOT-FOR-US: LangChain
 CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code 
Execution Vu ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29366 (Windows Geolocation Service Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code 
Execution Vulner ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege 
Vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29360 (Windows TPM Device Driver Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29359 (GDI Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29356
        RESERVED
 CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service 
Vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-29349
@@ -9668,7 +9668,7 @@ CVE-2023-29348
 CVE-2023-29347
        RESERVED
 CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
@@ -9698,7 +9698,7 @@ CVE-2023-29333 (Microsoft Access Denial of Service 
Vulnerability)
 CVE-2023-29332
        RESERVED
 CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29330
        RESERVED
 CVE-2023-29329
@@ -9708,7 +9708,7 @@ CVE-2023-29328
 CVE-2023-29327
        RESERVED
 CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
@@ -10171,7 +10171,7 @@ CVE-2023-29177
 CVE-2023-29176
        RESERVED
 CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in 
FortiOS  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-29174
        RESERVED
 CVE-2023-29173
@@ -10314,7 +10314,7 @@ CVE-2023-29131
 CVE-2023-29130
        RESERVED
 CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 
compatibl ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 
CC712 ( ...)
        NOT-FOR-US: Siemens
 CVE-2023-29127
@@ -10838,7 +10838,7 @@ CVE-2023-28959 (An Improper Check or Handling of 
Exceptional Conditions vulnerab
 CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions 
from 1. ...)
        - gitlab 15.10.8+ds1-2
 CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers 
are po ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2023-1706
        REJECTED
 CVE-2023-1705
@@ -11403,7 +11403,7 @@ CVE-2023-28831
 CVE-2023-28830
        RESERVED
 CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software 
V14 (Al ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All 
versions < V2 ...)
        NOT-FOR-US: Siemens
 CVE-2023-28827
@@ -12132,7 +12132,7 @@ CVE-2023-28622
 CVE-2023-28621
        RESERVED
 CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Cybe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-28619
        RESERVED
 CVE-2023-28618
@@ -12314,17 +12314,17 @@ CVE-2023-1480 (A vulnerability classified as critical 
was found in SourceCodeste
 CVE-2023-1479 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester Simple Music Player
 CVE-2023-28603 (Zoom VDI client installer  prior to 5.14.0 contains an 
improper access ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper 
verificat ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper 
restricti ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper 
access contr ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection 
vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28598 (Zoom for  Linux clients prior to 5.13.10 contain an HTML 
injection vul ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust 
boundary implem ...)
        NOT-FOR-US: Zoom
 CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 
5.13.5 contai ...)
@@ -13359,7 +13359,7 @@ CVE-2023-28312 (Azure Machine Learning Information 
Disclosure Vulnerability)
 CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting 
Vulnerabilit ...)
        NOT-FOR-US: Microsoft
 CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability)
@@ -13373,7 +13373,7 @@ CVE-2023-28305 (Windows DNS Server Remote Code 
Execution Vulnerability)
 CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
@@ -14247,7 +14247,7 @@ CVE-2023-1331 (The Redirection WordPress plugin before 
1.1.5 does not have CSRF
 CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add 
nonce verif ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-1329 (A potential security vulnerability has been identified for 
certain HP  ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been 
classifie ...)
        NOT-FOR-US: Guizhou 115cms
 CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected 
by an  ...)
@@ -14364,13 +14364,13 @@ CVE-2023-28002
 CVE-2023-28001
        RESERVED
 CVE-2023-28000 (An improper neutralization of special elements used in an OS 
command v ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-27999 (An improper neutralization of special elements used in an OS 
command v ...)
        NOT-FOR-US: FortiGuard
 CVE-2023-27998
        RESERVED
 CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in 
FortiOS versio ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-27996
        RESERVED
 CVE-2023-27995 (A improper neutralization of special elements used in a 
template engin ...)
@@ -15047,9 +15047,9 @@ CVE-2023-27839
 CVE-2023-27838
        RESERVED
 CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2023-27835
        RESERVED
 CVE-2023-27834
@@ -15513,7 +15513,7 @@ CVE-2023-27626
 CVE-2023-27625
        RESERVED
 CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Marc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-27623
        RESERVED
 CVE-2023-27622
@@ -16062,7 +16062,7 @@ CVE-2023-27467
 CVE-2023-27466
        RESERVED
 CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All 
versions >=  ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password 
(Mendix  ...)
        NOT-FOR-US: Siemens
 CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All 
version ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06149314f9fc6746f5693a6fba9f746d547d8c56

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06149314f9fc6746f5693a6fba9f746d547d8c56
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits