[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sun, 02 Jul 2023 00:21:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
47d87ec6 by Salvatore Bonaccorso at 2023-07-02T09:20:52+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,11 +109,11 @@ CVE-2020-36736 (The WooCommerce Checkout & Funnel Builder 
by CartFlows plugin fo
 CVE-2020-36735 (The WP ERP | Complete HR solution with recruitment & job 
listings | Wo ...)
        NOT-FOR-US: WP ERP | Complete HR solution with recruitment & job 
listings | WooCommerce CRM & Accounting plugin for WordPress
 CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 
1.20 o ...)
-       TODO: check
+       NOT-FOR-US: Temporal Server
 CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
hestiacp/h ...)
-       TODO: check
+       NOT-FOR-US: Hestia Control Panel
 CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 
4.5.5. Aff ...)
-       TODO: check
+       NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M 
argument is a ...)
        TODO: check
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows 
JavaScript injec ...)
@@ -121,7 +121,7 @@ CVE-2023-37360 (pacparser_find_proxy in Pacparser before 
1.4.2 allows JavaScript
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly 
sanitized in  ...)
        NOT-FOR-US: MISP
 CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions 
in serve ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread 
Page) exte ...)
        NOT-FOR-US: MediaWiki extension ProofreadPage
 CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for 
MediaWiki thro ...)
@@ -153,9 +153,9 @@ CVE-2023-35176 (Certain HP LaserJet Pro print products are 
potentially vulnerabl
 CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially 
vulnerable to P ...)
        NOT-FOR-US: HP
 CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was 
discovered to c ...)
-       TODO: check
+       NOT-FOR-US: angular-ui-notification
 CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 
3.1.3683.0 and ...)
-       TODO: check
+       NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows 
attackers t ...)
        TODO: check
 CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has 
been de ...)
@@ -265,7 +265,7 @@ CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated 
users with access to
 CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 
3.1.3683.0 and ...)
        NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-33190 (Sealos is an open source cloud operating system distribution 
based on  ...)
-       TODO: check
+       NOT-FOR-US: Sealos
 CVE-2023-XXXX [Heap overwrite in PGS subtitle overlay decoder]
        - gst-plugins-bad1.0 1.22.4-1
        [bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
@@ -293,17 +293,17 @@ CVE-2023-XXXX [Heap overwrite in subtitle parsing]
 CVE-2023-3447 (The Active Directory Integration / LDAP Integration plugin for 
WordPre ...)
        NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for 
WordPress
 CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Honeywell
 CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure 
permission ...)
        NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and 
modules for ...)
        TODO: check
 CVE-2023-36475 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Node parse-server
 CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band 
interactio ...)
        TODO: check
 CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a 
crafted ...)
-       TODO: check
+       NOT-FOR-US: Traggo Server
 CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 
4.3.5.8788 webse ...)
        NOT-FOR-US: MCL-Net
 CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 
1.3 is a ...)
@@ -390,7 +390,7 @@ CVE-2023-33592 (Lost and Found Information System v1.0 was 
discovered to contain
 CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection 
(SSTI).)
        NOT-FOR-US: Bagisto
 CVE-2023-2625 (A vulnerability exists that can be exploited by an 
authenticated clien ...)
-       TODO: check
+       NOT-FOR-US: ABB CoreTec
 CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" 
field is ...)
        TODO: check
 CVE-2023-3428 [heap-buffer-overflow in coders/tiff.c]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d87ec6a5c3bca94f09eb695bbdd2318bb9cbbc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d87ec6a5c3bca94f09eb695bbdd2318bb9cbbc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to