[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 03 Jul 2023 13:34:02 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2065428f by Moritz Muehlenhoff at 2023-07-03T22:33:34+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -218,7 +218,7 @@ CVE-2023-37302 (An issue was discovered in 
SiteLinksView.php in Wikibase in Medi
 CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in 
MediaWiki ...)
        NOT-FOR-US: MediaWiki extension WikiBase
 CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the 
CheckUser exten ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an 
image map.)
        NOT-FOR-US: Joplin
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG 
document.)
@@ -242,7 +242,7 @@ CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and 
v0.3.6 was discovere
 CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 
3.1.3683.0 and ...)
        NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows 
attackers t ...)
-       TODO: check
+       - python-pipreqs <itp> (bug #1028550)
 CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has 
been de ...)
        NOT-FOR-US: RocketSoft Rocket LMS
 CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 
2.2. It ...)
@@ -292,9 +292,9 @@ CVE-2023-32613 (Exposure of resource to wrong sphere issue 
exists in WL-WN531AX2
 CVE-2023-32612 (Client-side enforcement of server-side security issue exists 
in WL-WN5 ...)
        NOT-FOR-US: WL-WN531AX2 firmware
 CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community 
Edition and ...)
-       TODO: check
+       NOT-FOR-US: Pleasanter
 CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter 
(Community Edi ...)
-       TODO: check
+       NOT-FOR-US: Pleasanter
 CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in 
Mitsubishi El ...)
        NOT-FOR-US: Mitsubishi
 CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication 
bypass ...)
@@ -330,7 +330,7 @@ CVE-2023-35830 (STW (aka Sensor-Technik Wiedemann) TCG-4 
Connectivity Module Dep
 CVE-2023-34849 (An unauthorized command injection vulnerability exists in the 
ActionLo ...)
        NOT-FOR-US: Ikuai router OS
 CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN 
privileged mode ...)
-       TODO: check
+       NOT-FOR-US: Play With Docker
 CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to 
error-b ...)
        NOT-FOR-US: Property Cloud Platform Management Center
 CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical 
information o ...)
@@ -385,11 +385,11 @@ CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An 
attacker can capture an authe
 CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure 
permission ...)
        NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and 
modules for ...)
-       TODO: check
+       NOT-FOR-US: calamares-nixos-extensions
 CVE-2023-36475 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Node parse-server
 CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band 
interactio ...)
-       TODO: check
+       NOT-FOR-US: Interactsh
 CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a 
crafted ...)
        NOT-FOR-US: Traggo Server
 CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 
4.3.5.8788 webse ...)
@@ -415,7 +415,7 @@ CVE-2023-34647 (PHPgurukl Hostel Management System v.1.0 is 
vulnerable to Cross
 CVE-2023-33661 (Multiple cross-site scripting (XSS) vulnerabilities were 
discovered in ...)
        NOT-FOR-US: Church CRM
 CVE-2023-32610 (Mailform Pro CGI 4.3.1.2 and earlier allows a remote 
unauthenticated a ...)
-       TODO: check
+       NOT-FOR-US: Mailform Pro CGI
 CVE-2023-32224 (D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper 
Restriction o ...)
        NOT-FOR-US: D-Link
 CVE-2023-32223 (D-Link DSL-224 firmware version 3.0.10 allows post 
authentication comm ...)
@@ -449,9 +449,9 @@ CVE-2023-3090 (A heap out-of-bounds write vulnerability in 
the Linux Kernel ipvl
        - linux 6.3.7-1
        NOTE: 
https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
 CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the 
/admin fun ...)
-       TODO: check
+       NOT-FOR-US: NTRIP Professional Caster
 CVE-2023-36467 (AWS data.all is an open source development framework to help 
users bui ...)
-       TODO: check
+       NOT-FOR-US: AWS data.all
 CVE-2023-34937 (A stack overflow in the UpdateSnat function of H3C Magic 
B1STV100R012  ...)
        NOT-FOR-US: H3C
 CVE-2023-34936 (A stack overflow in the UpdateMacClone function of H3C Magic 
B1STV100R ...)
@@ -473,7 +473,7 @@ CVE-2023-34929 (A stack overflow in the AddMacList function 
of H3C Magic B1STV10
 CVE-2023-34928 (A stack overflow in the Edit_BasicSSID function of H3C Magic 
B1STV100R ...)
        NOT-FOR-US: H3C
 CVE-2023-34761 (An unauthenticated attacker within BLE proximity can remotely 
connect  ...)
-       TODO: check
+       NOT-FOR-US: 7-Eleven LED Message Cup
 CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to 
contain a SQL ...)
        NOT-FOR-US: Lost and Found Information System
 CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection 
(SSTI).)
@@ -6897,7 +6897,7 @@ CVE-2023-30957
 CVE-2023-30956
        RESERVED
 CVE-2023-30955 (A security defect was identified in Foundry workspace-server 
that enab ...)
-       TODO: check
+       NOT-FOR-US: Palantir
 CVE-2023-30954
        RESERVED
 CVE-2023-30953
@@ -6915,7 +6915,7 @@ CVE-2023-30948 (A security defect in Foundry's Comments 
functionality resulted i
 CVE-2023-30947
        RESERVED
 CVE-2023-30946 (A security defect was identified in Foundry Issues. If a user 
was adde ...)
-       TODO: check
+       NOT-FOR-US: Palantir
 CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and 
VCD(Video Clip ...)
        NOT-FOR-US: Palantir
 CVE-2023-30944 (The vulnerability was found Moodle which exists due to 
insufficient sa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065428fffa0479ec534b5c6a46404ec349ab7f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065428fffa0479ec534b5c6a46404ec349ab7f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to