[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 04 Aug 2023 22:57:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9637067f by Salvatore Bonaccorso at 2023-08-05T07:56:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository o ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository 
omeka/omeka-s ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-4157 (Improper Input Validation in GitHub repository omeka/omeka-s 
prior to  ...)
-       TODO: check
+       NOT-FOR-US: omeka-s
 CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual 
nvme de ...)
        TODO: check
 CVE-2023-39552 (PHPGurukul Online Security Guards Hiring System v.1.0 is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive 
informa ...)
-       TODO: check
+       NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM)
 CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. 
A SQL in ...)
-       TODO: check
+       NOT-FOR-US: social-media-skeleton
 CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to 
path trave ...)
-       TODO: check
+       NOT-FOR-US: PaperCut
 CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion 
vulnerability in th ...)
-       TODO: check
+       NOT-FOR-US: ECShop
 CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free 
Edition an ...)
        TODO: check
 CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a 
cross-site s ...)
-       TODO: check
+       NOT-FOR-US: Creative Item Academy LMS
 CVE-2023-38707
        REJECTED
 CVE-2023-38702 (Knowage is an open source analytics and business intelligence 
suite. S ...)
-       TODO: check
+       NOT-FOR-US: Knowage
 CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. 
Prior to ver ...)
        TODO: check
 CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any 
AI/ML m ...)
        TODO: check
 CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and 
extensible nam ...)
-       TODO: check
+       NOT-FOR-US: Ethereum Name Service (ENS)
 CVE-2023-38697 (protocol-http1 provides a low-level implementation of the 
HTTP/1 proto ...)
        TODO: check
 CVE-2023-38696
@@ -53,9 +53,9 @@ CVE-2023-38686 (Sydent is an identity server for the Matrix 
communications proto
 CVE-2023-38494 (MeterSphere is an open-source continuous testing platform. 
Prior to ve ...)
        TODO: check
 CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative 
markdown not ...)
-       TODO: check
+       NOT-FOR-US: HedgeDoc
 CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow 
authenticated user ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a 
security  ...)
        TODO: check
 CVE-2023-37470 (Metabase is an open-source business intelligence and analytics 
platfor ...)
@@ -63,9 +63,9 @@ CVE-2023-37470 (Metabase is an open-source business 
intelligence and analytics p
 CVE-2023-36480 (The Aerospike Java client is a Java application that 
implements a netw ...)
        TODO: check
 CVE-2023-34038 (VMware Horizon Server contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling 
vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their 
MQTT bro ...)
        TODO: check
 CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection 
vulnerability  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9637067f311fb2d7fbf5a08ec4397cde2b42bb9f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9637067f311fb2d7fbf5a08ec4397cde2b42bb9f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to