[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 14 Aug 2023 13:32:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3be41217 by Salvatore Bonaccorso at 2023-08-14T22:31:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2
        NOTE: 
https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd
        NOTE: https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd
 CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository 
cockpit-hq/co ...)
-       TODO: check
+       NOT-FOR-US: Cockpit CMS
 CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in 
nvme_directive_receive i ...)
        - qemu <unfixed>
        [bookworm] - qemu <not-affected> (Vulnerable code intoduced later)
@@ -16,9 +16,9 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting for 
character-set name
 CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A 
user ent ...)
        TODO: check
 CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with 
unsaniti ...)
-       TODO: check
+       NOT-FOR-US: OpenMNS
 CVE-2023-40311 (Multiple stored XSS were found on different JSP files with 
unsanitized ...)
-       TODO: check
+       NOT-FOR-US: OpenMNS
 CVE-2023-40024 (ScanCode.io is a server to script and automate software 
composition an ...)
        TODO: check
 CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. 
The Yak  ...)
@@ -26,23 +26,23 @@ CVE-2023-40023 (yaklang is a programming language designed 
for cybersecurity. Th
 CVE-2023-40020 (PrivateUploader is an open source image hosting server written 
in Vue  ...)
        TODO: check
 CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 
2.2.0 doe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3601 (The Simple Author Box WordPress plugin before 2.52 does not 
verify a u ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not 
correctly ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse 
ESET\u2019s ...)
        TODO: check
 CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does 
not proper ...)
        TODO: check
 CVE-2023-39293 (A Command Injection vulnerability has been identified in the 
MiVoice O ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2023-39292 (A SQL Injection vulnerability has been identified in the 
MiVoice Offic ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is 
vulnerable to a d ...)
        NOT-FOR-US: IBM
 CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for 
i conta ...)
@@ -50,19 +50,19 @@ CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product 
Facsimile Support for i
 CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection 
vulnerabil ...)
        TODO: check
 CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to 
Cross S ...)
-       TODO: check
+       NOT-FOR-US: Code Projects Hospital Information System
 CVE-2023-33013 (A post-authentication command injection vulnerability in the 
NTP featu ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect 
through 19.3 S ...)
        TODO: check
 CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 
3.1.29  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 
3.1.29  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise 
and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 
does not f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-39950
        - efibootguard <unfixed>
        NOTE: 
https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414
 (v0.15)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be41217b0c6d833afe5415657c9d96072aeceec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be41217b0c6d833afe5415657c9d96072aeceec
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to