[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 21 Aug 2023 13:19:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b48c1f4b by Salvatore Bonaccorso at 2023-08-21T22:18:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used 
for cach ...)
        TODO: check
 CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository 
wallabag/wallab ...)
-       TODO: check
+       NOT-FOR-US: Wallabag
 CVE-2023-4454 (Cross-Site Request Forgery (CSRF) in GitHub repository 
wallabag/wallab ...)
-       TODO: check
+       NOT-FOR-US: Wallabag
 CVE-2023-4453 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
pimcore/pi ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2023-4417 (Improper access controls in the entry duplication component in 
Devolut ...)
-       TODO: check
+       NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-4373 (Inadequate validation of permissions when employing remote 
tools and m ...)
-       TODO: check
+       NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-40735 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        TODO: check
 CVE-2023-40352 (McAfee Safe Connect before 2.16.1.126 may allow an adversary 
with syst ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2023-40068 (Cross-site scripting vulnerability in Advanced Custom Fields 
versions  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-3954 (The MultiParcels Shipping For WooCommerce WordPress plugin 
before 1.15 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-3936 (The Blog2Social WordPress plugin before 7.2.1 does not sanitise 
and es ...)
@@ -29,17 +29,17 @@ CVE-2023-3481 (Critters versions 0.0.17-0.0.19 have an 
issue when parsing the HT
 CVE-2023-3366 (The MultiParcels Shipping For WooCommerce WordPress plugin 
before 1.15 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-39939 (SQL injection vulnerability in LuxCal Web Calendar prior to 
5.2.3M (My ...)
-       TODO: check
+       NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-39660 (An issue in Gaberiele Venturi pandasai v.0.8.0 and before 
allows a rem ...)
        TODO: check
 CVE-2023-39543 (Cross-site scripting vulnerability in LuxCal Web Calendar 
prior to 5.2 ...)
-       TODO: check
+       NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-39106 (An issue in Nacos Group Nacos Spring Project v.1.1.1 and 
before allows ...)
-       TODO: check
+       NOT-FOR-US: Nacos Group Nacos Spring Project
 CVE-2023-39094 (Cross Site Scripting vulnerability in ZeroWdd studentmanager 
v.1.0 all ...)
-       TODO: check
+       NOT-FOR-US: ZeroWdd studentmanager
 CVE-2023-39061 (Cross Site Request Forgery (CSRF) vulnerability in Chamilo 
v.1.11 thru ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2023-38976 (An issue in weaviate v.1.20.0 allows a remote attacker to 
cause a deni ...)
        TODO: check
 CVE-2023-38961 (Buffer Overflwo vulnerability in JerryScript Project 
jerryscript v.3.0 ...)
@@ -47,15 +47,15 @@ CVE-2023-38961 (Buffer Overflwo vulnerability in 
JerryScript Project jerryscript
 CVE-2023-38899 (SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows 
a local ...)
        TODO: check
 CVE-2023-38836 (File Upload vulnerability in BoidCMS v.2.0.0 allows a remote 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: BoidCMS
 CVE-2023-38158 (Microsoft Edge (Chromium-based) Information Disclosure 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-38035 (A security vulnerability in MICS Admin Portal in Ivanti 
MobileIron Sen ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-36787 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-31447 (user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 
(and on all ...)
-       TODO: check
+       NOT-FOR-US: Draytek Vigor2620 devices
 CVE-2023-4459 (A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup 
in dri ...)
        - linux 5.17.11-1
        [bullseye] - linux 5.10.120-1
@@ -199834,7 +199834,7 @@ CVE-2020-28717 (Cross Site Scripting (XSS) 
vulnerability in content1 parameter i
 CVE-2020-28716
        RESERVED
 CVE-2020-28715 (An issue was discovered in kdmserver service in LeEco LeTV X43 
version ...)
-       TODO: check
+       NOT-FOR-US: LeEco LeTV X43
 CVE-2020-28714
        RESERVED
 CVE-2020-28713 (Incorrect access control in push notification service in Night 
Owl Sma ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48c1f4b3b0b532def0e84936f42da33d203f629

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48c1f4b3b0b532def0e84936f42da33d203f629
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to