[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 06 Sep 2023 14:23:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38a1a571 by Salvatore Bonaccorso at 2023-09-06T23:22:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2023-4622 (A use-after-free vulnerability in the Linux 
kernel's af_unix comp
 CVE-2023-4621
        REJECTED
 CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in 
Deline ...)
-       TODO: check
+       NOT-FOR-US: Delinea Secret Server
 CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in 
its v10. ...)
-       TODO: check
+       NOT-FOR-US: Delinea Secret Server
 CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated 
access ...)
        NOT-FOR-US: Tenda
 CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: 
nf_tab ...)
@@ -31,81 +31,81 @@ CVE-2023-4206 (A use-after-free vulnerability in the Linux 
kernel's net/sched: c
        [bullseye] - linux 5.10.191-1
        NOTE: 
https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
 CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in 
install/index.p ...)
-       TODO: check
+       NOT-FOR-US: CSZ CMS
 CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, 
snapshot or PD ...)
        TODO: check
 CVE-2023-41328 (Frappe is a low code web framework written in Python and 
Javascript. A ...)
-       TODO: check
+       NOT-FOR-US: Frappe Framework
 CVE-2023-41319 (Fides is an open-source privacy engineering platform for 
managing the  ...)
        TODO: check
 CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a 
cross-site scrip ...)
-       TODO: check
+       NOT-FOR-US: F-RevoCRM
 CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command 
injecti ...)
-       TODO: check
+       NOT-FOR-US: F-RevoCRM
 CVE-2023-41050 (AccessControl provides a general security framework for use in 
Zope. P ...)
        TODO: check
 CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Estatik  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation 
of the E ...)
        TODO: check
 CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Greg ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Blog2Soc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Plausibl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Gurc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer 
AX6000(JP)_V1_1.3.0 B ...)
-       TODO: check
+       NOT-FOR-US: Archer AX6000 firmware
 CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent 
authenticated attac ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPZe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Carr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 
2023061 ...)
-       TODO: check
+       NOT-FOR-US: Deco M4 firmware
 CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Ujwo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer 
C5400(JP)_V2_230506' a ...)
-       TODO: check
+       NOT-FOR-US: Archer C5400 firmware
 CVE-2023-39511 (Cacti is an open source operational monitoring and fault 
management fr ...)
        TODO: check
 CVE-2023-39265 (Apache Superset would allow for SQLite database connections to 
be inco ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-39264 (By default, stack traces for errors were enabled, which 
resulted in th ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware 
versions prior  ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer 
C3150(JP)_V2_230511' a ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer 
A10(JP)_V2_230504' allow ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer 
C1200(JP)_V2_230508' a ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-38486 (A vulnerability in the secure boot implementation on 
affectedAruba 920 ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 
and 900 ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 
and 900 ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2023-37941 (If an attacker gains write access to the Apache Superset 
metadata data ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent 
unauthenticated att ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2023-36388 (Improper REST API permission in Apache Superset up to and 
including 2. ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-36387 (An improper default REST API permission for Gamma users in 
Apache Supe ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset 
versions ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer 
C50(JP)_V3_230505' and A ...)
-       TODO: check
+       NOT-FOR-US: Archer
 CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent 
authenticated attac ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 
1.1 and ea ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Frugal Te ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a1a571bffbaa216408599af7e341c07bb41dea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a1a571bffbaa216408599af7e341c07bb41dea
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to