[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 21 Nov 2023 12:19:10 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9b3f2996 by Salvatore Bonaccorso at 2023-11-21T21:18:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,13 +43,13 @@ CVE-2023-46377
 CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the 
server. ...)
        NOT-FOR-US: bookstack
 CVE-2023-6178 (An arbitrary file write vulnerability exists where an 
authenticated at ...)
-       TODO: check
+       NOT-FOR-US: Nessus Agent
 CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the 
"user" ...)
        NOT-FOR-US: Dev blog
 CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted 
file up ...)
        NOT-FOR-US: Dev blog
 CVE-2023-6062 (An arbitrary file write vulnerability exists where an 
authenticated, r ...)
-       TODO: check
+       NOT-FOR-US: Nessus
 CVE-2023-5553 (During internal Axis Security Development Model (ASDM) 
threat-modellin ...)
        NOT-FOR-US: AXIS OS
 CVE-2023-5275 (Improper Input Validation vulnerability in simulation function 
of GX W ...)
@@ -57,9 +57,9 @@ CVE-2023-5275 (Improper Input Validation vulnerability in 
simulation function of
 CVE-2023-5274 (Improper Input Validation vulnerability in simulation function 
of GX W ...)
        NOT-FOR-US: Mitsubishi
 CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending 
malformed ...)
-       TODO: check
+       NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4149 (A vulnerability in the web-based management allows an 
unauthenticated  ...)
-       TODO: check
+       NOT-FOR-US: Wago
 CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security 
Standards. ...)
        NOT-FOR-US: TestingPlatform
 CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a 
local att ...)
@@ -67,7 +67,7 @@ CVE-2023-48192 (An issue in TOTOlink A3700R 
v.9.1.2u.6134_B20201202 allows a loc
 CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a 
remote at ...)
        NOT-FOR-US: WebsiteGuide
 CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows 
attackers to dec ...)
-       TODO: check
+       NOT-FOR-US: upydev
 CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary 
telelcomma ...)
        NOT-FOR-US: Yamcs
 CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. 
This aff ...)
@@ -79,7 +79,7 @@ CVE-2023-46471 (Cross Site Scripting vulnerability in Space 
Applications Service
 CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications 
Services Yamc ...)
        NOT-FOR-US: Yamcs
 CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 
allow remote ...)
-       TODO: check
+       NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS
 CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated 
users en ...)
        NOT-FOR-US: Red Lion
 CVE-2023-40151 (When user authentication is not enabled the shell can execute 
commands ...)
@@ -133,7 +133,7 @@ CVE-2023-4808 (The WP Post Popup WordPress plugin through 
3.7.3 does not sanitis
 CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not 
validate and e ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` 
applicati ...)
-       TODO: check
+       NOT-FOR-US: NextAuth.js
 CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the 
loading of  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the 
administr ...)
@@ -181,19 +181,19 @@ CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions 
allow a local attacker
 CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker 
get co ...)
        NOT-FOR-US: OpenHarmony
 CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site 
request ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in 
the Commun ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic 
has a bro ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic 
allows re ...)
-       TODO: check
+       NOT-FOR-US: OpenSIS
 CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 
v.1.0, AC ...)
        NOT-FOR-US: Tenda
 CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
@@ -279,7 +279,7 @@ CVE-2023-48017 (Dreamer_cms 4.1.3 is vulnerable to Cross 
Site Request Forgery (C
 CVE-2023-46745 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
        NOT-FOR-US: LibreNMS
 CVE-2023-46402 (git-urls version 1.0.1 is vulnerable to ReDOS (Regular 
Expression Deni ...)
-       TODO: check
+       NOT-FOR-US: git-urls
 CVE-2023-44796 (Cross Site Scripting (XSS) vulnerability in LimeSurvey before 
version  ...)
        - limesurvey <itp> (bug #472802)
 CVE-2023-43177 (CrushFTP prior to 10.5.1 is vulnerable to Improperly 
Controlled Modifi ...)
@@ -67556,11 +67556,11 @@ CVE-2022-3863 (Use after free in Browser History in 
Google Chrome prior to 100.0
        - chromium 100.0.4896.75-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-21418 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has 
found that ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21417 (Sandro Poppi, member of the AXIS OS Bug Bounty Program,  has 
found tha ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21416 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has 
found that ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has 
found that ...)
        NOT-FOR-US: AXIS OS
 CVE-2023-21414 (NCC Group has found a flaw during the annual internal 
penetration test ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b3f29963ff8febca79a50c15be157a59dc0d2b6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b3f29963ff8febca79a50c15be157a59dc0d2b6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to