[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Tue, 21 Nov 2023 12:41:27 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
036fa37f by Salvatore Bonaccorso at 2023-11-21T21:40:42+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-6235 (An uncontrolled search path element vulnerability has been 
found in th ...)
-       TODO: check
+       NOT-FOR-US: Duet Display for Windows
 CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs 
showed e ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
@@ -59,13 +59,13 @@ CVE-2023-6204 (On some systems\u2014depending on the 
graphics settings and drive
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204
 CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable 
to Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 
3DDashboar ...)
-       TODO: check
+       NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 
3DSwym  ...)
-       TODO: check
+       NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5055 (Possible variant of CVE-2021-3434 in function 
le_ecred_reconf_req.)
-       TODO: check
+       NOT-FOR-US: zephyr-rtos
 CVE-2023-49061 (An attacker could have performed HTML template injection via 
Reader Mo ...)
        TODO: check
 CVE-2023-49060 (An attacker could have accessed internal pages or data by 
ex-filtratin ...)
@@ -73,9 +73,9 @@ CVE-2023-49060 (An attacker could have accessed internal 
pages or data by ex-fil
 CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 
1.14.0, d ...)
        TODO: check
 CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a 
remote atta ...)
-       TODO: check
+       NOT-FOR-US: SUP Online Shopping
 CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software 
applicat ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2023-46377
        REJECTED
 CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the 
server. ...)
@@ -35198,7 +35198,7 @@ CVE-2023-28804 (An Improper Verification of 
Cryptographic Signature vulnerabilit
 CVE-2023-28803 (An authentication bypass by spoofing of a device with a 
synthetic IP a ...)
        NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler 
Client Conn ...)
-       TODO: check
+       NOT-FOR-US: Zscaler Client Connector on Windows
 CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the 
SAML authen ...)
        NOT-FOR-US: Zscaler
 CVE-2023-28800 (When using local accounts for administration, the redirect url 
paramet ...)
@@ -54982,7 +54982,7 @@ CVE-2023-22523
 CVE-2023-22522
        RESERVED
 CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability 
was intro ...)
-       TODO: check
+       NOT-FOR-US: Crowd Data Center and Server
 CVE-2023-22520
        RESERVED
 CVE-2023-22519
@@ -54992,7 +54992,7 @@ CVE-2023-22518 (All versions of Confluence Data Center 
and Server are affected b
 CVE-2023-22517
        RESERVED
 CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability 
was intro ...)
-       TODO: check
+       NOT-FOR-US: Bamboo Data Center and Server
 CVE-2023-22515 (Atlassian has been made aware of an issue reported by a 
handful of cus ...)
        NOT-FOR-US: Atlassian
 CVE-2023-22514
@@ -71901,11 +71901,11 @@ CVE-2023-20276
 CVE-2023-20275
        RESERVED
 CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics 
PHP Agent ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software 
could a ...)
        NOT-FOR-US: Cisco
 CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20271
        RESERVED
 CVE-2023-20270 (A vulnerability in the interaction between the Server Message 
Block (S ...)
@@ -71919,7 +71919,7 @@ CVE-2023-20267 (A vulnerability in the IP geolocation 
rules of Snort 3 could all
 CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified 
Communicat ...)
        NOT-FOR-US: Cisco
 CVE-2023-20265 (A vulnerability in the web-based management interface of a 
small subse ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20264 (A vulnerability in the implementation of Security Assertion 
Markup Lan ...)
        NOT-FOR-US: Cisco
 CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco 
HyperFl ...)
@@ -72038,7 +72038,7 @@ CVE-2023-20210 (A vulnerability in Cisco BroadWorks 
could allow an authenticated
 CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco 
Express ...)
        NOT-FOR-US: Cisco
 CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco 
ISE cou ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo 
Authentication P ...)
        NOT-FOR-US: Cisco
 CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
@@ -189870,11 +189870,11 @@ CVE-2021-27506 (The ClamAV Engine (version 0.103.1 
and below) component embedded
 CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict 
unauthorized  ...)
        NOT-FOR-US: mySCADA myPRO
 CVE-2021-27504 (Texas Instruments devices running FREERTOS, malloc returns a 
valid  po ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments devices
 CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed 
mylife Cloud: ...)
        NOT-FOR-US: Ypsomed
 CVE-2021-27502 (Texas Instruments TI-RTOS, when configured to use HeapMem 
heap(default ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments TI-RTOS
 CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow 
certain c ...)
        NOT-FOR-US: Philips Vue PACS
 CVE-2021-27500 (A specifically crafted packet sent by an attacker to 
EIPStackGroup OpE ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036fa37f9a01e34a3c460bdfe7e3f6bda9ef2297

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036fa37f9a01e34a3c460bdfe7e3f6bda9ef2297
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to