[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 12 22:02:25 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68dfd1e7 by Salvatore Bonaccorso at 2023-04-12T23:01:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9830,7 +9830,7 @@ CVE-2023-27218
 CVE-2023-27217
 	RESERVED
 CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-27215
 	RESERVED
 CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...)
@@ -10219,7 +10219,7 @@ CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injecti
 CVE-2023-27033 (Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code ...)
 	NOT-FOR-US: Prestashop cdesigner
 CVE-2023-27032 (Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: Prestashop advancedpopupcreator
 CVE-2023-27031
 	RESERVED
 CVE-2023-27030
@@ -18249,9 +18249,9 @@ CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain
 CVE-2023-24183
 	RESERVED
 CVE-2023-24182 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: LuCI openwrt
 CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: LuCI openwrt
 CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
 	- libelfin <unfixed> (bug #1033741)
 	[bookworm] - libelfin <no-dsa> (Minor issue)
@@ -20057,7 +20057,7 @@ CVE-2023-23593
 CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
 	NOT-FOR-US: WALLIX Access Manager
 CVE-2023-23591 (The Logback component in Terminalfour before 8.3.14.1 allows OS admini ...)
-	TODO: check
+	NOT-FOR-US: Terminalfour
 CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
 	- radare2 <unfixed> (bug #1029037)
 	NOTE: https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e/
@@ -23367,7 +23367,7 @@ CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in P
 	NOTE: https://downloads.powerdns.com/patches/2023-01/
 	NOTE: https://github.com/PowerDNS/pdns/pull/12442
 CVE-2023-22616 (An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2023-22615 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
 	NOT-FOR-US: Insyde
 CVE-2023-22614 (An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kern ...)
@@ -26180,7 +26180,7 @@ CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2022-47606
 	RESERVED
 CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47604
 	RESERVED
 CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
@@ -40885,11 +40885,11 @@ CVE-2023-0008
 CVE-2023-0007
 	RESERVED
 CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2023-0004 (A local file deletion vulnerability in Palo Alto Networks PAN-OS softw ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
 	NOT-FOR-US: Palo Alto
 CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
@@ -96253,7 +96253,7 @@ CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute
 CVE-2022-24351
 	RESERVED
 CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
 	{DLA-3390-1 DLA-2980-1}
 	- zabbix 1:6.0.7+dfsg-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68dfd1e7b2e896a1ef3469213db1773a66eeae72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68dfd1e7b2e896a1ef3469213db1773a66eeae72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/d251a40a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list