[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 25 21:25:59 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b65e2310 by Salvatore Bonaccorso at 2023-04-25T22:25:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2023-31207
 CVE-2023-2283
 	RESERVED
 CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...)
 	TODO: check
 CVE-2023-2280
@@ -1030,9 +1030,9 @@ CVE-2023-30841
 CVE-2023-30840
 	RESERVED
 CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-30837
 	RESERVED
 CVE-2023-30836
@@ -1702,7 +1702,7 @@ CVE-2023-30625
 CVE-2023-30624
 	RESERVED
 CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2,  ...)
-	TODO: check
+	NOT-FOR-US: embano1/wip GitHub Action
 CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
 	TODO: check
 CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
@@ -2090,7 +2090,7 @@ CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted No
 CVE-2023-30546
 	RESERVED
 CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
@@ -2116,7 +2116,7 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core
 CVE-2023-30534
 	RESERVED
 CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...)
-	TODO: check
+	NOT-FOR-US: SheetJS
 CVE-2023-2011
 	RESERVED
 CVE-2023-2010
@@ -2980,7 +2980,7 @@ CVE-2023-30179
 CVE-2023-30178
 	RESERVED
 CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker  ...)
-	TODO: check
+	NOT-FOR-US: CraftCMS
 CVE-2023-30176
 	RESERVED
 CVE-2023-30175
@@ -3774,9 +3774,9 @@ CVE-2023-29782
 CVE-2023-29781
 	RESERVED
 CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...)
-	TODO: check
+	NOT-FOR-US: Third Reality Smart Blind
 CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...)
-	TODO: check
+	NOT-FOR-US: Sengled Dimmer Switch
 CVE-2023-29778
 	RESERVED
 CVE-2023-29777
@@ -5978,7 +5978,7 @@ CVE-2023-1733 (A denial of service condition exists in the Prometheus server bun
 CVE-2023-1732
 	RESERVED
 CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
-	TODO: check
+	NOT-FOR-US: LTOS
 CVE-2023-1730
 	RESERVED
 CVE-2023-1729
@@ -6884,7 +6884,7 @@ CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/s
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1)
 CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-28770
 	RESERVED
 CVE-2023-28769
@@ -9295,19 +9295,19 @@ CVE-2023-28092
 CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...)
 	NOT-FOR-US: HPE
 CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD  ...)
 	NOT-FOR-US: HPE
 CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
 	NOT-FOR-US: HPE
 CVE-2023-28082
@@ -10730,7 +10730,7 @@ CVE-2023-27621
 CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-27618
 	RESERVED
 CVE-2023-27617
@@ -12227,7 +12227,7 @@ CVE-2023-27107
 CVE-2023-27106
 	RESERVED
 CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...)
-	TODO: check
+	NOT-FOR-US: Shanling
 CVE-2023-27104
 	RESERVED
 CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via  ...)
@@ -12782,15 +12782,15 @@ CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows att
 CVE-2023-26844
 	RESERVED
 CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-26842
 	RESERVED
 CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-26838
 	RESERVED
 CVE-2023-26837
@@ -14753,11 +14753,11 @@ CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon
 CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
 	NOT-FOR-US: Progress Flowmon
 CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...)
-	TODO: check
+	NOT-FOR-US: Telindus
 CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...)
-	TODO: check
+	NOT-FOR-US: Telindus
 CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...)
-	TODO: check
+	NOT-FOR-US: Telindus
 CVE-2023-26096
 	RESERVED
 CVE-2023-26095
@@ -14838,9 +14838,9 @@ CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the
 CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site  ...)
 	NOT-FOR-US: Nokia
 CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-0920
 	RESERVED
 CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter,  ...)
@@ -15622,7 +15622,7 @@ CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-ma
 CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25792
 	RESERVED
 CVE-2023-25791
@@ -16014,7 +16014,7 @@ CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR &#82 ...)
@@ -16897,7 +16897,7 @@ CVE-2023-25492
 CVE-2023-25491
 	RESERVED
 CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25489
 	RESERVED
 CVE-2023-25488
@@ -16907,9 +16907,9 @@ CVE-2023-25487
 CVE-2023-25486
 	RESERVED
 CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25483
 	RESERVED
 CVE-2023-25482
@@ -16919,7 +16919,7 @@ CVE-2023-25481
 CVE-2023-25480
 	RESERVED
 CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25478
 	RESERVED
 CVE-2023-25477
@@ -17197,11 +17197,11 @@ CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When t
 CVE-2023-25349
 	RESERVED
 CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3,  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...)
 	NOT-FOR-US: swig-templates
 CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65e2310e3cdcb0a6c71de90f2036b00ce230761
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230425/3ea30757/attachment.htm>


More information about the debian-security-tracker-commits mailing list