[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 28 22:59:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b9d5749 by Salvatore Bonaccorso at 2023-04-28T23:59:06+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2023-2338 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.
 CVE-2023-2336 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.)
 	NOT-FOR-US: pimcore
 CVE-2023-2335 (Plaintext Password in Registry   vulnerability in 42gears surelock win ...)
-	TODO: check
+	NOT-FOR-US: 42gears
 CVE-2023-2331 (Unquoted service Path or Element vulnerability in 42Gears Surelock Win ...)
 	NOT-FOR-US: 42Gears
 CVE-2023-2328 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...)
@@ -1341,15 +1341,15 @@ CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4,
 CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in their Gi ...)
 	TODO: check
 CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-30851
 	RESERVED
 CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-30848 (Pimcore is an open source data and experience management platform. Pri ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-30847 (H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the rev ...)
 	TODO: check
 CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...)
@@ -2037,7 +2037,7 @@ CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with
 CVE-2023-30625
 	RESERVED
 CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2,  ...)
 	NOT-FOR-US: embano1/wip GitHub Action
 CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
@@ -2702,9 +2702,9 @@ CVE-2023-30468
 CVE-2023-1973
 	RESERVED
 CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...)
-	TODO: check
+	NOT-FOR-US: Milesight
 CVE-2023-30466 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...)
-	TODO: check
+	NOT-FOR-US: Milesight
 CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-1972
@@ -2720,11 +2720,11 @@ CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classi
 CVE-2023-1969 (A vulnerability classified as critical was found in SourceCodester Onl ...)
 	NOT-FOR-US: SourceCodester Online Eyewear Shop
 CVE-2023-1968 (Instruments with Illumina Universal Copy Service v2.x are vulnerable d ...)
-	TODO: check
+	NOT-FOR-US: Illumina
 CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes untrusted data ...)
-	TODO: check
+	NOT-FOR-US: Keysight N8844A Data Analytics Web Service
 CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x contain ...)
-	TODO: check
+	NOT-FOR-US: Illumina
 CVE-2023-1965
 	RESERVED
 CVE-2023-30464
@@ -2747,9 +2747,9 @@ CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linu
 	- linux 6.1.25-1
 	NOTE: https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3)
 CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service attac ...)
-	TODO: check
+	NOT-FOR-US: ebankIT
 CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...)
-	TODO: check
+	NOT-FOR-US: ebankIT
 CVE-2023-30453
 	RESERVED
 CVE-2023-30452
@@ -2871,7 +2871,7 @@ CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered to contain a segmentat
 	[bullseye] - iotjs <ignored> (Minor issue)
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/5058
 CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repea ...)
-	TODO: check
+	NOT-FOR-US: Aigital
 CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...)
 	NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router
 CVE-2023-30403
@@ -2923,7 +2923,7 @@ CVE-2023-30382
 CVE-2023-30381
 	RESERVED
 CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2023-30379
 	RESERVED
 CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...)
@@ -2985,7 +2985,7 @@ CVE-2023-30351
 CVE-2023-30350
 	RESERVED
 CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2023-30348
 	RESERVED
 CVE-2023-30347
@@ -3007,7 +3007,7 @@ CVE-2023-30340
 CVE-2023-30339
 	RESERVED
 CVE-2023-30338 (Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pr ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2023-30337
 	RESERVED
 CVE-2023-30336
@@ -3317,7 +3317,7 @@ CVE-2023-30185
 CVE-2023-30184
 	RESERVED
 CVE-2023-30183 (Wangmarket CMS v4.10 was discovered to contain a SQL injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Wangmarket CMS
 CVE-2023-30182
 	RESERVED
 CVE-2023-30181
@@ -3433,11 +3433,11 @@ CVE-2023-30127
 CVE-2023-30126
 	RESERVED
 CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: Eyoucms
 CVE-2023-30124
 	RESERVED
 CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...)
-	TODO: check
+	NOT-FOR-US: wuzhicms
 CVE-2023-30122
 	RESERVED
 CVE-2023-30121
@@ -3635,7 +3635,7 @@ CVE-2023-30026
 CVE-2023-30025
 	RESERVED
 CVE-2023-30024 (Insecure Permissions vulnerability found in MagicJack A921 USB Phone J ...)
-	TODO: check
+	NOT-FOR-US: MagicJack
 CVE-2023-30023
 	RESERVED
 CVE-2023-30022
@@ -4053,7 +4053,7 @@ CVE-2023-29817
 CVE-2023-29816
 	RESERVED
 CVE-2023-29815 (mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).)
-	TODO: check
+	NOT-FOR-US: mccms
 CVE-2023-29814
 	RESERVED
 CVE-2023-29813
@@ -5426,7 +5426,7 @@ CVE-2023-29336
 CVE-2023-29335
 	RESERVED
 CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-29333
 	RESERVED
 CVE-2023-29332
@@ -5737,15 +5737,15 @@ CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows atta
 CVE-2023-29217
 	RESERVED
 CVE-2023-29169 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2023-29150 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2023-28716 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2023-28400 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2023-28384 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2023-1824
 	RESERVED
 CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...)
@@ -6125,7 +6125,7 @@ CVE-2023-1780
 CVE-2023-1779
 	RESERVED
 CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...)
-	TODO: check
+	NOT-FOR-US: GajShield Data Security Firewall firmware
 CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...)
@@ -6267,9 +6267,9 @@ CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as cri
 CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...)
 	NOT-FOR-US: 3CX DesktopApp
 CVE-2023-29058 (A valid, authenticated XCC user with read-only permissions can modify  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-29057 (A valid XCC user's local account permissions overrides their active di ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to read-onl ...)
 	TODO: check
 CVE-2023-29055
@@ -7141,11 +7141,11 @@ CVE-2016-15030 (A vulnerability classified as problematic has been found in Arno
 CVE-2015-10097 (A vulnerability was found in grinnellplans-php up to 3.0. It has been  ...)
 	NOT-FOR-US: grinnellplans-php
 CVE-2023-28821 (Concrete CMS (previously concrete5) before 9.1 did not have a rate lim ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2023-28820 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2023-28819 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...)
 	NOT-FOR-US: Veritas
 CVE-2023-28817
@@ -7250,9 +7250,9 @@ CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/s
 CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI \u201cExpo ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc.so\u2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-28768
 	RESERVED
 CVE-2023-28767



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d574983aaea8650c65c0c667c9d2dcb9d7f9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9d574983aaea8650c65c0c667c9d2dcb9d7f9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230428/6ec2aee3/attachment.htm>

More information about the debian-security-tracker-commits mailing list