[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 2 08:09:17 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e68cbe93 by Moritz Mühlenhoff at 2023-08-02T09:08:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-3301 [net: triggerable assertion due to race condition in hot-unplug]
 CVE-2023-3718 (An authenticated command injection vulnerability exists in the AOS-CX  ...)
 	NOT-FOR-US: Aruba
 CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Uvdesk
 CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...)
 	NOT-FOR-US: rConfig
 CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...)
@@ -23,21 +23,21 @@ CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn
 CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a low entrop ...)
 	NOT-FOR-US: RWS WorldServer
 CVE-2023-37478 (pnpm is a package manager. It is possible to construct a tarball that, ...)
-	TODO: check
+	NOT-FOR-US: pnpm
 CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting  ...)
 	NOT-FOR-US: Barebones CMS
 CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered to contai ...)
 	NOT-FOR-US: MotoCMS
 CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution because .NE ...)
-	TODO: check
+	NOT-FOR-US: Greenshot
 CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in mulicas ...)
-	TODO: check
+	NOT-FOR-US: EZVIZ
 CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in netClientSetW ...)
-	TODO: check
+	NOT-FOR-US: EZVIZ
 CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Prestashop addon
 CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers Silverstripe C ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe Framework
 CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1. ...)
 	NOT-FOR-US: TP-Link
 CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs showed e ...)
@@ -32518,7 +32518,7 @@ CVE-2023-23775
 CVE-2023-23549
 	RESERVED
 CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
 	- check-mk <removed>
 CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...)
@@ -53091,7 +53091,7 @@ CVE-2023-20585
 CVE-2023-20584
 	RESERVED
 CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20582
 	RESERVED
 CVE-2023-20581
@@ -65122,9 +65122,9 @@ CVE-2022-39989 (An issue was discovered in Fighting Cock Information System 1.0,
 CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows  ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an ...)
-	TODO: check
+	NOT-FOR-US: RaspAP
 CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows un ...)
-	TODO: check
+	NOT-FOR-US: RaspAP
 CVE-2022-39985
 	RESERVED
 CVE-2022-39984
@@ -160540,9 +160540,9 @@ CVE-2021-31683
 CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
 	NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
 CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3 allows attac ...)
-	TODO: check
+	NOT-FOR-US: yolo
 CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5 allows attac ...)
-	TODO: check
+	NOT-FOR-US: yolo
 CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
 	NOT-FOR-US: PESCMS Team
 CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
@@ -160600,7 +160600,7 @@ CVE-2021-31653
 CVE-2021-31652
 	RESERVED
 CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows r ...)
-	TODO: check
+	NOT-FOR-US: neofarg-cms
 CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading System  ...)
 	NOT-FOR-US: Sourcecodester Online Grading System
 CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
@@ -216409,7 +216409,7 @@ CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Camp
 CVE-2020-21882
 	RESERVED
 CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS ...)
-	TODO: check
+	NOT-FOR-US: DuxCMS
 CVE-2020-21880
 	RESERVED
 CVE-2020-21879
@@ -216901,7 +216901,7 @@ CVE-2020-21664
 CVE-2020-21663
 	RESERVED
 CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: yunyecms
 CVE-2020-21661
 	RESERVED
 CVE-2020-21660
@@ -243997,7 +243997,7 @@ CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to e
 CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
 	NOT-FOR-US: FrozenNode Laravel-Administrator
 CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through  ...)
-	TODO: check
+	NOT-FOR-US: PSAppDeployToolkit
 CVE-2020-10961
 	RESERVED
 CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e68cbe93062029f4f36b6297612899dbe03f27bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e68cbe93062029f4f36b6297612899dbe03f27bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230802/00c04ccf/attachment.htm>

More information about the debian-security-tracker-commits mailing list