[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 4 20:29:43 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e33e812a by Salvatore Bonaccorso at 2023-08-04T21:29:16+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,23 +161,23 @@ CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to
 CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection  ...)
 	NOT-FOR-US: ZKTeco BioAccess
 CVE-2023-38948 (An arbitrary file download vulnerability in the /c/PluginsController.p ...)
-	TODO: check
+	NOT-FOR-US: jizhi CMS
 CVE-2023-38947 (An arbitrary file upload vulnerability in the /languages/install.php c ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2023-38942 (Dango-Translator v4.5.5 was discovered to contain a remote command exe ...)
 	TODO: check
 CVE-2023-38812
 	REJECTED
 CVE-2023-38748 (Use after free vulnerability exists in CX-Programmer Included in CX-On ...)
-	TODO: check
+	NOT-FOR-US: CX-One CXONE-AL[][]D-V4
 CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in CX-Programmer Inclu ...)
-	TODO: check
+	NOT-FOR-US: CX-One CXONE-AL[][]D-V4
 CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer Include ...)
-	TODO: check
+	NOT-FOR-US: CX-One CXONE-AL[][]D-V4
 CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation of sp ...)
 	TODO: check
 CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...)
-	TODO: check
+	NOT-FOR-US: NextGen Mirth Connect
 CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...)
 	NOT-FOR-US: Codesys
 CVE-2023-37558 (After successful authentication as a user in multiple Codesys products ...)
@@ -209,45 +209,45 @@ CVE-2023-37546 (In multiple Codesys products in multiple versions, after success
 CVE-2023-37545 (In multiple Codesys products in multiple versions, after successful au ...)
 	NOT-FOR-US: Codesys
 CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...)
-	TODO: check
+	NOT-FOR-US: WS-Inc J WBEM Server
 CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...)
 	TODO: check
 CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: Eramba Limited Eramba Enterprise
 CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: Xoops CMS
 CVE-2023-36213 (SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: MotoCMS
 CVE-2023-36212 (File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Total CMS
 CVE-2023-36082 (An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a  ...)
-	TODO: check
+	NOT-FOR-US: GatesAIr Flexiva FM Transmitter/Exiter Fax 150W
 CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.1 ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate distributi ...)
-	TODO: check
+	NOT-FOR-US: Keyfactor EJBCA
 CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain ...)
 	TODO: check
 CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic  ...)
-	TODO: check
+	NOT-FOR-US: Control ID IDSecure
 CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID IDSecure 4.7. ...)
-	TODO: check
+	NOT-FOR-US: Control ID IDSecure
 CVE-2023-33369 (A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0  ...)
-	TODO: check
+	NOT-FOR-US: Control ID IDSecure
 CVE-2023-33368 (Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfi ...)
-	TODO: check
+	NOT-FOR-US: Control ID IDSecure
 CVE-2023-33366 (A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1 ...)
-	TODO: check
+	NOT-FOR-US: Suprema BioStar
 CVE-2023-33365 (A path traversal vulnerability exists in Suprema BioStar 2 before 2.9. ...)
-	TODO: check
+	NOT-FOR-US: Suprema BioStar
 CVE-2023-33364 (An OS Command injection vulnerability exists in Suprema BioStar 2 befo ...)
-	TODO: check
+	NOT-FOR-US: Suprema BioStar
 CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema BioStar 2 bef ...)
-	TODO: check
+	NOT-FOR-US: Suprema BioStar
 CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate  ...)
-	TODO: check
+	NOT-FOR-US: Fabasoft Cloud Enterprise Client
 CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...)
 	TODO: check
 CVE-2023-4104
@@ -13753,7 +13753,7 @@ CVE-2023-30148
 CVE-2023-30147
 	RESERVED
 CVE-2023-30146 (Assmann Digitus Plug&View IP Camera family allows unauthenticated atta ...)
-	TODO: check
+	NOT-FOR-US: Assmann Digitus Plug&View IP Camera
 CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...)
 	NOT-FOR-US: Camaleon CMS
 CVE-2023-30144
@@ -15391,7 +15391,7 @@ CVE-2023-22310
 CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab 15.11.11+ds1-1
 CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass,  ...)
-	TODO: check
+	NOT-FOR-US: ROC800-Series RTU devices
 CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...)
 	NOT-FOR-US: PnPSCADA
 CVE-2023-1933
@@ -18922,7 +18922,7 @@ CVE-2023-1439 (A vulnerability, which was classified as critical, has been found
 CVE-2023-1438
 	RESERVED
 CVE-2023-1437 (All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...)
 	- libjettison-java 1.5.4-1 (bug #1033846)
 	[bookworm] - libjettison-java <no-dsa> (Minor issue)
@@ -19011,7 +19011,7 @@ CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoi
 CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
 	NOT-FOR-US: ARM
 CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O w ...)
-	TODO: check
+	NOT-FOR-US: Insyde InsydeH2O
 CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
 	NOT-FOR-US: MyBB
 CVE-2023-28465



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e33e812a4a74b4a274b479bbb4d0d704d8264859

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e33e812a4a74b4a274b479bbb4d0d704d8264859
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230804/0bcb8e9c/attachment.htm>

More information about the debian-security-tracker-commits mailing list