[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 5 06:57:15 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9637067f by Salvatore Bonaccorso at 2023-08-05T07:56:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-4157 (Improper Input Validation in GitHub repository omeka/omeka-s prior to  ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual nvme de ...)
 	TODO: check
 CVE-2023-39552 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive informa ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM)
 CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. A SQL in ...)
-	TODO: check
+	NOT-FOR-US: social-media-skeleton
 CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path trave ...)
-	TODO: check
+	NOT-FOR-US: PaperCut
 CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: ECShop
 CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free Edition an ...)
 	TODO: check
 CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Creative Item Academy LMS
 CVE-2023-38707
 	REJECTED
 CVE-2023-38702 (Knowage is an open source analytics and business intelligence suite. S ...)
-	TODO: check
+	NOT-FOR-US: Knowage
 CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
 	TODO: check
 CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any AI/ML m ...)
 	TODO: check
 CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...)
-	TODO: check
+	NOT-FOR-US: Ethereum Name Service (ENS)
 CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...)
 	TODO: check
 CVE-2023-38696
@@ -53,9 +53,9 @@ CVE-2023-38686 (Sydent is an identity server for the Matrix communications proto
 CVE-2023-38494 (MeterSphere is an open-source continuous testing platform. Prior to ve ...)
 	TODO: check
 CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative markdown not ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow authenticated user ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security  ...)
 	TODO: check
 CVE-2023-37470 (Metabase is an open-source business intelligence and analytics platfor ...)
@@ -63,9 +63,9 @@ CVE-2023-37470 (Metabase is an open-source business intelligence and analytics p
 CVE-2023-36480 (The Aerospike Java client is a Java application that implements a netw ...)
 	TODO: check
 CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnerability ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their MQTT bro ...)
 	TODO: check
 CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection vulnerability  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9637067f311fb2d7fbf5a08ec4397cde2b42bb9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9637067f311fb2d7fbf5a08ec4397cde2b42bb9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230805/76d80f19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list