[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 25 22:18:47 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44892b34 by Salvatore Bonaccorso at 2023-08-25T23:18:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34,13 +34,13 @@ CVE-2023-40798 (In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGet
 CVE-2023-40797 (In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not valida ...)
 	NOT-FOR-US: Tenda
 CVE-2023-40796 (Phicomm k2 v22.6.529.216 is vulnerable to command injection.)
-	TODO: check
+	NOT-FOR-US: Phicomm
 CVE-2023-40599 (Regular expression Denial-of-Service (ReDoS) exists in multiple add-on ...)
 	NOT-FOR-US: multiple addons for Mailform Pro CGI
 CVE-2023-40580 (Freighter is a Stellar chrome extension. It may be possible for a mali ...)
-	TODO: check
+	NOT-FOR-US: Freighter Stellar chrome extension
 CVE-2023-40579 (OpenFGA is an authorization/permission engine built for developers and ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...)
 	TODO: check
 CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publishing da ...)
@@ -50,19 +50,19 @@ CVE-2023-40568
 CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...)
 	TODO: check
 CVE-2023-40182 (Silverware Games is a premium social network where people can play gam ...)
-	TODO: check
+	NOT-FOR-US: Silverware Games
 CVE-2023-40179 (Silverware Games is a premium social network where people can play gam ...)
-	TODO: check
+	NOT-FOR-US: Silverware Games
 CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
-	TODO: check
+	NOT-FOR-US: Notepad++
 CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
-	TODO: check
+	NOT-FOR-US: Notepad++
 CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...)
 	TODO: check
 CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
-	TODO: check
+	NOT-FOR-US: Rizin
 CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...)
-	TODO: check
+	NOT-FOR-US: GeoNode
 CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...)
 	NOT-FOR-US: M-Files
 CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...)
@@ -70,29 +70,29 @@ CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.1
 CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...)
 	TODO: check
 CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...)
-	TODO: check
+	NOT-FOR-US: Free and Open Source Inventory Management System
 CVE-2023-39700 (IceWarp Mail Server v10.4.5 was discovered to contain a reflected cros ...)
-	TODO: check
+	NOT-FOR-US: IceWarp
 CVE-2023-39699 (IceWarp Mail Server v10.4.5 was discovered to contain a local file inc ...)
-	TODO: check
+	NOT-FOR-US: IceWarp
 CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: IceWarp
 CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...)
 	NOT-FOR-US: Cloud Explorer Lite
 CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...)
-	TODO: check
+	NOT-FOR-US: Badaso
 CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...)
-	TODO: check
+	NOT-FOR-US: Badaso
 CVE-2023-38508 (Tuleap is an open source suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...)
-	TODO: check
+	NOT-FOR-US: Keylime
 CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...)
 	NOT-FOR-US: CasaOS
 CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...)
-	TODO: check
+	NOT-FOR-US: Infoblox NIOS
 CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...)
 	TODO: check
 CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...)
@@ -174319,7 +174319,7 @@ CVE-2021-27934
 CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
 	NOT-FOR-US: pfSense
 CVE-2021-27932 (Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0  ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
 	NOT-FOR-US: LumisXP (aka Lumis Experience Platform)
 CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44892b3405bd7d6d1dfa0b927aa125fe619408e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44892b3405bd7d6d1dfa0b927aa125fe619408e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230825/c6e9409b/attachment.htm>

More information about the debian-security-tracker-commits mailing list