[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 20 08:39:19 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66a79b5c by Salvatore Bonaccorso at 2023-12-20T09:38:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
 CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-6976 (This vulnerability is capable of writing arbitrary files into arbitrar ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-6975 (A malicious user could use this issue to get command execution on the  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-6974 (A malicious user could use this issue to access internal HTTP(s) serve ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-6930 (EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthentica ...)
-	TODO: check
+	NOT-FOR-US: EuroTel ETL3100
 CVE-2023-6929 (EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure  ...)
-	TODO: check
+	NOT-FOR-US: EuroTel ETL3100
 CVE-2023-6928 (EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number o ...)
-	TODO: check
+	NOT-FOR-US: EuroTel ETL3100
 CVE-2023-6689 (A successful CSRF attack could force the user to perform state changin ...)
-	TODO: check
+	NOT-FOR-US: EFACEC
 CVE-2023-50835 (Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Adv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50707 (Through the exploitation of active user sessions, an attacker could se ...)
-	TODO: check
+	NOT-FOR-US: EFACEC
 CVE-2023-50706 (A user without administrator permissions with access to the UC500 wind ...)
-	TODO: check
+	NOT-FOR-US: UC500 windows system
 CVE-2023-50705 (An attacker could create malicious requests to obtain sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: UC500 windows system
 CVE-2023-50704 (An attacker could construct a URL within the application that causes a ...)
-	TODO: check
+	NOT-FOR-US: UC500 windows system
 CVE-2023-50703 (An attacker with network access could perform a man-in-the-middle (Mit ...)
-	TODO: check
+	NOT-FOR-US: UC500 windows system
 CVE-2023-50466 (An authenticated command injection vulnerability in Weintek cMT2078X e ...)
-	TODO: check
+	NOT-FOR-US: Weintek cMT2078X easyweb Web
 CVE-2023-49812 (Authorization Bypass Through User-Controlled Key vulnerability in J.N. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49164 (Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49147 (An issue was discovered in PDF24 Creator 11.14.0. The configuration of ...)
-	TODO: check
+	NOT-FOR-US: PDF24 Creator
 CVE-2023-49004 (An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-48764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48327 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47707 (IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross ...)
 	NOT-FOR-US: IBM
 CVE-2023-47706 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...)
@@ -61,15 +61,15 @@ CVE-2023-47703 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a re
 CVE-2023-47702 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...)
 	NOT-FOR-US: IBM
 CVE-2023-47267 (An issue discovered in TheGreenBow Windows Enterprise Certified VPN Cl ...)
-	TODO: check
+	NOT-FOR-US: TheGreenBow
 CVE-2023-47161 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7,  ...)
 	NOT-FOR-US: IBM
 CVE-2023-47146 (IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive  ...)
 	NOT-FOR-US: IBM
 CVE-2023-46624 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-45887 (DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11  ...)
-	TODO: check
+	NOT-FOR-US: DS Wireless Communication (DWC)
 CVE-2023-45172 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...)
 	NOT-FOR-US: IBM
 CVE-2023-42940 (A session rendering issue was addressed with improved session tracking ...)
@@ -81,9 +81,9 @@ CVE-2023-42012 (An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 throu
 CVE-2023-38126 (Softing edgeAggregator Restore Configuration Directory Traversal Remot ...)
 	TODO: check
 CVE-2023-37982 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...)
 	NOT-FOR-US: SourceCodester Online Student Management System
 CVE-2023-6944



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66a79b5c4eba7bc0eae448d1dcd9e9cbb101e1f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66a79b5c4eba7bc0eae448d1dcd9e9cbb101e1f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/d63905ff/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list