[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 22 08:30:49 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7c1973f by Moritz Muehlenhoff at 2023-12-22T09:30:33+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,17 +19,17 @@ CVE-2023-7051 (A vulnerability was found in PHPGurukul Online Notes Sharing Syst
 CVE-2023-7050 (A vulnerability has been found in PHPGurukul Online Notes Sharing Syst ...)
 	NOT-FOR-US: PHPGurukul Online Notes Sharing System
 CVE-2023-6847 (An improper authentication vulnerability was identified in GitHub Ente ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-6804 (Improper privilege management allowed arbitrary workflows to be commit ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-6803 (A race condition in GitHub Enterprise Server allows an outside collabo ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-6802 (An insertion of sensitive information into the log file in the audit l ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-6746 (An insertion of sensitive information into log file vulnerability was  ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-6690 (A race condition in GitHub Enterprise Server allowed an existing admin ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...)
 	- proftpd-dfsg 1.3.8.a+dfsg-1
 	NOTE: https://github.com/proftpd/proftpd/issues/1683
@@ -46,87 +46,87 @@ CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x thro
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/
 	NOTE: https://phabricator.wikimedia.org/T347726
 CVE-2023-51380 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-51379 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-49690 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49689 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49688 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49687 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49686 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49685 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49684 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49683 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49682 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49681 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49680 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49679 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49678 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Job Portal
 CVE-2023-49086 (Cacti is a robust performance and fault management framework and a fro ...)
 	TODO: check
 CVE-2023-49084 (Cacti is a robust performance and fault management framework and a fro ...)
 	TODO: check
 CVE-2023-48723 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48722 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48720 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48719 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48718 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48717 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48716 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System
 CVE-2023-48690 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48689 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48688 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48687 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48686 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48685 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Railway Reservation System
 CVE-2023-48308 (Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain  ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud calendar app
 CVE-2023-48298 (ClickHouse\xae is an open-source column-oriented database management s ...)
 	TODO: check
 CVE-2023-46649 (A race condition in GitHub Enterprise Server was identified that could ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-46648 (An insufficient entropy vulnerability was identified in GitHub Enterpr ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-46647 (Improper privilege management in all versions of GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-46646 (Improper access control in all versions of GitHub Enterprise Server al ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-46645 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-41097 (An Observable Timing Discrepancy, Covert Timing Channel vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs
 CVE-2023-37520 (UnauthenticatedStored Cross-Site Scripting (XSS) vulnerability identif ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-42465 [Targeted Corruption of Register and Stack Variables]
 	- sudo 1.9.15p2-2
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c1973f1756e5e92bcf89a8c55ec515b9df3b10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c1973f1756e5e92bcf89a8c55ec515b9df3b10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/96359556/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list