[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 2 08:21:25 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47d87ec6 by Salvatore Bonaccorso at 2023-07-02T09:20:52+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,11 +109,11 @@ CVE-2020-36736 (The WooCommerce Checkout & Funnel Builder by CartFlows plugin fo
 CVE-2020-36735 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
 	NOT-FOR-US: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress
 CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 1.20 o ...)
-	TODO: check
+	NOT-FOR-US: Temporal Server
 CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...)
-	TODO: check
+	NOT-FOR-US: IBOS OA
 CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...)
 	TODO: check
 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...)
@@ -121,7 +121,7 @@ CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript
 CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in  ...)
 	NOT-FOR-US: MISP
 CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...)
 	NOT-FOR-US: MediaWiki extension ProofreadPage
 CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for MediaWiki thro ...)
@@ -153,9 +153,9 @@ CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerabl
 CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...)
 	NOT-FOR-US: HP
 CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: angular-ui-notification
 CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...)
-	TODO: check
+	NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...)
 	TODO: check
 CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...)
@@ -265,7 +265,7 @@ CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to
 CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...)
 	NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on  ...)
-	TODO: check
+	NOT-FOR-US: Sealos
 CVE-2023-XXXX [Heap overwrite in PGS subtitle overlay decoder]
 	- gst-plugins-bad1.0 1.22.4-1
 	[bookworm] - gst-plugins-bad1.0 1.22.0-4+deb12u1
@@ -293,17 +293,17 @@ CVE-2023-XXXX [Heap overwrite in subtitle parsing]
 CVE-2023-3447 (The Active Directory Integration / LDAP Integration plugin for WordPre ...)
 	NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress
 CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authentica ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permission ...)
 	NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and modules for ...)
 	TODO: check
 CVE-2023-36475 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band interactio ...)
 	TODO: check
 CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted ...)
-	TODO: check
+	NOT-FOR-US: Traggo Server
 CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...)
 	NOT-FOR-US: MCL-Net
 CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is a ...)
@@ -390,7 +390,7 @@ CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to contain
 CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).)
 	NOT-FOR-US: Bagisto
 CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated clien ...)
-	TODO: check
+	NOT-FOR-US: ABB CoreTec
 CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...)
 	TODO: check
 CVE-2023-3428 [heap-buffer-overflow in coders/tiff.c]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d87ec6a5c3bca94f09eb695bbdd2318bb9cbbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47d87ec6a5c3bca94f09eb695bbdd2318bb9cbbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230702/718a04a2/attachment.htm>

More information about the debian-security-tracker-commits mailing list