[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 3 21:33:55 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2065428f by Moritz Muehlenhoff at 2023-07-03T22:33:34+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -218,7 +218,7 @@ CVE-2023-37302 (An issue was discovered in SiteLinksView.php in Wikibase in Medi
 CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki ...)
 	NOT-FOR-US: MediaWiki extension WikiBase
 CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.)
 	NOT-FOR-US: Joplin
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.)
@@ -242,7 +242,7 @@ CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovere
 CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...)
 	NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router
 CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...)
-	TODO: check
+	- python-pipreqs <itp> (bug #1028550)
 CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...)
 	NOT-FOR-US: RocketSoft Rocket LMS
 CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It ...)
@@ -292,9 +292,9 @@ CVE-2023-32613 (Exposure of resource to wrong sphere issue exists in WL-WN531AX2
 CVE-2023-32612 (Client-side enforcement of server-side security issue exists in WL-WN5 ...)
 	NOT-FOR-US: WL-WN531AX2 firmware
 CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community Edition and ...)
-	TODO: check
+	NOT-FOR-US: Pleasanter
 CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter (Community Edi ...)
-	TODO: check
+	NOT-FOR-US: Pleasanter
 CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication bypass ...)
@@ -330,7 +330,7 @@ CVE-2023-35830 (STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module Dep
 CVE-2023-34849 (An unauthorized command injection vulnerability exists in the ActionLo ...)
 	NOT-FOR-US: Ikuai router OS
 CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode ...)
-	TODO: check
+	NOT-FOR-US: Play With Docker
 CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...)
 	NOT-FOR-US: Property Cloud Platform Management Center
 CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical information o ...)
@@ -385,11 +385,11 @@ CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authe
 CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permission ...)
 	NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and modules for ...)
-	TODO: check
+	NOT-FOR-US: calamares-nixos-extensions
 CVE-2023-36475 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Node parse-server
 CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band interactio ...)
-	TODO: check
+	NOT-FOR-US: Interactsh
 CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted ...)
 	NOT-FOR-US: Traggo Server
 CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...)
@@ -415,7 +415,7 @@ CVE-2023-34647 (PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross
 CVE-2023-33661 (Multiple cross-site scripting (XSS) vulnerabilities were discovered in ...)
 	NOT-FOR-US: Church CRM
 CVE-2023-32610 (Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated a ...)
-	TODO: check
+	NOT-FOR-US: Mailform Pro CGI
 CVE-2023-32224 (D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction o ...)
 	NOT-FOR-US: D-Link
 CVE-2023-32223 (D-Link DSL-224 firmware version 3.0.10 allows post authentication comm ...)
@@ -449,9 +449,9 @@ CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvl
 	- linux 6.3.7-1
 	NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
 CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...)
-	TODO: check
+	NOT-FOR-US: NTRIP Professional Caster
 CVE-2023-36467 (AWS data.all is an open source development framework to help users bui ...)
-	TODO: check
+	NOT-FOR-US: AWS data.all
 CVE-2023-34937 (A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012  ...)
 	NOT-FOR-US: H3C
 CVE-2023-34936 (A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R ...)
@@ -473,7 +473,7 @@ CVE-2023-34929 (A stack overflow in the AddMacList function of H3C Magic B1STV10
 CVE-2023-34928 (A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R ...)
 	NOT-FOR-US: H3C
 CVE-2023-34761 (An unauthenticated attacker within BLE proximity can remotely connect  ...)
-	TODO: check
+	NOT-FOR-US: 7-Eleven LED Message Cup
 CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to contain a SQL ...)
 	NOT-FOR-US: Lost and Found Information System
 CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).)
@@ -6897,7 +6897,7 @@ CVE-2023-30957
 CVE-2023-30956
 	RESERVED
 CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30954
 	RESERVED
 CVE-2023-30953
@@ -6915,7 +6915,7 @@ CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted i
 CVE-2023-30947
 	RESERVED
 CVE-2023-30946 (A security defect was identified in Foundry Issues. If a user was adde ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and VCD(Video Clip ...)
 	NOT-FOR-US: Palantir
 CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065428fffa0479ec534b5c6a46404ec349ab7f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2065428fffa0479ec534b5c6a46404ec349ab7f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230703/a90ed7ae/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list