[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 6 21:49:04 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
421f75c5 by Salvatore Bonaccorso at 2023-07-06T22:48:35+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
 	TODO: check
 CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...)
-	TODO: check
+	NOT-FOR-US: Rotem Dynamics Rotem CRM
 CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...)
-	TODO: check
+	NOT-FOR-US: ThinuTech ThinuCMS
 CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
 	TODO: check
 CVE-2023-3456 (Vulnerability of kernel raw address leakage in the  hang detector modu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...)
 	- linux <unfixed>
 CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...)
@@ -15,43 +15,43 @@ CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel
 CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...)
 	TODO: check
 CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37241 (Input verification vulnerability in the WMS API. Successful exploitati ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37240 (Vulnerability of missing input length verification in the  distributed ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37239 (Format string vulnerability in the  distributed file system. Attackers ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37238 (Vulnerability of apps' permission to access a certain API being incomp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-37136 (A stored cross-site scripting (XSS) vulnerability in the Basic Website ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-37135 (A stored cross-site scripting (XSS) vulnerability in the Image Upload  ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-37134 (A stored cross-site scripting (XSS) vulnerability in the Basic Informa ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-37133 (A stored cross-site scripting (XSS) vulnerability in the Column manage ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-37132 (A stored cross-site scripting (XSS) vulnerability in the custom variab ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-37131 (A Cross-Site Request Forgery (CSRF) in the component /public/admin/pro ...)
-	TODO: check
+	NOT-FOR-US: YznCMS
 CVE-2023-37125 (A stored cross-site scripting (XSS) vulnerability in the Management Cu ...)
-	TODO: check
+	NOT-FOR-US: SEACMS
 CVE-2023-37124 (A stored cross-site scripting (XSS) vulnerability in the Site Setup mo ...)
-	TODO: check
+	NOT-FOR-US: SEACMS
 CVE-2023-37122 (A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 al ...)
-	TODO: check
+	NOT-FOR-US: Bagecms
 CVE-2023-36995 (TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the stati ...)
-	TODO: check
+	NOT-FOR-US: TravianZ
 CVE-2023-36970 (A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17  ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via  ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...)
-	TODO: check
+	NOT-FOR-US: Food Ordering System
 CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...)
 	TODO: check
 CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421f75c5c7c798dba54921f38c034fa13f9610f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/421f75c5c7c798dba54921f38c034fa13f9610f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230706/db2d068f/attachment.htm>

More information about the debian-security-tracker-commits mailing list