[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 11 17:00:05 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e6538a2 by Moritz Muehlenhoff at 2023-07-11T17:59:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2023-XXXX [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and crash
 	NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
 	NOTE: https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 (3.14)
 CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared as crit ...)
-	TODO: check
+	NOT-FOR-US: kodbox
 CVE-2023-3606 (A vulnerability was found in TamronOS up to 20230703. It has been clas ...)
-	TODO: check
+	NOT-FOR-US: TamronOS
 CVE-2023-37191 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...)
 	NOT-FOR-US: SAP
 CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...)
@@ -33,7 +33,7 @@ CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10,
 CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...)
 	NOT-FOR-US: SAP
 CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...)
-	TODO: check
+	NOT-FOR-US: Kevon
 CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...)
 	NOT-FOR-US: SAP
 CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...)
@@ -45,9 +45,9 @@ CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WE
 CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal  ...)
 	NOT-FOR-US: SAP
 CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin  ...)
-	TODO: check
+	NOT-FOR-US: LWS
 CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
-	TODO: check
+	NOT-FOR-US: LWS
 CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP  ...)
 	NOT-FOR-US: SAP
 CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...)
@@ -70,19 +70,19 @@ CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management S
 CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub repository s ...)
 	NOT-FOR-US: squidex
 CVE-2023-3579 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: HadSky
 CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS 5.7.109. A ...)
 	NOT-FOR-US: DedeCMS
 CVE-2023-3574 (Improper Authorization in GitHub repository pimcore/customer-data-fram ...)
 	NOT-FOR-US: pimcore customer-data-framework
 CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK ICR890-4 c ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-3271 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-3270 (Exposure of Sensitive Information to an Unauthorized Actor in the SICK ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-3225 (The Float menu WordPress plugin before 5.0.3 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3219 (The EventON WordPress plugin before 2.1.2 does not validate that the e ...)
@@ -128,7 +128,7 @@ CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand
 CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: KodExplorer
 CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...)
 	NOT-FOR-US: Projectworlds Online Art Gallery Project
 CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the upload of  ...)
@@ -150,13 +150,13 @@ CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System v
 CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Dona ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthen ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could allow a rem ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the SICK  ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...)
 	TODO: check
 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...)
@@ -190,9 +190,9 @@ CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not
 CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...)
 	TODO: check
 CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...)
-	TODO: check
+	NOT-FOR-US: Dynacase
 CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...)
-	TODO: check
+	NOT-FOR-US: Beeliked
 CVE-2015-10120 (A vulnerability, which was classified as problematic, was found in WDS ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2015-10119 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7749,13 +7749,13 @@ CVE-2023-30965
 CVE-2023-30964
 	RESERVED
 CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30962
 	RESERVED
 CVE-2023-30961
 	RESERVED
 CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30959
 	RESERVED
 CVE-2023-30958
@@ -7763,7 +7763,7 @@ CVE-2023-30958
 CVE-2023-30957
 	RESERVED
 CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...)
 	NOT-FOR-US: Palantir
 CVE-2023-30954



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6538a2c597677923c87984941ba9d393261b51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e6538a2c597677923c87984941ba9d393261b51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/6ccf4cf5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list