[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 14 21:35:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f537283 by Salvatore Bonaccorso at 2023-07-14T22:34:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...)
 	TODO: check
 CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on Windows  ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation inSavoir-fai ...)
 	TODO: check
 CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami application is s ...)
@@ -19,47 +19,47 @@ CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are
 CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...)
 	TODO: check
 CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...)
-	TODO: check
+	NOT-FOR-US: Archer
 CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6 ...)
-	TODO: check
+	NOT-FOR-US: Archer
 CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the periodic ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) o ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing daemon (flo ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the routing protoc ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the packet f ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine (PFE) o ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards Hiring  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer Platform bef ...)
-	TODO: check
+	NOT-FOR-US: Archer
 CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...)
-	TODO: check
+	NOT-FOR-US: Archer
 CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6. ...)
-	TODO: check
+	NOT-FOR-US: Archer
 CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug that c ...)
 	TODO: check
 CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
@@ -14651,7 +14651,7 @@ CVE-2023-28987
 CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...)
 	NOT-FOR-US: Juniper
 CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...)
@@ -27253,7 +27253,7 @@ CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
 CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
 	NOT-FOR-US: .NET
 CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
 	NOT-FOR-US: .NET
 CVE-2023-24894



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f537283b61f16e9a2ceebc56dd92050441732e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f537283b61f16e9a2ceebc56dd92050441732e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/8c26df5a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list