[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jul 16 09:38:52 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bd00f5c by Moritz Muehlenhoff at 2023-07-16T10:38:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-3692 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
-	TODO: check
+	NOT-FOR-US: admidio
 CVE-2023-3683 (A vulnerability has been found in LivelyWorks Articart 2.0.1 and class ...)
-	TODO: check
+	NOT-FOR-US: LivelyWorks Articart
 CVE-2023-37811
 	REJECTED
 CVE-2023-37810
@@ -35,15 +35,15 @@ CVE-2023-36166
 CVE-2023-36165
 	REJECTED
 CVE-2023-3682 (A vulnerability, which was classified as critical, was found in Nesote ...)
-	TODO: check
+	NOT-FOR-US: Nesote Inout Blockchain
 CVE-2023-3681 (A vulnerability classified as problematic was found in Campcodes Retro ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Retro Cellphone Online Store
 CVE-2023-3680 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-3679 (A vulnerability was found in SourceCodester Lost and Found Information ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-2507 (CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: CleverTap Cordova Plugin
 CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
 	NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via t ...)
@@ -53,7 +53,7 @@ CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX con
 	- pnp4nagios <removed>
 	NOTE: https://github.com/pnp4nagios/pnp4nagios/pull/17
 CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JSON and ...)
-	TODO: check
+	NOT-FOR-US: rswag
 CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...)
 	- netkit-rsh <unfixed> (bug #1039689)
 CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...)
@@ -75,7 +75,7 @@ CVE-2023-36466 (Discourse is an open source discussion platform. When editing a
 CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Ove ...)
 	NOT-FOR-US: Extreme Network AP devices
 CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is a contr ...)
-	TODO: check
+	NOT-FOR-US: Weave GitOps Terraform Controller
 CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.)
 	NOT-FOR-US: pimcore
 CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...)
@@ -8486,7 +8486,7 @@ CVE-2023-2269 (A denial of service problem was found, due to a possible recursiv
 	- linux 6.3.7-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
 CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...)
-	TODO: check
+	NOT-FOR-US: Plane
 CVE-2023-2267
 	RESERVED
 CVE-2023-2266
@@ -9552,7 +9552,7 @@ CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCo
 CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript:  ...)
 	NOT-FOR-US: Facebook lexical text editor
 CVE-2023-30791 (Plane version 0.7.1-dev allows an attacker to change the avatar of his ...)
-	TODO: check
+	NOT-FOR-US: Plane
 CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
 	NOT-FOR-US: MonicaHQ
 CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd00f5c3001b456f5b0f41cb67fce1d436bef1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bd00f5c3001b456f5b0f41cb67fce1d436bef1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230716/7bc3fc27/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list