[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 18 12:26:14 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93eb48bb by Moritz Muehlenhoff at 2023-07-18T13:25:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have
 CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 1.1.7 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c via a m ...)
-	TODO: check
+	NOT-FOR-US: xHTTP
 CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. fs/smb/serv ...)
 	- linux 6.3.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -119,29 +119,29 @@ CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow
 CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...)
 	TODO: check
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...)
-	TODO: check
+	NOT-FOR-US: Open Enclave
 CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...)
 	TODO: check
 CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...)
-	TODO: check
+	NOT-FOR-US: Hamba avro
 CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded to Mete ...)
-	TODO: check
+	NOT-FOR-US: Metersphere
 CVE-2023-37266 (CasaOS is an open-source Personal Cloud system. Unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: CasaOS
 CVE-2023-37265 (CasaOS is an open-source Personal Cloud system. Due to a lack of IP ad ...)
-	TODO: check
+	NOT-FOR-US: CasaOS
 CVE-2023-36656 (Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI be ...)
-	TODO: check
+	NOT-FOR-US: Jaegertracing UI
 CVE-2023-36514 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shippin ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-36513 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-36511 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-35880 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devi ...)
-	TODO: check
+	NOT-FOR-US: Expressif
 CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=2.5 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...)
@@ -187,7 +187,7 @@ CVE-2023-2959 (Authentication Bypass by Primary Weakness vulnerability in Oliva
 CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability in Orig ...)
 	NOT-FOR-US: Origin Software ATS Pro
 CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded allows Ob ...)
-	TODO: check
+	NOT-FOR-US: Secomea SiteManager Embedded
 CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape genera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not properly sani ...)
@@ -88902,7 +88902,7 @@ CVE-2022-30860 (FUDforum 3.1.2 is vulnerable to Remote Code Execution through Up
 CVE-2022-30859
 	RESERVED
 CVE-2022-30858 (An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnima ...)
-	TODO: check
+	NOT-FOR-US: ngiflib
 CVE-2022-30857
 	RESERVED
 CVE-2022-30856
@@ -128379,7 +128379,7 @@ CVE-2021-43074 (An improper verification of cryptographic signature vulnerabilit
 CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43072 (A buffer copy without checking size of input ('classic buffer overflow ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM  ...)
@@ -144379,11 +144379,11 @@ CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr p
 CVE-2021-37387
 	RESERVED
 CVE-2021-37386 (Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were dis ...)
-	TODO: check
+	NOT-FOR-US: Furukawa
 CVE-2021-37385
 	RESERVED
 CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web interface co ...)
-	TODO: check
+	NOT-FOR-US: Furukawa
 CVE-2021-37383
 	RESERVED
 CVE-2021-37382



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93eb48bbbfc883945c3ac1ea7174820909bd3ffa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93eb48bbbfc883945c3ac1ea7174820909bd3ffa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/78041277/attachment.htm>

More information about the debian-security-tracker-commits mailing list