[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 19 21:53:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f358a027 by Salvatore Bonaccorso at 2023-07-19T22:52:47+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,45 +9,45 @@ CVE-2023-38408 [Remote Code Execution in OpenSSH's forwarded ssh-agent]
 	NOTE: Remote exploitation requires that the agent was forwarded to an attacker-controlled
 	NOTE: system.
 CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been declared ...)
-	TODO: check
+	NOT-FOR-US: Intergard SGS
 CVE-2023-3762 (A vulnerability was found in Intergard SGS 8.7.0. It has been classifi ...)
-	TODO: check
+	NOT-FOR-US: Intergard SGS
 CVE-2023-3761 (A vulnerability was found in Intergard SGS 8.7.0 and classified as pro ...)
-	TODO: check
+	NOT-FOR-US: Intergard SGS
 CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and classified a ...)
-	TODO: check
+	NOT-FOR-US: Intergard SGS
 CVE-2023-3759 (A vulnerability, which was classified as critical, was found in Interg ...)
-	TODO: check
+	NOT-FOR-US: Intergard SGS
 CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Script  ...)
-	TODO: check
+	NOT-FOR-US: GZ Script Car Rental Script
 CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business Directory Lis ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Atlas Business Directory Listing
 CVE-2023-3755 (A vulnerability has been found in Creativeitem Atlas Business Director ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Atlas Business Directory Listing
 CVE-2023-3754 (A vulnerability, which was classified as problematic, was found in Cre ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Ekushey Project Manager CRM
 CVE-2023-3753 (A vulnerability classified as problematic has been found in Creativeit ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Mastery LMS
 CVE-2023-3752 (A vulnerability was found in Creativeitem Academy LMS 5.15. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS
 CVE-2023-3751 (A vulnerability was found in Super Store Finder 3.6. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: Super Store Finder
 CVE-2023-3722 (An OS command injection vulnerability was found in the Avaya Aura Devi ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2023-3638 (In GeoVision GV-ADR2701 cameras, an attacker could edit the login resp ...)
-	TODO: check
+	NOT-FOR-US: GeoVision
 CVE-2023-3527 (A CSV injection vulnerability was found in theAvaya Call Management Sy ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2023-3519 (Unauthenticated remote code execution)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2023-3467 (Privilege Escalation to root administrator (nsroot))
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2023-3466 (Reflected Cross-Site Scripting (XSS))
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2023-3463 (All versions of GE Digital CIMPLICITY that are not adhering to SDG gui ...)
-	TODO: check
+	NOT-FOR-US: GE Digital CIMPLICITY
 CVE-2023-37899 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
 	TODO: check
 CVE-2023-37897 (Grav is a file-based Web-platform built in PHP. Grav is subject to a s ...)
@@ -77,7 +77,7 @@ CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly
 CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
 	NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
 CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2023-3347 [SMB2 packet signing not enforced]
 	- samba 2:4.18.5+dfsg-1
 	[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -9930,7 +9930,7 @@ CVE-2023-30801
 CVE-2023-30800
 	RESERVED
 CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...)
 	- starlette 0.25.0-1
 	[bullseye] - starlette <no-dsa> (Minor issue)
@@ -15482,7 +15482,7 @@ CVE-2023-28936 (Attacker can access arbitrary recording/room  Vendor: The Apache
 CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
 	NOT-FOR-US: Apache UIMA UICC
 CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...)
 	- tang 14-1 (bug #1038119)
 	[bookworm] - tang <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f358a0278e897905d5b5775be7e30c2ff85606bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f358a0278e897905d5b5775be7e30c2ff85606bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230719/3f7d7430/attachment.htm>

More information about the debian-security-tracker-commits mailing list