[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 21 21:20:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e088f505 by Salvatore Bonaccorso at 2023-07-21T22:19:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...)
 	TODO: check
 CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object Management  ...)
 	TODO: check
 CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEdi ...)
 	TODO: check
 CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up t ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2023-37901 (Indico is an open source a general-purpose, web based event management ...)
-	TODO: check
+	NOT-FOR-US: CERN Indico
 CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected c ...)
-	TODO: check
+	NOT-FOR-US: WebBoss.io CMS
 CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows attackers to a ...)
-	TODO: check
+	NOT-FOR-US: WebBoss.io CMS
 CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-3815 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: y_project RuoYi
 CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to arbitrary fil ...)
@@ -23803,7 +23803,7 @@ CVE-2023-26302 (Denial of service could be caused to the command line interface
 	NOTE: https://github.com/executablebooks/markdown-it-py/pull/247
 	NOTE: https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c (v2.2.0)
 CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2023-26300
 	RESERVED
 CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
@@ -25141,9 +25141,9 @@ CVE-2023-25843
 CVE-2023-25842
 	RESERVED
 CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Se ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server in versi ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...)
 	NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...)
@@ -39014,7 +39014,7 @@ CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -39024,7 +39024,7 @@ CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database Server
 CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM ...)
 	NOT-FOR-US: Oracle
 CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.20+8-1
@@ -120193,7 +120193,7 @@ CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when instal
 CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
 	NOT-FOR-US: KNIME Analytics Platform
 CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton Privileged Acces ...)
-	TODO: check
+	NOT-FOR-US: Imprivata Privileged Access Management
 CVE-2021-45093
 	RESERVED
 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
@@ -138540,7 +138540,7 @@ CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is af
 CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...)
@@ -139478,7 +139478,7 @@ CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows at
 CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11 ...)
 	NOT-FOR-US: Seacms
 CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2021-39424
 	RESERVED
 CVE-2021-39423
@@ -214452,7 +214452,7 @@ CVE-2020-22161
 CVE-2020-22160
 	RESERVED
 CVE-2020-22159 (EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and ...)
-	TODO: check
+	NOT-FOR-US: EVERTZ devices
 CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to  ...)
 	NOT-FOR-US: Ericsson RX8200 5.13.3 devices
 CVE-2020-22157



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e088f505884f74aea7a24ae039ff53f5568a0dcf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e088f505884f74aea7a24ae039ff53f5568a0dcf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230721/4e3713d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list