[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 27 22:31:54 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de1039a8 by Moritz Muehlenhoff at 2023-07-27T23:31:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,67 +11,67 @@ CVE-2023-37369
 	NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027
 CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s  ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
-	TODO: check
+	NOT-FOR-US: omeka-s
 CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.5. ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.4. ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/dra ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2023-3970 (A vulnerability, which was classified as problematic, was found in GZ  ...)
-	TODO: check
+	NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP
 CVE-2023-3969 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP
 CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream \ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in version 3. ...)
-	TODO: check
+	NOT-FOR-US: Tolgee
 CVE-2023-38509 (XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system DietPi. T ...)
-	TODO: check
+	NOT-FOR-US: DietPi-Dashboard
 CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps prior to  ...)
-	TODO: check
+	NOT-FOR-US: sails.js
 CVE-2023-38495 (Crossplane is a framework for building cloud native control planes wit ...)
-	TODO: check
+	NOT-FOR-US: Crossplane
 CVE-2023-38492 (Kirby is a content management system. A vulnerability in versions prio ...)
-	TODO: check
+	NOT-FOR-US: Kirby
 CVE-2023-38491 (Kirby is a content management system. A vulnerability in versions prio ...)
-	TODO: check
+	NOT-FOR-US: Kirby
 CVE-2023-38490 (Kirby is a content management system. A vulnerability in versions prio ...)
-	TODO: check
+	NOT-FOR-US: Kirby
 CVE-2023-38489 (Kirby is a content management system. A vulnerability in versions prio ...)
-	TODO: check
+	NOT-FOR-US: Kirby
 CVE-2023-38488 (Kirby is a content management system. A vulnerability in versions prio ...)
-	TODO: check
+	NOT-FOR-US: Kirby
 CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37900 (Crossplane is a framework for building cloud native control planes wit ...)
-	TODO: check
+	NOT-FOR-US: Crossplane
 CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Fire Reporting System
 CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Fire Reporting System
 CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...)
@@ -171,7 +171,7 @@ CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform th
 CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...)
 	NOT-FOR-US: B&R Industrial Automation
 CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...)
 	NOT-FOR-US: PaddlePaddle
 CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause  ...)
@@ -19332,7 +19332,7 @@ CVE-2023-28132
 CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...)
 	NOT-FOR-US: expo.io
 CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...)
-	TODO: check
+	NOT-FOR-US: Gaia Portal
 CVE-2023-28129
 	RESERVED
 CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
@@ -74521,7 +74521,7 @@ CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems
 	NOTE: https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 (5.19-rc1)
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m
 CVE-2022-2502 (A vulnerability exists in the HCI IEC 60870-5-104 function included in ...)
-	TODO: check
+	NOT-FOR-US: HCI
 CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...)
 	{DSA-5254-1}
 	- python-django 3:3.2.15-1
@@ -88247,13 +88247,13 @@ CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethe
 CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcod ...)
 	NOT-FOR-US: Owl Labs Meeting Owl
 CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning ...)
-	TODO: check
+	NOT-FOR-US: RTX TRAP
 CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal via a  ...)
-	TODO: check
+	NOT-FOR-US: RTX TRAP
 CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...)
-	TODO: check
+	NOT-FOR-US: Truedesk
 CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Truedesk
 CVE-2022-31454
 	RESERVED
 CVE-2022-31453
@@ -88887,7 +88887,7 @@ CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows d
 CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.)
 	NOT-FOR-US: SoftGuard Web
 CVE-2022-31200 (Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELangu ...)
-	TODO: check
+	NOT-FOR-US: Atmail
 CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix Auditor Use ...)
 	NOT-FOR-US: Netwrix Auditor
 CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...)
@@ -147470,7 +147470,7 @@ CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (
 CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...)
 	NOT-FOR-US: Kooboo CMS
 CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer IceWarp Serve ...)
-	TODO: check
+	NOT-FOR-US: IceWarp MailServer
 CVE-2021-36579
 	RESERVED
 CVE-2021-36578
@@ -214187,7 +214187,7 @@ CVE-2020-22625
 CVE-2020-22624
 	RESERVED
 CVE-2020-22623 (Directory traversal vulnerability in Jinfornet Jreport 15.6 allows una ...)
-	TODO: check
+	NOT-FOR-US: Jinfornet Jreport
 CVE-2020-22622
 	RESERVED
 CVE-2020-22621



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1039a8e6157ab19766026418d6cea458363df5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1039a8e6157ab19766026418d6cea458363df5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230727/91b9ee58/attachment.htm>

More information about the debian-security-tracker-commits mailing list