[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 1 07:24:22 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af7d88a6 by Salvatore Bonaccorso at 2023-06-01T08:23:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,35 +47,35 @@ CVE-2023-34255 (An issue was discovered in the Linux kernel through 6.3.5. There
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
 CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection p ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks were missin ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the Subscription ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during oAuth config ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the "password" type ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status P ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission checks allowe ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks allow ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online
 CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...)
 	TODO: check
 CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and  ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...)
 	TODO: check
 CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...)
@@ -85,21 +85,21 @@ CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain pr
 CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...)
 	TODO: check
 CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...)
 	TODO: check
 CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...)
-	TODO: check
+	NOT-FOR-US: Microworld Technologies eScan Management Console
 CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...)
-	TODO: check
+	NOT-FOR-US: EDIMAX
 CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::Read ...)
 	TODO: check
 CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL Injection.)
-	TODO: check
+	NOT-FOR-US: KramerAV VIA GO
 CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to unauthenticated file ...)
-	TODO: check
+	NOT-FOR-US: KramerAV VIA GO
 CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to Unauthenticated arbi ...)
-	TODO: check
+	NOT-FOR-US: KramerAV VIA GO
 CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
@@ -107,11 +107,11 @@ CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B2023011
 CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Confluence
 CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...)
 	TODO: check
 CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...)
 	TODO: check
 CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7d88a6ef318586cae372eaed501edffcb79ed6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7d88a6ef318586cae372eaed501edffcb79ed6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230601/99e2dd4f/attachment.htm>

More information about the debian-security-tracker-commits mailing list