[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 12 21:27:05 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
601583a2 by Salvatore Bonaccorso at 2023-06-12T22:26:35+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,50 +1,50 @@
 CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...)
-	TODO: check
+	NOT-FOR-US: RoadFlow Visual Process Engine .NET Core Mvc
 CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G  ...)
-	TODO: check
+	NOT-FOR-US: Chengdu VEC40G
 CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...)
 	- linux 5.17.11-1
 	[bullseye] - linux 5.10.120-1
 	[buster] - linux 4.19.249-1
 	NOTE: https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6)
 CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: GeoServer
 CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
-	TODO: check
+	NOT-FOR-US: Asus
 CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...)
 	TODO: check
 CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
-	TODO: check
+	NOT-FOR-US: Asus
 CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...)
-	TODO: check
+	NOT-FOR-US: Youxun Electronic Equipment
 CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Service Provider Management System
 CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services  ...)
-	TODO: check
+	NOT-FOR-US: Apache NiFi
 CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
-	TODO: check
+	NOT-FOR-US: AMI BMC
 CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to  ...)
 	TODO: check
 CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...)
@@ -52,11 +52,11 @@ CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along w
 CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...)
 	TODO: check
 CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-33624
 	REJECTED
 CVE-2023-33623
@@ -64,15 +64,15 @@ CVE-2023-33623
 CVE-2023-33622
 	REJECTED
 CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...)
 	TODO: check
 CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...)
 	TODO: check
 CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...)
@@ -96,7 +96,7 @@ CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 an
 CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...)
 	TODO: check
 CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.)
 	TODO: check
 CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601583a2d406e471a931aacddb291518cfb7cfdd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601583a2d406e471a931aacddb291518cfb7cfdd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/1905bf7c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list