[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Thu Jun 15 21:35:33 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40757213 by Salvatore Bonaccorso at 2023-06-15T22:33:48+02:00
Process some NFUs

- - - - -
1cd18555 by Salvatore Bonaccorso at 2023-06-15T22:33:50+02:00
Add CVE-2023-34626/piwigo

- - - - -
921cf04a by Salvatore Bonaccorso at 2023-06-15T22:33:51+02:00
Add CVE-2023-34242/cilium

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...)
 	TODO: check
 CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Rail Pass Management System
 CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Supplier Management System
 CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...)
-	TODO: check
+	NOT-FOR-US: cmseasy
 CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...)
-	TODO: check
+	NOT-FOR-US: ThinkAdmin
 CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Cyber Cafe Management System
 CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.)
-	TODO: check
+	- piwigo <removed>
 CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of  ...)
 	TODO: check
 CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
@@ -21,13 +21,13 @@ CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to u
 CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...)
 	TODO: check
 CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...)
-	TODO: check
+	- cilium <itp> (bug #858303)
 CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...)
 	TODO: check
 CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...)
 	TODO: check
 CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3aae462df9892ff4ebd50712952c8d8e7c04e66...921cf04a518022186c86683f560ded039ca2cf1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3aae462df9892ff4ebd50712952c8d8e7c04e66...921cf04a518022186c86683f560ded039ca2cf1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/29453aa9/attachment-0001.htm>
