[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Jun 22 21:26:29 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
849cc54f by Salvatore Bonaccorso at 2023-06-22T22:25:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with the pa ...)
 	TODO: check
 CVE-2023-3256 (Advantech R-SeeNet  versions 2.4.22  allows low-level users to access  ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2023-36371 (An issue in the GDKfree component of MonetDB Server v11.45.17 and v11. ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36370 (An issue in the gc_col component of MonetDB Server v11.45.17 and v11.4 ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36369 (An issue in the list_append component of MonetDB Server v11.45.17 and  ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36368 (An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36367 (An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11. ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36366 (An issue in the log_create_delta component of MonetDB Server v11.45.17 ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36365 (An issue in the sql_trans_copy_key component of MonetDB Server v11.45. ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36364 (An issue in the rel_deps component of MonetDB Server v11.45.17 and v11 ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36363 (An issue in the __nss_database_lookup component of MonetDB Server v11. ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36362 (An issue in the rel_sequences component of MonetDB Server v11.45.17 an ...)
-	TODO: check
+	NOT-FOR-US: MonetDB Server
 CVE-2023-36359 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36358 (TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR8 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36357 (An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36356 (TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36355 (TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via t ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36354 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/ ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-36243 (FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml ...)
 	TODO: check
 CVE-2023-36239 (libming listswf 0.4.7 was discovered to contain a buffer overflow in t ...)
@@ -41,25 +41,25 @@ CVE-2023-36239 (libming listswf 0.4.7 was discovered to contain a buffer overflo
 CVE-2023-36097 (funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via  ...)
 	TODO: check
 CVE-2023-36093 (There is a storage type cross site scripting (XSS) vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-35926 (Backstage is an open platform for building developer portals. The Back ...)
-	TODO: check
+	NOT-FOR-US: Backstage
 CVE-2023-35918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35917 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35174 (Livebook is a web application for writing interactive and collaborativ ...)
 	TODO: check
 CVE-2023-35093 (Broken Access Control vulnerability in StylemixThemes MasterStudy LMS  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34939 (Onlyoffice Community Server before v12.5.2 was discovered to contain a ...)
-	TODO: check
+	NOT-FOR-US: Onlyoffice Community Server
 CVE-2023-34927 (Casdoor v1.331.0 and below was discovered to contain a Cross-Site Requ ...)
 	TODO: check
 CVE-2023-34923 (XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in T ...)
-	TODO: check
+	NOT-FOR-US: TOPdesk
 CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashb ...)
 	TODO: check
 CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL injectio ...)
@@ -67,23 +67,23 @@ CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL in
 CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP O ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34028 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34006 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33387 (A reflected cross-site scripting (XSS) vulnerability in DATEV eG Perso ...)
-	TODO: check
+	NOT-FOR-US: DATEV
 CVE-2023-33323 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32960 (Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, Da ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32571 (Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to  ...)
 	TODO: check
 CVE-2023-32239 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-31868 (Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XS ...)
 	TODO: check
 CVE-2023-31867 (Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.)
@@ -95,7 +95,7 @@ CVE-2023-2990 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from a den
 CVE-2023-2989 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of  ...)
 	TODO: check
 CVE-2023-2611 (Advantech R-SeeNet  versions 2.4.22   is installed with a hidden root- ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...)
 	TODO: check
 CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...)
@@ -103,9 +103,9 @@ CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and
 CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.)
 	TODO: check
 CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for Woo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3359 [nvmem: brcm_nvram: Add check for kzalloc]
 	- linux 6.1.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/849cc54faa57244fb0988cc3083ae2a60d4ec343

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/849cc54faa57244fb0988cc3083ae2a60d4ec343
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230622/8aebd9ea/attachment.htm>
