[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 27 21:46:26 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0fbf8ee by Salvatore Bonaccorso at 2023-06-27T22:44:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,37 +7,37 @@ CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml pr
 	NOTE: https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/
 	NOTE: https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e (v1.2023.9)
 CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 23.6.12 ...)
-	TODO: check
+	NOT-FOR-US: M-Files
 CVE-2023-36463 (Meldekarten generator is an open source project to create a program, r ...)
-	TODO: check
+	NOT-FOR-US: Meldekarten generator
 CVE-2023-36002 (A missing authorization check in multiple URL validation endpoints of  ...)
-	TODO: check
+	NOT-FOR-US: Insider Threat Management Server
 CVE-2023-36000 (A missing authorization check in the MacOS agent configuration endpoin ...)
-	TODO: check
+	NOT-FOR-US: Insider Threat Management Server
 CVE-2023-35998 (A missing authorization check in multiple SOAP endpoints of the Inside ...)
-	TODO: check
+	NOT-FOR-US: Insider Threat Management Server
 CVE-2023-35800 (Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecu ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Endpoint Security Evolution
 CVE-2023-35799 (Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecu ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Endpoint Security Evolution
 CVE-2023-34839 (A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-p ...)
-	TODO: check
+	NOT-FOR-US: Issabel
 CVE-2023-34838 (A Cross Site Scripting vulnerability in Microworld Technologies eScan  ...)
-	TODO: check
+	NOT-FOR-US: Microworld Technologies eScan Management console
 CVE-2023-34837 (A Cross Site Scripting vulnerability in Microworld Technologies eScan  ...)
-	TODO: check
+	NOT-FOR-US: Microworld Technologies eScan Management console
 CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld Technologies eScan  ...)
-	TODO: check
+	NOT-FOR-US: Microworld Technologies eScan Management console
 CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld Technologies eScan  ...)
-	TODO: check
+	NOT-FOR-US: Microworld Technologies eScan Management console
 CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected cross-site scrip ...)
 	TODO: check
 CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack. Weak passwo ...)
 	TODO: check
 CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validation in ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 Foxy  ...)
 	TODO: check
 CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...)
@@ -51,7 +51,7 @@ CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequ
 CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...)
-	TODO: check
+	NOT-FOR-US: Insider Threat Management Agent for Windows
 CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fbf8eeb8c070ac4e950098f87d16e482710a92

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0fbf8eeb8c070ac4e950098f87d16e482710a92
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230627/2760e99c/attachment.htm>

More information about the debian-security-tracker-commits mailing list