[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 30 18:11:09 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
989661e5 by Salvatore Bonaccorso at 2023-06-30T19:10:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,9 +19,9 @@ CVE-2023-3249 (The Web3 \u2013 Crypto wallet Login & NFT token gating plugin for
 CVE-2023-3063 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: SP Project & Document Manager plugin for WordPress
 CVE-2023-36607 (The affected TBox RTUs are missing authorization for running some API  ...)
-	TODO: check
+	NOT-FOR-US: Ovarro
 CVE-2023-36539 (Exposure of information intended to be encrypted by some Zoom clients  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2023-36470 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-36469 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -31,7 +31,7 @@ CVE-2023-36468 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2023-36347 (A broken authentication mechanism in the endpoint excel.php of POS Cod ...)
 	NOT-FOR-US: POS Codekop
 CVE-2023-36146 (A Stored Cross-Site Scripting (XSS) vulnerability was found in Multila ...)
-	TODO: check
+	NOT-FOR-US: Multilaser RE 170
 CVE-2023-36143 (Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerabil ...)
 	NOT-FOR-US: Maxprint Maxlink 1200G
 CVE-2023-33336 (Reflected cross site scripting (XSS) vulnerability was discovered in S ...)
@@ -81,9 +81,9 @@ CVE-2023-36471 (Xwiki commons is the common modules used by other XWiki top leve
 CVE-2023-35938 (Tuleap is a Free & Open Source Suite to improve management of software ...)
 	NOT-FOR-US: Tuleap
 CVE-2023-35830 (STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module Deploymen ...)
-	TODO: check
+	NOT-FOR-US: STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity
 CVE-2023-34849 (An unauthorized command injection vulnerability exists in the ActionLo ...)
-	TODO: check
+	NOT-FOR-US: Ikuai router OS
 CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode ...)
 	TODO: check
 CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...)
@@ -93,9 +93,9 @@ CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical informa
 CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communi ...)
 	NOT-FOR-US: Xiamen Si Xin Communication Technology Video management system
 CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been identifi ...)
-	TODO: check
+	NOT-FOR-US: Gibbon CMS
 CVE-2023-34598 (Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it' ...)
-	TODO: check
+	NOT-FOR-US: Gibbon CMS
 CVE-2023-34487 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...)
 	NOT-FOR-US: itsourcecode Online Hotel Management System Project
 CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...)
@@ -141,9 +141,9 @@ CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a c
 CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...)
 	NOT-FOR-US: MCL-Net
 CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is a ...)
-	TODO: check
+	NOT-FOR-US: "Submission Web Form" of Turnitin LTI tool/plugin
 CVE-2023-34738 (Chemex through 3.7.1 is vulnerable to arbitrary file upload.)
-	TODO: check
+	NOT-FOR-US: Chemex
 CVE-2023-34736 (Guantang Equipment Management System version 4.12 is vulnerable to Arb ...)
 	NOT-FOR-US: Guantang Equipment Management System
 CVE-2023-34734 (Annet AC Centralized Management Platform 1.02.040 is vulnerable to Sto ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989661e5c4e5a6207ea949a808ba27e2119acf33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/989661e5c4e5a6207ea949a808ba27e2119acf33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230630/060ab5d7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list