[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 30 20:34:35 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99c64d45 by Salvatore Bonaccorso at 2023-06-30T21:34:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5940,7 +5940,7 @@ CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to
 CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...)
 	NOT-FOR-US: WP Activity Log Premium plugin for WordPress
 CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima
 CVE-2023-31221
 	RESERVED
 CVE-2023-31220
@@ -10077,15 +10077,15 @@ CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway
 CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...)
 	NOT-FOR-US: Vade Secure Gateway
 CVE-2023-29711 (An incorrect access control issue was discovered in Interlink PSG-5124 ...)
-	TODO: check
+	NOT-FOR-US: Interlink PSG-5124
 CVE-2023-29710
 	RESERVED
 CVE-2023-29709 (An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE ve ...)
-	TODO: check
+	NOT-FOR-US: Wildix WSG24POE
 CVE-2023-29708 (An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter versi ...)
-	TODO: check
+	NOT-FOR-US: WavLink WavRouter
 CVE-2023-29707 (Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Cent ...)
-	TODO: check
+	NOT-FOR-US: GBCOM LAC WEB Control Center
 CVE-2023-29706
 	RESERVED
 CVE-2023-29705
@@ -11206,7 +11206,7 @@ CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulner
 CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Eskom Computer Water Metering Software
 CVE-2023-1862 (Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a mal ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare WARP client for Windows
 CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...)
@@ -12017,7 +12017,7 @@ CVE-2023-29102
 CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
 	NOT-FOR-US: Muffingroup
 CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-29099
 	RESERVED
 CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
@@ -12031,7 +12031,7 @@ CVE-2023-29095
 CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...)
 	TODO: check
 CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow  ...)
@@ -12120,7 +12120,7 @@ CVE-2023-29070
 CVE-2023-29069
 	RESERVED
 CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...)
 	NOT-FOR-US: Autodesk
 CVE-2023-29066
@@ -12277,13 +12277,13 @@ CVE-2023-1726 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Project M ...)
 	NOT-FOR-US: Infoline Project Management System
 CVE-2023-1724 (Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent  ...)
-	TODO: check
+	NOT-FOR-US: Faveo Helpdesk Enterprise
 CVE-2023-1723 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Veragroup Mobile Assistant
 CVE-2023-1722 (Yoga Class Registration System version 1.0 allows an administrator to  ...)
-	TODO: check
+	NOT-FOR-US: Yoga Class Registration System
 CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an administrator to  ...)
-	TODO: check
+	NOT-FOR-US: Yoga Class Registration System
 CVE-2023-1720
 	RESERVED
 CVE-2023-1719
@@ -12413,15 +12413,15 @@ CVE-2023-28994
 CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28990
 	RESERVED
 CVE-2023-28989
 	RESERVED
 CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28987
 	RESERVED
 CVE-2023-28986
@@ -13085,9 +13085,9 @@ CVE-2023-1622
 CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
@@ -14106,7 +14106,7 @@ CVE-2023-28536
 CVE-2023-28535
 	RESERVED
 CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28533
 	RESERVED
 CVE-2023-28532
@@ -14185,7 +14185,7 @@ CVE-2023-28498
 CVE-2023-28497
 	RESERVED
 CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28495
 	RESERVED
 CVE-2023-28494
@@ -14352,7 +14352,7 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log mes
 	[buster] - sudo <no-dsa> (Minor issue)
 	NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...)
-	TODO: check
+	NOT-FOR-US: WeKan
 CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...)
 	{DSA-5391-1 DLA-3405-1}
 	- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
@@ -14550,7 +14550,7 @@ CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting i
 CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...)
 	NOT-FOR-US: Soko
 CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pris ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...)
 	NOT-FOR-US: WooCommerce plugin
 CVE-2023-28421
@@ -14560,7 +14560,7 @@ CVE-2023-28420
 CVE-2023-28419
 	RESERVED
 CVE-2023-28418 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-28417
 	RESERVED
 CVE-2023-28416
@@ -14582,7 +14582,7 @@ CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.0
 CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...)
 	NOT-FOR-US: SR-7100V
 CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks ...)
-	TODO: check
+	NOT-FOR-US: "NewsPicks" App
 CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
 	NOT-FOR-US: ESS REC Agent Server Edition
 CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
@@ -15049,7 +15049,7 @@ CVE-2023-28297 (Windows Remote Procedure Call Service (RPCSS) Elevation of Privi
 CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-28294
 	RESERVED
 CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -15065,7 +15065,7 @@ CVE-2023-28289
 CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
@@ -15375,13 +15375,13 @@ CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
 CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...)
 	NOT-FOR-US: Bosch
 CVE-2023-28174 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLig ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28173
 	RESERVED
 CVE-2023-28172
 	RESERVED
 CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-28170
 	RESERVED
 CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
@@ -15391,7 +15391,7 @@ CVE-2023-28168
 CVE-2023-28167
 	RESERVED
 CVE-2023-28166 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Ka ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28165
 	RESERVED
 CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the  ...)
@@ -15742,7 +15742,7 @@ CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementat
 CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
 	NOT-FOR-US: OpenSIPS
 CVE-2023-28094 (Pega platform clients who are using versions 6.1 through 8.8.3 and hav ...)
-	TODO: check
+	NOT-FOR-US: Pega
 CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...)
 	NOT-FOR-US: Pegasystems
 CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...)
@@ -15784,11 +15784,11 @@ CVE-2023-28075
 CVE-2023-28074
 	RESERVED
 CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28072
 	RESERVED
 CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...)
 	NOT-FOR-US: Alienware
 CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
@@ -15800,37 +15800,37 @@ CVE-2023-28067
 CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...)
 	NOT-FOR-US: Dell
 CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update versions 4.8. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28063
 	RESERVED
 CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access  ...)
 	NOT-FOR-US: Dell
 CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28060 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28059 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28058 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28057
 	RESERVED
 CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28055
 	RESERVED
 CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28053
 	RESERVED
 CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...)
 	NOT-FOR-US: Dell
 CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28049
 	RESERVED
 CVE-2023-28048
@@ -15842,43 +15842,43 @@ CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbi
 CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...)
 	NOT-FOR-US: Dell
 CVE-2023-28044 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during  ...)
 	NOT-FOR-US: Dell
 CVE-2023-28042 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28041 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28040 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28039 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28038
 	RESERVED
 CVE-2023-28037
 	RESERVED
 CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	TODO: check
 CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28032 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	TODO: check
 CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28026 (Dell BIOS contains an improper input validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
 	NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
 CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
@@ -15978,7 +15978,7 @@ CVE-2023-28018
 CVE-2023-28017
 	RESERVED
 CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...)
 	NOT-FOR-US: HCL
 CVE-2023-28014



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c64d452ce05cebde3c827b3d58937273ab8adf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c64d452ce05cebde3c827b3d58937273ab8adf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230630/2f6d4a09/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list