[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 22 16:18:50 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd42a2f2 by Moritz Muehlenhoff at 2023-03-22T17:18:21+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2092,7 +2092,7 @@ CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2023-28106 (Pimcore is an open source data and experience management platform. Pri ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...)
-	TODO: check
+	NOT-FOR-US: go-used-util
 CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...)
 	NOT-FOR-US: silverstripe/graphql
 CVE-2023-28103
@@ -2140,7 +2140,7 @@ CVE-2023-28085
 CVE-2023-28084
 	RESERVED
 CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-28082
 	RESERVED
 CVE-2023-28081
@@ -2380,11 +2380,11 @@ CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Enc
 CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db() access ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-1305 (An authenticated attacker can leverage an exposed “box” ob ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr() method via ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...)
 	NOT-FOR-US: UCMS
 CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -2695,9 +2695,9 @@ CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 CVE-2023-1263 (The CMP – Coming Soon & Maintenance plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1262 (Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router  ...)
-	TODO: check
+	NOT-FOR-US: WI-SUN
 CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earli ...)
-	TODO: check
+	NOT-FOR-US: WI-SUN
 CVE-2023-1260
 	RESERVED
 CVE-2023-1259
@@ -2828,11 +2828,11 @@ CVE-2023-27859
 CVE-2023-27858
 	RESERVED
 CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2023-27856 (In affected versions, path traversal exists when processing a message  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2023-27854
 	RESERVED
 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
@@ -3057,7 +3057,7 @@ CVE-2023-27844
 CVE-2023-27843
 	RESERVED
 CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...)
-	TODO: check
+	- extplorer <removed>
 CVE-2023-27841
 	RESERVED
 CVE-2023-27840
@@ -3675,9 +3675,9 @@ CVE-2023-27572
 CVE-2023-27571
 	RESERVED
 CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-27568
 	RESERVED
 CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...)
@@ -3730,7 +3730,7 @@ CVE-2023-1169
 CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js.  ...)
 	NOT-FOR-US: flame.js
 CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the AOS ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2023-1167
 	RESERVED
 CVE-2023-1166
@@ -3911,9 +3911,9 @@ CVE-2023-23567
 CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: Cost Calculator plugin for WordPress
 CVE-2023-1154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Pacsrapor
 CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Pacsrapor
 CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Persolus
 CVE-2023-27520
@@ -5069,7 +5069,7 @@ CVE-2023-27089
 CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
 	NOT-FOR-US: feiqu-opensource Background Vertical
 CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...)
-	TODO: check
+	NOT-FOR-US: Xuxueli
 CVE-2023-27086
 	RESERVED
 CVE-2023-27085
@@ -6324,7 +6324,7 @@ CVE-2023-26515
 CVE-2023-26514
 	RESERVED
 CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
-	TODO: check
+	NOT-FOR-US: Apache Sling
 CVE-2023-26512
 	RESERVED
 CVE-2023-1025
@@ -6420,7 +6420,7 @@ CVE-2023-26499
 CVE-2023-26498
 	RESERVED
 CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-26496
 	RESERVED
 CVE-2023-26495
@@ -8340,9 +8340,9 @@ CVE-2023-25797
 CVE-2023-25796
 	RESERVED
 CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25793
 	RESERVED
 CVE-2023-25792
@@ -8366,7 +8366,7 @@ CVE-2023-25784
 CVE-2023-25783
 	RESERVED
 CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25781
 	RESERVED
 CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
@@ -10218,7 +10218,7 @@ CVE-2023-0683
 CVE-2023-0682
 	RESERVED
 CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-0680
 	REJECTED
 CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management System  ...)
@@ -10453,7 +10453,7 @@ CVE-2023-25137
 CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker t ...)
 	NOT-FOR-US: vBulletin
 CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with  ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2023-25133
 	RESERVED
 CVE-2023-25132
@@ -10599,7 +10599,7 @@ CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision F
 CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25063
 	RESERVED
 CVE-2023-25062
@@ -11218,7 +11218,7 @@ CVE-2023-0600
 CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
 	NOT-FOR-US: Rapid7
 CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
@@ -11559,7 +11559,7 @@ CVE-2023-24711
 CVE-2023-24710
 	RESERVED
 CVE-2023-24709 (An issue found in Paradox Security Systems IPR512 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Paradox Security Systems IPR512
 CVE-2023-24708
 	RESERVED
 CVE-2023-24707
@@ -11621,7 +11621,7 @@ CVE-2023-24680
 CVE-2023-24679
 	RESERVED
 CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attac ...)
-	TODO: check
+	NOT-FOR-US: Centralite Pearl Thermostat
 CVE-2023-24677
 	RESERVED
 CVE-2023-24676
@@ -11635,7 +11635,7 @@ CVE-2023-24673
 CVE-2023-24672
 	RESERVED
 CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an unquoted servic ...)
-	TODO: check
+	NOT-FOR-US: VX Search
 CVE-2023-24670
 	RESERVED
 CVE-2023-24669
@@ -12041,7 +12041,7 @@ CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitra
 CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...)
 	NOT-FOR-US: Dell
 CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-24570
 	RESERVED
 CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...)
@@ -12606,7 +12606,7 @@ CVE-2023-24383
 CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-24380
 	RESERVED
 CVE-2023-24379
@@ -13702,7 +13702,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
 	NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1)
 CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and  ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
 	{DLA-3346-1}
 	- python-werkzeug <unfixed> (bug #1031370)
@@ -13962,7 +13962,7 @@ CVE-2023-0393
 CVE-2023-0392
 	RESERVED
 CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...)
-	TODO: check
+	NOT-FOR-US: MGT-COMMERCE
 CVE-2022-48278
 	RESERVED
 CVE-2022-48277
@@ -14367,7 +14367,7 @@ CVE-2023-23723
 CVE-2023-23722
 	RESERVED
 CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
-	TODO: check
+	NOT-FOR-US: David Gwyer Admin Log
 CVE-2023-23720
 	RESERVED
 CVE-2023-23719



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42a2f2ae4d490d3b942bce86ce2737d2da59f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230322/9e720441/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list