[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 2 22:20:58 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bacd814 by Salvatore Bonaccorso at 2023-05-02T23:20:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2023-32007 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibi ...)
 	- apache-spark <itp> (bug #802194)
 CVE-2023-31435 (Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Te ...)
-	TODO: check
+	NOT-FOR-US: evasys
 CVE-2023-31434 (The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user prof ...)
-	TODO: check
+	NOT-FOR-US: evasys
 CVE-2023-31433 (A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9 ...)
-	TODO: check
+	NOT-FOR-US: evasys
 CVE-2023-2479 (OS Command Injection in GitHub repository appium/appium-desktop prior  ...)
 	TODO: check
 CVE-2023-2477 (A vulnerability was found in Funadmin up to 3.2.3. It has been declare ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-2476 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been ...)
-	TODO: check
+	NOT-FOR-US: Dromara J2eeFAST
 CVE-2023-2475 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classifi ...)
-	TODO: check
+	NOT-FOR-US: Dromara J2eeFAST
 CVE-2023-2474 (A vulnerability has been found in Rebuild 3.2 and classified as proble ...)
-	TODO: check
+	NOT-FOR-US: Rebuild
 CVE-2023-2473 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2023-2445 (Improper access control in Subscriptions Folder path filter in Devolut ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2022-48483 (3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthentica ...)
 	NOT-FOR-US: 3CX
 CVE-2022-48482 (3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows all ...)
@@ -1372,7 +1372,7 @@ CVE-2023-30871
 CVE-2023-30870
 	RESERVED
 CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-30868
 	RESERVED
 CVE-2023-30867
@@ -2622,7 +2622,7 @@ CVE-2023-2002
 CVE-2023-2001
 	RESERVED
 CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Desktop App
 CVE-2023-1999
 	RESERVED
 	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
@@ -3023,7 +3023,7 @@ CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital Wireless-N
 CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...)
 	NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router
 CVE-2023-30403 (An issue in the time-based authentication mechanism of Aigital Aigital ...)
-	TODO: check
+	NOT-FOR-US: Aigital
 CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...)
 	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/206
@@ -3997,7 +3997,7 @@ CVE-2023-29920
 CVE-2023-29919
 	RESERVED
 CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...)
-	TODO: check
+	NOT-FOR-US: RosarioSIS
 CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack  ...)
 	NOT-FOR-US: H3C
 CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack  ...)
@@ -4121,7 +4121,7 @@ CVE-2023-29858
 CVE-2023-29857
 	RESERVED
 CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...)
 	NOT-FOR-US: WBCE CMS
 CVE-2023-29854 (DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the for ...)
@@ -4277,7 +4277,7 @@ CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service v
 CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...)
 	NOT-FOR-US: Sengled Dimmer Switch
 CVE-2023-29778 (GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection v ...)
-	TODO: check
+	NOT-FOR-US: GL.iNET
 CVE-2023-29777
 	RESERVED
 CVE-2023-29776
@@ -4289,7 +4289,7 @@ CVE-2023-29774 (Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (
 CVE-2023-29773
 	RESERVED
 CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/General L ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-29771
 	RESERVED
 CVE-2023-29770
@@ -10731,7 +10731,7 @@ CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
 	NOT-FOR-US: UVdesk
 CVE-2023-1196 (The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1195
 	RESERVED
 	- linux 6.1.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bacd8143606b0c1d52db10bc262b9e52f871cb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bacd8143606b0c1d52db10bc262b9e52f871cb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230502/4d466b57/attachment.htm>

More information about the debian-security-tracker-commits mailing list