[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 11 21:39:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c32268e by Salvatore Bonaccorso at 2023-05-11T22:35:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...)
 	TODO: check
 CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-31498 (A privilege escalation issue was found in PHP Gurukul Hospital Managem ...)
-	TODO: check
+	NOT-FOR-US: PHP Gurukul Hospital Management System
 CVE-2023-31475 (An issue was discovered on GL.iNet devices before 3.216. The function  ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet devices
 CVE-2023-31473 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet devices
 CVE-2023-31445 (Cassia Access controller before 2.1.1.2203171453, was discovered to ha ...)
-	TODO: check
+	NOT-FOR-US: Cassia Access controller
 CVE-2023-2661 (A vulnerability was found in SourceCodester Online Computer and Laptop ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-2660 (A vulnerability has been found in SourceCodester Online Computer and L ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-2659 (A vulnerability, which was classified as critical, was found in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-2658 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-2657 (A vulnerability classified as problematic was found in SourceCodester  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
 CVE-2023-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-2653 (A vulnerability classified as critical was found in SourceCodester Los ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Lost and Found Information System
 CVE-2023-2652 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Lost and Found Information System
 CVE-2023-2490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fern ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Automati ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-2455 [Row security policies disregard user ID changes after inlining]
 	{DSA-5401-1}
 	- postgresql-15 <unfixed>
@@ -4666,7 +4666,7 @@ CVE-2023-29865
 CVE-2023-29864
 	RESERVED
 CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to ...)
-	TODO: check
+	NOT-FOR-US: Medical Systems Co. Medisys Weblab Products
 CVE-2023-29862
 	RESERVED
 CVE-2023-29861
@@ -6421,7 +6421,7 @@ CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affect
 CVE-2023-1835
 	RESERVED
 CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...)
 	NOT-FOR-US: DTS Electronics Redline Router firmware
 CVE-2023-1832
@@ -7133,25 +7133,25 @@ CVE-2023-1711
 CVE-2023-29032
 	RESERVED
 CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29030 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29029 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29028 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29027 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29026 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29025 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29024 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
 	- gitlab <unfixed>
 CVE-2023-1709
@@ -11143,7 +11143,7 @@ CVE-2023-27872
 CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensit ...)
 	NOT-FOR-US: IBM
 CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances, could disclo ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27869
 	RESERVED
 CVE-2023-27868
@@ -12127,7 +12127,7 @@ CVE-2023-27556 (IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.
 CVE-2023-27555 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2023-27554 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27553
 	RESERVED
 CVE-2023-27552
@@ -26430,7 +26430,7 @@ CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package. Version
 CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-22719
 	RESERVED
 CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...)
@@ -32417,7 +32417,7 @@ CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10
 CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
 	NOT-FOR-US: Academy LMS
 CVE-2022-47129 (PHPOK v6.3 was discovered to contain a remote code execution (RCE) vul ...)
-	TODO: check
+	NOT-FOR-US: PHPOK
 CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2022-47127 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via  ...)
@@ -143885,7 +143885,7 @@ CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS com
 CVE-2021-34077
 	RESERVED
 CVE-2021-34076 (File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: PHPOK
 CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is se ...)
 	NOT-FOR-US: Artica Pandora FMS
 CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c32268ef6097310dd6be8e4d25e06743c160a73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c32268ef6097310dd6be8e4d25e06743c160a73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230511/cbec3010/attachment.htm>

More information about the debian-security-tracker-commits mailing list