[Git][security-tracker-team/security-tracker][master] 2 commits: Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 23 11:31:41 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d1f185a by Salvatore Bonaccorso at 2023-05-23T12:31:24+02:00
Process some more NFUs

- - - - -
dae66a11 by Salvatore Bonaccorso at 2023-05-23T12:31:25+02:00
Add CVE-2023-25440/civicrm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14413,7 +14413,7 @@ CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS Ope
 CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
 	NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27068 (Deserialization of Untrusted Data in Sitecore Experience Platform thro ...)
-	TODO: check
+	NOT-FOR-US: Sitecore
 CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...)
 	NOT-FOR-US: Sitecore
 CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...)
@@ -19141,7 +19141,7 @@ CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
 CVE-2023-25441
 	RESERVED
 CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
-	TODO: check
+	- civicrm <unfixed>
 CVE-2023-25439
 	RESERVED
 CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
@@ -24079,9 +24079,9 @@ CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, co
 CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...)
 	NOT-FOR-US: Dell
 CVE-2023-23694 (Dell VxRail versions earlier than 7.0.450, contain(s) an OS command in ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-23693 (Dell VxRail, versions prior to 7.0.450, contains an OS command injecti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection  ...)
 	NOT-FOR-US: EMC
 CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...)
@@ -29919,15 +29919,15 @@ CVE-2022-47891
 CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
 CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe
 CVE-2022-47311 (A proprietary protocol for iBoot devices is used for control and keepa ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe
 CVE-2022-46738 (The affected product exposes multiple sensitive data fields of the aff ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe
 CVE-2022-46733 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
 CVE-2022-46658 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe
 CVE-2022-4634 (All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and classi ...)
@@ -40551,7 +40551,7 @@ CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44738
 	RESERVED
 CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...)
@@ -211187,7 +211187,7 @@ CVE-2020-20014
 CVE-2020-20013
 	RESERVED
 CVE-2020-20012 (WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.)
-	TODO: check
+	NOT-FOR-US: WebPlus Pro
 CVE-2020-20011
 	RESERVED
 CVE-2020-20010



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37c9243b60ee472d7c0df765e2b5f6847f3a190f...dae66a11426bf68bac993b481e2670125bea7d3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/37c9243b60ee472d7c0df765e2b5f6847f3a190f...dae66a11426bf68bac993b481e2670125bea7d3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/76d56d19/attachment.htm>

More information about the debian-security-tracker-commits mailing list