[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 31 16:54:19 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d4dc504 by Moritz Muehlenhoff at 2023-05-31T17:53:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2023-33962 (JStachio is a  type-safe Java Mustache templating engine. Prior to ver ...)
-	TODO: check
+	NOT-FOR-US: JStachio
 CVE-2023-33961 (Leantime is a lean open source project management system. Starting in  ...)
-	TODO: check
+	NOT-FOR-US: Leantime
 CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password when shar ...)
-	TODO: check
+	NOT-FOR-US: Macrovideo
 CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers to access ...)
-	TODO: check
+	NOT-FOR-US: luowice
 CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: BlueCMS
 CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 3.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive informatio ...)
 	NOT-FOR-US: IBM
 CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...)
 	NOT-FOR-US: Wordapp plugin for WordPress
 CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
@@ -27,7 +27,7 @@ CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0
 CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: CRM Perks Forms plugin for WordPress
 CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...)
-	TODO: check
+	NOT-FOR-US: shiftfs (part of Ubuntu kernels, not not upstream)
 CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to Cross-Sit ...)
 	NOT-FOR-US: Feather Login Page plugin for WordPress
 CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...)
@@ -41,11 +41,11 @@ CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is vulnerable to Local File
 CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to unauthorized lo ...)
 	NOT-FOR-US: Nested Pages plugin for WordPress
 CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ Plugin up  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on ...)
-	TODO: check
+	NOT-FOR-US: Twitter plugin
 CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on  ...)
-	TODO: check
+	NOT-FOR-US: Twitter plugin
 CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
 	NOT-FOR-US: RIOT-OS
 CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
@@ -53,7 +53,7 @@ CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) device
 CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
 	NOT-FOR-US: RIOT-OS
 CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...)
 	NOT-FOR-US: Apache Airflow CNCF Kubernetes provider
 CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
@@ -65,13 +65,13 @@ CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Versi
 CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...)
 	NOT-FOR-US: CKAN
 CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running  ...)
-	TODO: check
+	NOT-FOR-US: Lima
 CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key St ...)
-	TODO: check
+	NOT-FOR-US: PowerPath
 CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection  ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2023-2994
 	REJECTED
 CVE-2023-2985 [fs: hfsplus: fix UAF issue in hfsplus_put_super]
@@ -80,17 +80,17 @@ CVE-2023-2985 [fs: hfsplus: fix UAF issue in hfsplus_put_super]
 	[buster] - linux 4.19.282-1
 	NOTE: https://git.kernel.org/linus/07db5e247ab5858439b14dd7cc1fe538b9efcf32 (6.3-rc1)
 CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore pr ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository pimcore/pim ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-2981 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium Pydio Cel ...)
-	TODO: check
+	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium Pydi ...)
-	TODO: check
+	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...)
-	TODO: check
+	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2977
 	- opensc <unfixed>
 	NOTE: https://github.com/OpenSC/OpenSC/issues/2785



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4dc504df1ff7942a119d480cae619b727aefbf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d4dc504df1ff7942a119d480cae619b727aefbf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230531/19fdf5bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list