[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 1 09:21:06 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a200a0ea by Moritz Muehlenhoff at 2023-11-01T10:20:44+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -193,11 +193,11 @@ CVE-2023-4836 (The WordPress File Sharing Plugin WordPress plugin before 2.0.5 d
 CVE-2023-4823 (The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4390 (The Popup box WordPress plugin before 3.7.2 does not sanitize and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4251 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4250 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-46993 (In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-46992 (TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Acc ...)
@@ -211,7 +211,7 @@ CVE-2023-46977 (TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to conta
 CVE-2023-46976 (TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection vi ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-46723 (lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and  ...)
-	TODO: check
+	NOT-FOR-US: lte-pic32-writer
 CVE-2023-46722 (The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Pr ...)
 	NOT-FOR-US: Pimcore Admin Classic Bundle
 CVE-2023-46622 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...)
@@ -227,52 +227,51 @@ CVE-2023-46255 (SpiceDB is an open source, Google Zanzibar-inspired database for
 CVE-2023-46250 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	TODO: check
 CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to versions 2023. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The Cody AI  ...)
-	TODO: check
+	NOT-FOR-US: Cody
 CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions 2. ...)
-	TODO: check
+	NOT-FOR-US: Kimai
 CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 v ...)
-	TODO: check
+	NOT-FOR-US: CodeIgniter
 CVE-2023-46239 (quic-go is an implementation of the QUIC protocol in Go. Starting in v ...)
 	TODO: check
 CVE-2023-46237 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
-	TODO: check
+	NOT-FOR-US: FOG
 CVE-2023-46236 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
-	TODO: check
+	NOT-FOR-US: FOG
 CVE-2023-46235 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
-	TODO: check
+	NOT-FOR-US: FOG
 CVE-2023-45955 (An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: Nanoleaf Light strip
 CVE-2023-43796 (Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 a ...)
 	TODO: check
 CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow loca ...)
-	TODO: check
+	NOT-FOR-US: Chef InSpec
 CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: Turing Video Turing Edge+ EVC5FD
 CVE-2023-41377
 	REJECTED
-	TODO: check
 CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-40050 (Upload profile either through API or user interface in Chef Automate p ...)
-	TODO: check
+	NOT-FOR-US: Chef Automate
 CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to execute ar ...)
-	TODO: check
+	NOT-FOR-US: Univention
 CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows a ...)
-	TODO: check
+	NOT-FOR-US: Elenos
 CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attac ...)
-	TODO: check
+	NOT-FOR-US: Elenos
 CVE-2023-37243 (The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availabil ...)
-	TODO: check
+	NOT-FOR-US: Atera
 CVE-2023-36508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-35879 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-33927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -2402,6 +2401,7 @@ CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6
 	{DSA-5531-1 DLA-3630-1}
 	- roundcube 1.6.4+dfsg-1 (bug #1054079)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4)
+	NOTE: https://www.openwall.com/lists/oss-security/2023/11/01/1
 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...)
 	NOT-FOR-US: NI System Configuration
 CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception (FPE) vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a200a0ea09dca16899983a64ac3af5ee5c8a8c0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a200a0ea09dca16899983a64ac3af5ee5c8a8c0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/576ff52d/attachment.htm>

More information about the debian-security-tracker-commits mailing list