[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 7 22:36:56 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e61c2e3 by Moritz Muehlenhoff at 2023-11-07T23:35:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2023-5507 (The ImageMapper plugin for WordPress is vulnerable to Stored Cros
 CVE-2023-5506 (The ImageMapper plugin for WordPress is vulnerable to unauthorized los ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5contain a fl ...)
-	TODO: check
+	NOT-FOR-US: Puppet Enterprise
 CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
@@ -43,9 +43,9 @@ CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to
 CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4295 (A local non-privileged user can make improper GPU memory processing op ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-4272 (A local non-privileged user can make GPU processing operations that ex ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSoluti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in funct ...)
@@ -53,17 +53,17 @@ CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in
 CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...)
 	NOT-FOR-US: Tenda
 CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In  ...)
-	TODO: check
+	NOT-FOR-US: Squidex
 CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...)
-	TODO: check
+	NOT-FOR-US: Cosign
 CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...)
 	NOT-FOR-US: Group-Office CRM
 CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...)
 	NOT-FOR-US: BoltWire
 CVE-2023-46253 (Squidex is an open source headless CMS and content management hub. Aff ...)
-	TODO: check
+	NOT-FOR-US: Squidex
 CVE-2023-46252 (Squidex is an open source headless CMS and content management hub. Aff ...)
-	TODO: check
+	NOT-FOR-US: Squidex
 CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -77,7 +77,7 @@ CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File vulner
 CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2  ...)
 	NOT-FOR-US: Wonder CMS
 CVE-2023-3889 (A local non-privileged user can make improper GPU memory processing op ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-37835
 	REJECTED
 CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
@@ -93,7 +93,7 @@ CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID par
 CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4431 (A vulnerability classified as problematic has been found in msyk FMDat ...)
-	TODO: check
+	NOT-FOR-US: msyk FMDataAPI
 CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict URL val ...)
 	NOT-FOR-US: Apache Allura
 CVE-2023-46819 (Missing Authentication in Apache Software Foundation Apache OFBiz when ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e61c2e3f0312b5fbafccadf877f6d968b456bf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e61c2e3f0312b5fbafccadf877f6d968b456bf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/93b8a08a/attachment.htm>

More information about the debian-security-tracker-commits mailing list