[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e50ab6b3 by Salvatore Bonaccorso at 2023-11-09T21:44:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,43 +55,43 @@ CVE-2023-46743 (application-collabora is an integration of Collabora Online in X
 CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45885 (Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct ...)
-	TODO: check
+	NOT-FOR-US: NASA Open MCT (aka openmct)
 CVE-2023-45884 (Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka  ...)
-	TODO: check
+	NOT-FOR-US: NASA Open MCT (aka openmct)
 CVE-2023-43791 (Label Studio is a multi-type data labeling and annotation tool with st ...)
-	TODO: check
+	NOT-FOR-US: HumanSignal Label Studio
 CVE-2023-41138 (The AppsAnywhere macOS client-privileged helper can be tricked into ex ...)
-	TODO: check
+	NOT-FOR-US: AppsAnywhere macOS client-privileged helper
 CVE-2023-41137 (Symmetric encryption used to protect messages between the AppsAnywhere ...)
-	TODO: check
+	NOT-FOR-US: AppsAnywhere
 CVE-2023-40055 (The Network Configuration Manager was susceptible to a Directory Trave ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2023-40054 (The Network Configuration Manager was susceptible to a Directory Trave ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2023-39198 (A race condition was found in the QXL driver in the Linux kernel. The  ...)
 	TODO: check
 CVE-2023-36688 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34386 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34371 (Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo Spa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34182 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Passw ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34181 (Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34178 (Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Gro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34177 (Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagstr\xf6m W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34171 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Repor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34169 (Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34033 (Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagina ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manage ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-46857
 	NOT-FOR-US: Squidex
 CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...)
@@ -26246,7 +26246,7 @@ CVE-2023-31089
 CVE-2023-31088
 	RESERVED
 CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-31086
 	RESERVED
 CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel  ...)
@@ -41302,7 +41302,7 @@ CVE-2023-26158
 CVE-2023-26157
 	RESERVED
 CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: chromedriver Node.js module
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
 	NOT-FOR-US: node-qpdf
 CVE-2023-26154
@@ -41823,7 +41823,7 @@ CVE-2023-25996
 CVE-2023-25995
 	RESERVED
 CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25993
 	RESERVED
 CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...)
@@ -41861,7 +41861,7 @@ CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25975 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric Shee ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
@@ -67122,7 +67122,7 @@ CVE-2020-36608 (A vulnerability, which was classified as problematic, has been f
 CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens  ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2023-20902 (A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2023-20901
 	RESERVED
 CVE-2023-20900 (A malicious actor that has been granted  Guest Operation Privileges ht ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50ab6b3d6f1ac1e9038bf9f4150c020c459684e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50ab6b3d6f1ac1e9038bf9f4150c020c459684e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231109/575df14c/attachment.htm>