[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 17 09:18:53 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2aa4f499 by Moritz Muehlenhoff at 2023-11-17T10:18:27+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...)
-	TODO: check
+	NOT-FOR-US: Ray
 CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow bypassi ...)
 	NOT-FOR-US: mlflow
 CVE-2023-48659 (An issue was discovered in MISP before 2.4.176. app/Controller/AppCont ...)
@@ -52,71 +52,71 @@ CVE-2023-48231 (Vim is an open source command line text editor. When closing a w
 	NOTE: https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a (v9.0.2106)
 	NOTE: Self-inflicted crash, no security impact
 CVE-2023-48222 (Rundeck is an open source automation service with a web console, comma ...)
-	TODO: check
+	NOT-FOR-US: Rundeck
 CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD Functionality v1 ...)
-	TODO: check
+	NOT-FOR-US: Simple CRUD Functionality
 CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with ...)
-	TODO: check
+	NOT-FOR-US: OpenSupports
 CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a content page\u ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Spe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin#
 CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Cust ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin#
 CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin#
 CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker with an ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was discovered by  ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a  ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2023-47112 (Rundeck is an open source automation service with a web console, comma ...)
-	TODO: check
+	NOT-FOR-US: Rundeck
 CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: Free5gc
 CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escap ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop addon
 CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop addon
 CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a  ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS  ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO
 CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO
 CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO
 CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO
 CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier,  ...)
-	TODO: check
+	NOT-FOR-US: CLUSTERPRO
 CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...)
-	TODO: check
+	NOT-FOR-US: OpenNDS
 CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for  ...)
 	- linux 6.5.6-1
 	[bookworm] - linux 6.1.55-1
@@ -143,7 +143,7 @@ CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2
 CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting  ...)
 	NOT-FOR-US: ModelDB
 CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code  ...)
-	TODO: check
+	NOT-FOR-US: Prefect
 CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...)
 	NOT-FOR-US: Ray's log API endpoint
 CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter allowing ...)
@@ -359,7 +359,7 @@ CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456
 	NOTE: Introduced in:  https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819 (n6.1)
 	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1)
 CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...)
 	NOT-FOR-US: free5GC
 CVE-2023-47345 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...)
@@ -107716,7 +107716,7 @@ CVE-2022-31046 (TYPO3 is an open source web content management system. Prior to
 CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...)
 	NOT-FOR-US: Istio
 CVE-2022-31044 (Rundeck is an open source automation service with a web console, comma ...)
-	NOT-FOR-US: Rundesk
+	NOT-FOR-US: Rundeck
 CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...)
 	{DSA-5246-1}
 	- guzzle 7.4.4-1 (bug #1012821)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa4f499ba9df3d815ef1794255dd10f8de96cf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa4f499ba9df3d815ef1794255dd10f8de96cf7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231117/4bb69979/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list