[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19795f81 by Salvatore Bonaccorso at 2023-11-21T09:20:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
 CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...)
 	TODO: check
 CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the "user" ...)
-	TODO: check
+	NOT-FOR-US: Dev blog
 CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted file up ...)
-	TODO: check
+	NOT-FOR-US: Dev blog
 CVE-2023-6062 (An arbitrary file write vulnerability exists where an authenticated, r ...)
 	TODO: check
 CVE-2023-5553 (During internal Axis Security Development Model (ASDM) threat-modellin ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of GX W ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2023-5274 (Improper Input Validation vulnerability in simulation function of GX W ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending malformed ...)
 	TODO: check
 CVE-2023-4149 (A vulnerability in the web-based management allows an unauthenticated  ...)
 	TODO: check
 CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security Standards. ...)
-	TODO: check
+	NOT-FOR-US: TestingPlatform
 CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local att ...)
-	TODO: check
+	NOT-FOR-US: TOTOlink
 CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote at ...)
-	TODO: check
+	NOT-FOR-US: WebsiteGuide
 CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to dec ...)
 	TODO: check
 CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcomma ...)
-	TODO: check
+	NOT-FOR-US: Yamcs
 CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. This aff ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2023-46935 (eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lea ...)
-	TODO: check
+	NOT-FOR-US: eyoucms
 CVE-2023-46471 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...)
-	TODO: check
+	NOT-FOR-US: Yamcs
 CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...)
-	TODO: check
+	NOT-FOR-US: Yamcs
 CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote ...)
 	TODO: check
 CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users en ...)
-	TODO: check
+	NOT-FOR-US: Red Lion
 CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...)
-	TODO: check
+	NOT-FOR-US: Red Lion
 CVE-2023-6134
 	NOT-FOR-US: Keycloak
 CVE-2023-5764



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19795f815bd3435c0ee5dd13dfa2e1465b09b923

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19795f815bd3435c0ee5dd13dfa2e1465b09b923
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231121/caa458b5/attachment-0001.htm>