[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 21 20:19:01 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b3f2996 by Salvatore Bonaccorso at 2023-11-21T21:18:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,13 +43,13 @@ CVE-2023-46377
 CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...)
 	NOT-FOR-US: bookstack
 CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...)
-	TODO: check
+	NOT-FOR-US: Nessus Agent
 CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the "user" ...)
 	NOT-FOR-US: Dev blog
 CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted file up ...)
 	NOT-FOR-US: Dev blog
 CVE-2023-6062 (An arbitrary file write vulnerability exists where an authenticated, r ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2023-5553 (During internal Axis Security Development Model (ASDM) threat-modellin ...)
 	NOT-FOR-US: AXIS OS
 CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of GX W ...)
@@ -57,9 +57,9 @@ CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of
 CVE-2023-5274 (Improper Input Validation vulnerability in simulation function of GX W ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending malformed ...)
-	TODO: check
+	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4149 (A vulnerability in the web-based management allows an unauthenticated  ...)
-	TODO: check
+	NOT-FOR-US: Wago
 CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security Standards. ...)
 	NOT-FOR-US: TestingPlatform
 CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local att ...)
@@ -67,7 +67,7 @@ CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a loc
 CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote at ...)
 	NOT-FOR-US: WebsiteGuide
 CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to dec ...)
-	TODO: check
+	NOT-FOR-US: upydev
 CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcomma ...)
 	NOT-FOR-US: Yamcs
 CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. This aff ...)
@@ -79,7 +79,7 @@ CVE-2023-46471 (Cross Site Scripting vulnerability in Space Applications Service
 CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...)
 	NOT-FOR-US: Yamcs
 CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote ...)
-	TODO: check
+	NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS
 CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users en ...)
 	NOT-FOR-US: Red Lion
 CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...)
@@ -133,7 +133,7 @@ CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitis
 CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...)
-	TODO: check
+	NOT-FOR-US: NextAuth.js
 CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the administr ...)
@@ -181,19 +181,19 @@ CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker
 CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has a bro ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...)
-	TODO: check
+	NOT-FOR-US: OpenSIS
 CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...)
 	NOT-FOR-US: Tenda
 CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
@@ -279,7 +279,7 @@ CVE-2023-48017 (Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (C
 CVE-2023-46745 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
 	NOT-FOR-US: LibreNMS
 CVE-2023-46402 (git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Deni ...)
-	TODO: check
+	NOT-FOR-US: git-urls
 CVE-2023-44796 (Cross Site Scripting (XSS) vulnerability in LimeSurvey before version  ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2023-43177 (CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modifi ...)
@@ -67556,11 +67556,11 @@ CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0
 	- chromium 100.0.4896.75-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-21418 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21417 (Sandro Poppi, member of the AXIS OS Bug Bounty Program,  has found tha ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21416 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
 	NOT-FOR-US: AXIS OS
 CVE-2023-21414 (NCC Group has found a flaw during the annual internal penetration test ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b3f29963ff8febca79a50c15be157a59dc0d2b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b3f29963ff8febca79a50c15be157a59dc0d2b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231121/942c0e0e/attachment.htm>

More information about the debian-security-tracker-commits mailing list