[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 21 20:41:13 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
036fa37f by Salvatore Bonaccorso at 2023-11-21T21:40:42+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...)
-	TODO: check
+	NOT-FOR-US: Duet Display for Windows
 CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
@@ -59,13 +59,13 @@ CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drive
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204
 CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
-	TODO: check
+	NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 3DSwym  ...)
-	TODO: check
+	NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.)
-	TODO: check
+	NOT-FOR-US: zephyr-rtos
 CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...)
 	TODO: check
 CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...)
@@ -73,9 +73,9 @@ CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-fil
 CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...)
 	TODO: check
 CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: SUP Online Shopping
 CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2023-46377
 	REJECTED
 CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...)
@@ -35198,7 +35198,7 @@ CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerabilit
 CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...)
 	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler Client Conn ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector on Windows
 CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...)
 	NOT-FOR-US: Zscaler
 CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...)
@@ -54982,7 +54982,7 @@ CVE-2023-22523
 CVE-2023-22522
 	RESERVED
 CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
-	TODO: check
+	NOT-FOR-US: Crowd Data Center and Server
 CVE-2023-22520
 	RESERVED
 CVE-2023-22519
@@ -54992,7 +54992,7 @@ CVE-2023-22518 (All versions of Confluence Data Center and Server are affected b
 CVE-2023-22517
 	RESERVED
 CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
-	TODO: check
+	NOT-FOR-US: Bamboo Data Center and Server
 CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
 	NOT-FOR-US: Atlassian
 CVE-2023-22514
@@ -71901,11 +71901,11 @@ CVE-2023-20276
 CVE-2023-20275
 	RESERVED
 CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20271
 	RESERVED
 CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...)
@@ -71919,7 +71919,7 @@ CVE-2023-20267 (A vulnerability in the IP geolocation rules of Snort 3 could all
 CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20265 (A vulnerability in the web-based management interface of a small subse ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
@@ -72038,7 +72038,7 @@ CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated
 CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -189870,11 +189870,11 @@ CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded
 CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized  ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2021-27504 (Texas Instruments devices running FREERTOS, malloc returns a valid  po ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments devices
 CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
 	NOT-FOR-US: Ypsomed
 CVE-2021-27502 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments TI-RTOS
 CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-27500 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036fa37f9a01e34a3c460bdfe7e3f6bda9ef2297

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/036fa37f9a01e34a3c460bdfe7e3f6bda9ef2297
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231121/9b312fe6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list