[Git][security-tracker-team/security-tracker][master] Process new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 28 20:21:51 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7666a459 by Salvatore Bonaccorso at 2023-11-28T21:21:24+01:00
Process new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
 CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LM ...)
-	TODO: check
+	NOT-FOR-US: Alumne LMS
 CVE-2023-6239 (Improperly calculated effective permissions in M-Files Server versions ...)
-	TODO: check
+	NOT-FOR-US: M-Files
 CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Univera Computer System Panorama
 CVE-2023-6151 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...)
-	TODO: check
+	NOT-FOR-US: ESKOM Computer e-municipality module
 CVE-2023-6150 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...)
-	TODO: check
+	NOT-FOR-US: ESKOM Computer e-municipality module
 CVE-2023-49314 (Asana Desktop 2.1.0 on macOS allows code injection because of specific ...)
-	TODO: check
+	NOT-FOR-US: Asana Desktop
 CVE-2023-49313 (A dylib injection vulnerability in XMachOViewer 0.04 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: XMachOViewer
 CVE-2023-49078 (raptor-web is a CMS for game server communities that can be used to ho ...)
-	TODO: check
+	NOT-FOR-US: raptor-web CMS
 CVE-2023-49062 (Katran could disclose non-initialized kernel memory as part of an IP h ...)
 	TODO: check
 CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a remote ...)
 	TODO: check
 CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...)
-	TODO: check
+	NOT-FOR-US: Direct Connection Module in Ezviz
 CVE-2023-48042 (Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: Amazzing Filter for Prestashop
 CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...)
 	TODO: check
 CVE-2023-45286 (A race condition in go-resty can result in HTTP request body disclosur ...)
 	TODO: check
 CVE-2023-42505 (An authenticated user with read permissions on database connections me ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2023-42504 (An authenticated malicious user could initiate multiple concurrent req ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2023-42502 (An authenticated attacker with update datasets permission could change ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2023-42004 (IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-41264 (Netwrix Usercube before 6.0.215, in certain misconfigured on-premises  ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Usercube
 CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWinds Pl ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5,  ...)
 	TODO: check
 CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...)
@@ -61,7 +61,7 @@ CVE-2023-6219 (The BookingPress plugin for WordPress is vulnerable to arbitrary
 CVE-2023-5960 (An improper privilege management vulnerability in the hotspot feature  ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-5885 (The discontinued FFS Colibri product allows a remote user to access fi ...)
-	TODO: check
+	NOT-FOR-US: FFS Colibri
 CVE-2023-5797 (An improper privilege management vulnerability in the debug CLI comman ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-5773
@@ -35043,7 +35043,7 @@ CVE-2023-29062
 CVE-2023-29061
 	RESERVED
 CVE-2023-29060 (The FACSChorus\xe2\u201e\xa2 workstation operating system does not res ...)
-	TODO: check
+	NOT-FOR-US: facschorus
 CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...)
 	NOT-FOR-US: Canon
 CVE-2023-1763 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7666a459a59807df6676c79010648ff79088d6fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7666a459a59807df6676c79010648ff79088d6fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231128/fbee942d/attachment.htm>

More information about the debian-security-tracker-commits mailing list