[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 29 09:53:06 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ffc9601 by Moritz Muehlenhoff at 2023-11-29T10:52:31+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 a
 CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and befor ...)
 	NOT-FOR-US: GL.iNet AX1800
 CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: GitKraken GitLens
 CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management office  ...)
 	NOT-FOR-US: Dreamer CMS
 CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. ...)
@@ -57,7 +57,7 @@ CVE-2023-49313 (A dylib injection vulnerability in XMachOViewer 0.04 allows atta
 CVE-2023-49078 (raptor-web is a CMS for game server communities that can be used to ho ...)
 	NOT-FOR-US: raptor-web CMS
 CVE-2023-49062 (Katran could disclose non-initialized kernel memory as part of an IP h ...)
-	TODO: check
+	NOT-FOR-US: Katran
 CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a remote ...)
 	NOT-FOR-US: ureport
 CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...)
@@ -115,7 +115,7 @@ CVE-2023-5773
 CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of the Zyxe ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-4667 (The web interface of the PAC Device allows the device administrator us ...)
-	TODO: check
+	NOT-FOR-US: SIGMA
 CVE-2023-4398 (An integer overflow vulnerability in the source code of the QuickSec I ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
@@ -143,7 +143,7 @@ CVE-2023-49044 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a
 CVE-2023-49030 (SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows ...)
 	NOT-FOR-US: in32ns KLive
 CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and serving  ...)
-	TODO: check
+	NOT-FOR-US: Knative
 CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4 ...)
 	NOT-FOR-US: PrestaShop opartdevis
 CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker  ...)
@@ -155,9 +155,9 @@ CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute
 CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to exec ...)
 	NOT-FOR-US: jflyfox jfinalCMS
 CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing an authen ...)
-	TODO: check
+	NOT-FOR-US: Pachno
 CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Owncast
 CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for P ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...)
@@ -254,7 +254,7 @@ CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to a
 CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not implement a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting version 1 ...)
-	TODO: check
+	NOT-FOR-US: Frhed
 CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...)
@@ -353,9 +353,9 @@ CVE-2023-6301 (A vulnerability has been found in SourceCodester Best Courier Man
 CVE-2023-6300 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester Best Courier Management System
 CVE-2023-6299 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Apryse iText
 CVE-2023-6298 (A vulnerability classified as problematic was found in Apryse iText 8. ...)
-	TODO: check
+	NOT-FOR-US: Apryse iText
 CVE-2023-6297 (A vulnerability classified as problematic has been found in PHPGurukul ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2023-6296 (A vulnerability was found in osCommerce 4. It has been rated as proble ...)
@@ -32777,7 +32777,7 @@ CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/Gen
 CVE-2023-29771
 	RESERVED
 CVE-2023-29770 (In Sentrifugo 3.5, the AssetsController::uploadsaveAction function all ...)
-	TODO: check
+	NOT-FOR-US: Sentrifugo
 CVE-2023-29769
 	RESERVED
 CVE-2023-29768
@@ -50736,7 +50736,7 @@ CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algori
 CVE-2023-24024
 	RESERVED
 CVE-2023-24023 (Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connect ...)
-	TODO: check
+	NOT-FOR-US: Bluetooth protocol issue
 CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with  ...)
 	NOT-FOR-US: Baicells
 CVE-2023-0432 (The web configuration service of the affected device contains an authe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffc9601389ce592140038c440b2684034a27851

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ffc9601389ce592140038c440b2684034a27851
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231129/ef7a7543/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list