[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 4 15:56:05 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ba40ade by Moritz Muehlenhoff at 2023-10-04T16:55:51+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -267,7 +267,7 @@ CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v
 CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affecting  ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...)
-	TODO: check
+	NOT-FOR-US: free5GC
 CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -275,7 +275,7 @@ CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...)
-	TODO: check
+	NOT-FOR-US: pretix
 CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -333,7 +333,7 @@ CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 an
 CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...)
 	TODO: check
 CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send crafted no ...)
-	TODO: check
+	NOT-FOR-US: animal-art-lab
 CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to contain  ...)
 	NOT-FOR-US: Deyue Remote Vehicle Management System
 CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish article func ...)
@@ -361,13 +361,13 @@ CVE-2023-40744
 CVE-2023-3967 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	NOT-FOR-US: Hitachi
 CVE-2023-3770 (Incorrect validation vulnerability of the data entered, allowing an at ...)
-	TODO: check
+	NOT-FOR-US: Ingeteam
 CVE-2023-3769 (Incorrect data input validation vulnerability, which could allow an at ...)
-	TODO: check
+	NOT-FOR-US: Ingeteam
 CVE-2023-3768 (Incorrect data input validation vulnerability, which could allow an at ...)
-	TODO: check
+	NOT-FOR-US: Ingeteam
 CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version 9.6.0. This ...)
-	TODO: check
+	NOT-FOR-US: SLiMS
 CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
 	NOT-FOR-US: cashIT!
 CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
@@ -415,7 +415,7 @@ CVE-2023-5326 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It
 CVE-2023-5324 (A vulnerability has been found in eeroOS up to 6.16.4-11 and classifie ...)
 	NOT-FOR-US: eeroOS
 CVE-2023-4211 (A local non-privileged user can make improper GPU memory processing op ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-42132 (FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly ...)
 	NOT-FOR-US: FD Application Apr. 2022 Edition
 CVE-2023-41737 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...)
@@ -697,7 +697,7 @@ CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...)
 	NOT-FOR-US: Apache Avro
 CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
@@ -736,21 +736,21 @@ CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to  an aut
 CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to  an authentic ...)
 	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource  does n ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44167 (The 'name' parameter of the process_registration.php resource  does no ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44166 (The 'age' parameter of the process_registration.php resource  does not ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44165 (The 'Password' parameter of the process_login.php resource  does not v ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44164 (The 'Email' parameter of the process_login.php resource  does not vali ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44163 (The 'search' parameter of the process_search.php resource  does not va ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File Uploa ...)
 	NOT-FOR-US: Online Book Store Project
 CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource  does not validate t ...)
-	TODO: check
+	NOT-FOR-US: Online Book Store Project
 CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
 	NOT-FOR-US: ShokoServer
 CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba40adeb7a04731f1641b5af1b9382daed99b35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba40adeb7a04731f1641b5af1b9382daed99b35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231004/5beb2b99/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list