[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 6 09:58:54 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e49d0371 by Moritz Muehlenhoff at 2023-10-06T10:58:26+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...)
 	TODO: check
 CVE-2023-5312 (A vulnerability classified as critical has been found in DedeCMS 5.7.1 ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-45242 (Sensitive information disclosure due to missing authorization. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-45241 (Sensitive information leak through log files. The following products a ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-45240 (Sensitive information disclosure due to missing authorization. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-44214 (Sensitive information disclosure due to missing authorization. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-44213 (Sensitive information disclosure due to excessive collection of system ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-44212 (Sensitive information disclosure and manipulation due to missing autho ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-44211 (Sensitive information disclosure and manipulation due to missing autho ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
-	TODO: check
+	NOT-FOR-US: Quick CMS
 CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file upload vu ...)
-	TODO: check
+	NOT-FOR-US: pigcms
 CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-39323 (Line directives ("//line") can be used to bypass the restrictions on " ...)
 	TODO: check
 CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map Photos Pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-10125 (A vulnerability classified as problematic has been found in WP Ultimat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
 	NOT-FOR-US: ourceCodester Online Pizza Ordering System
 CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...)
@@ -35017,23 +35017,23 @@ CVE-2023-26155
 CVE-2023-26154
 	RESERVED
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)
-	TODO: check
+	NOT-FOR-US: geokit-rails
 CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory  ...)
-	TODO: check
+	NOT-FOR-US: Node static-server
 CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...)
-	TODO: check
+	NOT-FOR-US: asyncua
 CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...)
-	TODO: check
+	NOT-FOR-US: asyncua
 CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: Node quill-mention
 CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...)
-	TODO: check
+	NOT-FOR-US: ithewei/libhv
 CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...)
-	TODO: check
+	NOT-FOR-US: ithewei/libhv
 CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...)
-	TODO: check
+	NOT-FOR-US: ithewei/libhv
 CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of  ...)
-	TODO: check
+	NOT-FOR-US: pydash
 CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...)
 	- node-graphql <unfixed>
 	[bookworm] - node-graphql <no-dsa> (Minor issue)
@@ -35042,9 +35042,9 @@ CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 ar
 	NOTE: https://github.com/graphql/graphql-js/issues/3955
 	NOTE: https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226
 CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Arbitrar ...)
-	TODO: check
+	NOT-FOR-US: Node blamer
 CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
-	TODO: check
+	NOT-FOR-US: Crow
 CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial  ...)
 	- ruby-sidekiq <unfixed>
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
@@ -35542,7 +35542,7 @@ CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationM
 CVE-2023-25990
 	RESERVED
 CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25988
 	RESERVED
 CVE-2023-25987
@@ -35560,7 +35560,7 @@ CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...)
@@ -36077,7 +36077,7 @@ CVE-2023-25790
 CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...)
@@ -36184,7 +36184,7 @@ CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS
 CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...)
 	NOT-FOR-US: Plesk
 CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora  ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
 CVE-2023-0826
@@ -37492,7 +37492,7 @@ CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin
 CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
@@ -37544,7 +37544,7 @@ CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP te ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
@@ -38617,7 +38617,7 @@ CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25026
 	RESERVED
 CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sale ...)
@@ -39127,31 +39127,31 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not pr
 CVE-2023-0601
 	RESERVED
 CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24852
 	RESERVED
 CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24846
 	RESERVED
 CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
 	NOT-FOR-US: Siemens
 CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...)
 	NOT-FOR-US: HGiga MailSherlock
 CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...)
@@ -40276,7 +40276,7 @@ CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus t
 CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
 	NOT-FOR-US: Milesight UR32L
 CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allow ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...)
 	NOT-FOR-US: Pandora FMS File Manager component
 CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...)
@@ -40290,7 +40290,7 @@ CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client func
 CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability.   ...)
 	- grafana <removed>
 CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in its 2.61 ...)
-	TODO: check
+	NOT-FOR-US: ByDemes Group Airspace CCTV Web Service
 CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check  ...)
@@ -42379,7 +42379,7 @@ CVE-2023-23768
 CVE-2023-23767
 	RESERVED
 CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
@@ -43309,7 +43309,7 @@ CVE-2023-23497 (A logic issue was addressed with improved state management. This
 CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2023-23495 (A permissions issue was addressed with improved redaction of sensitive ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...)
 	NOT-FOR-US: Apple
 CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...)
@@ -46172,7 +46172,7 @@ CVE-2023-22646
 CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
 	NOT-FOR-US: kubewarden
 CVE-2023-22644 (An Innsertion of Sensitive Information into Log File vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: SUSE Manager Server Module
 CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
 	NOT-FOR-US: SAP
 CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...)
@@ -46363,7 +46363,7 @@ CVE-2021-4301 (A vulnerability was found in slackero phpwcms up to 1.9.26 and cl
 CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and classified a ...)
 	NOT-FOR-US: ghostlander Halcyon
 CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia WaveLit ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in PowerDN ...)
 	- pdns-recursor 4.8.1-1 (bug #1029367)
 	[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced later)
@@ -46767,7 +46767,7 @@ CVE-2023-22517
 CVE-2023-22516
 	RESERVED
 CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2023-22514
 	RESERVED
 CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
@@ -48460,13 +48460,13 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write
 CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-22383
 	RESERVED
 CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
 CVE-2022-47912
@@ -48480,11 +48480,11 @@ CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP Fil
 CVE-2022-47894
 	RESERVED
 CVE-2022-47893 (There is a remote code execution vulnerability that affects all versio ...)
-	TODO: check
+	NOT-FOR-US: NetMan 204
 CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated remote attac ...)
-	TODO: check
+	NOT-FOR-US: NetMan 204
 CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the MAC and se ...)
-	TODO: check
+	NOT-FOR-US: NetMan 204
 CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
 CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...)
@@ -49443,9 +49443,9 @@ CVE-2022-47564
 CVE-2022-47563
 	RESERVED
 CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port (111), allowi ...)
-	TODO: check
+	NOT-FOR-US: ekorCCP
 CVE-2022-47561 (The web application stores credentials in clear text in the "admin.xml ...)
-	TODO: check
+	NOT-FOR-US: ekorCCP
 CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices allows  ...)
 	NOT-FOR-US: ekorCCP and ekorRCI devices
 CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...)
@@ -50033,7 +50033,7 @@ CVE-2023-22026
 CVE-2023-22025
 	RESERVED
 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...)
@@ -52855,7 +52855,7 @@ CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le
 CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Build ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46840
 	RESERVED
 CVE-2022-46839
@@ -53206,7 +53206,7 @@ CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user
 CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...)
 	NOT-FOR-US: CODESYS
 CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-21671
@@ -62458,7 +62458,7 @@ CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missi
 CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...)
 	NOT-FOR-US: MediaTek
 CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write due to a ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...)
 	NOT-FOR-US: MediaTek
 CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...)
@@ -62961,13 +62961,13 @@ CVE-2023-20599
 CVE-2023-20598
 	RESERVED
 CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20596
 	RESERVED
 CVE-2023-20595
 	RESERVED
 CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural  ...)
 	{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1}
 	- linux 6.4.4-2
@@ -63680,7 +63680,7 @@ CVE-2023-20261
 CVE-2023-20260
 	RESERVED
 CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20258
 	RESERVED
 CVE-2023-20257
@@ -63728,7 +63728,7 @@ CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allo
 CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20235 (A vulnerability in the on-device application development workflow feat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
 	NOT-FOR-US: Cisco FXOS Software
 CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of  ...)
@@ -64004,7 +64004,7 @@ CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an
 CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure  ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20099
@@ -72308,7 +72308,7 @@ CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
 CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not enforce  ...)
-	TODO: check
+	NOT-FOR-US: OpenShift
 CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
@@ -85423,9 +85423,9 @@ CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulne
 CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
 CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' pa ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' p ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
@@ -147326,7 +147326,7 @@ CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CS
 CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
 	NOT-FOR-US: yourls
 CVE-2021-3784 (Garuda Linux performs an insecure user creation and authentication tha ...)
-	TODO: check
+	NOT-FOR-US: Garuda Linux
 CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
 	NOT-FOR-US: yourls
 CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/cf9fc53a/attachment.htm>


More information about the debian-security-tracker-commits mailing list