[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 19 10:03:49 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f6438ca by Salvatore Bonaccorso at 2023-10-19T11:03:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,25 +35,25 @@ CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With i
 CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
 	TODO: check
 CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development.  ...)
-	TODO: check
+	NOT-FOR-US: Arduino Create Agent
 CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development.  ...)
-	TODO: check
+	NOT-FOR-US: Arduino Create Agent
 CVE-2023-43801 (Arduino Create Agent is a package to help manage Arduino development.  ...)
-	TODO: check
+	NOT-FOR-US: Arduino Create Agent
 CVE-2023-43800 (Arduino Create Agent is a package to help manage Arduino development.  ...)
-	TODO: check
+	NOT-FOR-US: Arduino Create Agent
 CVE-2023-37504 (HCL Compass is vulnerable to failure to invalidate sessions. The appli ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-37503 (HCL Compass is vulnerable to insecure password requirements. An attack ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-37502 (HCL Compass is vulnerable to lack of file upload security. An attacker ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-36857 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
-	TODO: check
+	NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware
 CVE-2023-34441 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
-	TODO: check
+	NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware
 CVE-2023-34437 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
-	TODO: check
+	NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware
 CVE-2023-34050 (In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed l ...)
 	TODO: check
 CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...)
@@ -83,7 +83,7 @@ CVE-2023-45912 (WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to val
 CVE-2023-45911 (An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows ...)
 	NOT-FOR-US: WIPOTEC GmbH ComScale
 CVE-2023-45727 (Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gatew ...)
-	TODO: check
+	NOT-FOR-US: Proself
 CVE-2023-45632 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45630 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Ga ...)
@@ -99,7 +99,7 @@ CVE-2023-45604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-45602 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfile ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45383 (In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2. ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop plugin
 CVE-2023-45073 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45072 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kard ...)
@@ -127,9 +127,9 @@ CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AW
 CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a Use ...)
 	TODO: check
 CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-32089 (Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with  ...)
 	NOT-FOR-US: Pega Platform
 CVE-2023-32088 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...)
@@ -36928,7 +36928,7 @@ CVE-2023-26302 (Denial of service could be caused to the command line interface
 CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...)
 	NOT-FOR-US: HP
 CVE-2023-26300 (A potential security vulnerability has been identified in the system B ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
 	NOT-FOR-US: HP
 CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6438ca8fdf78d4765c7973016010ffda1a0d70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f6438ca8fdf78d4765c7973016010ffda1a0d70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231019/c9780363/attachment.htm>

More information about the debian-security-tracker-commits mailing list