[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 23 12:45:52 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9b41944 by Moritz Muehlenhoff at 2023-10-23T13:45:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 1.
 CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 1.0 and ...)
 	NOT-FOR-US: CodeAstro Internet Banking System
 CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is u ...)
-	TODO: check
+	NOT-FOR-US: free5GC
 CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize  ...)
 	NOT-FOR-US: iTerm2
 CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize  ...)
@@ -31,7 +31,7 @@ CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon
 	NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html
 	NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448
 CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...)
-	TODO: check
+	NOT-FOR-US: Stable Diffusion webui Infinite Image Browsing
 CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback U ...)
@@ -39,7 +39,7 @@ CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ User
 CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4 ...)
-	TODO: check
+	NOT-FOR-US: CX-Designer
 CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...)
 	NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
@@ -533,7 +533,7 @@ CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Mult
 CVE-2023-45826 (Leantime is an open source project management system. A 'userId' varia ...)
 	NOT-FOR-US: Leantime
 CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the YDB pla ...)
-	TODO: check
+	NOT-FOR-US: ydb-go-sdk
 CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2023-45809 (Wagtail is an open source content management system built on Django. A ...)
@@ -679,7 +679,7 @@ CVE-2023-34441 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware versi
 CVE-2023-34437 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
 	NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware
 CVE-2023-34050 (In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed l ...)
-	TODO: check
+	NOT-FOR-US: Spring AMQP
 CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...)
 	NOT-FOR-US: Advantech R-SeeNet
 CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a connect ...)
@@ -773,7 +773,7 @@ CVE-2023-5568 [Heap buffer overflow with freshness tokens in the Heimdal KDC in
 	NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/3310
 	NOTE: https://github.com/samba-team/samba/commit/3280893ae80507e36653a0c7da03c82b88ece30b
 CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...)
-	TODO: check
+	NOT-FOR-US: OJS
 CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: Thumbnail Slider With Lightbox plugin for WordPress
 CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...)
@@ -783,7 +783,7 @@ CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored
 CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
 	NOT-FOR-US: BEAR for WordPress
 CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator.  A `__p ...)
-	TODO: check
+	NOT-FOR-US: Synchrony deobfuscator
 CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...)
 	NOT-FOR-US: OpenFGA
 CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -912,7 +912,7 @@ CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secon
 CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...)
 	NOT-FOR-US: HCL
 CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability.   ...)
-	- grafana <removed>
+	- grafana <not-affected> (Specific to Grafana Enterprise)
 CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...)
 	NOT-FOR-US: Advantech
 CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...)
@@ -1090,7 +1090,7 @@ CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3 unserializ
 CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4457 (Grafana is an open-source platform for monitoring and observability.   ...)
-	- grafana <removed>
+	NOT-FOR-US: Grafana plugin
 CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does not esc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b41944c135b58e07ba826a76e8f113a87e0e2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b41944c135b58e07ba826a76e8f113a87e0e2b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/54ee1886/attachment.htm>

More information about the debian-security-tracker-commits mailing list