[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 23 21:50:23 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4ac4c64 by Salvatore Bonaccorso at 2023-10-23T22:49:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30077,11 +30077,11 @@ CVE-2023-28807
 CVE-2023-28806
 	RESERVED
 CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client Connector ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerability in Z ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28802
 	RESERVED
 CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...)
@@ -30093,15 +30093,15 @@ CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. A
 CVE-2023-28798
 	RESERVED
 CVE-2023-28797 (Zscaler Client Connector for Windows before 4.1 writes/deletes a confi ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28796 (Improper Verification of Cryptographic Signature vulnerability in Zsca ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28795 (Origin Validation Error vulnerability in Zscaler Client Connector on L ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28794
 	RESERVED
 CVE-2023-28793 (Buffer overflow vulnerability in the signelf library used by Zscaler C ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...)
@@ -35574,15 +35574,15 @@ CVE-2023-27154
 CVE-2023-27153
 	RESERVED
 CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authentication, a ...)
-	TODO: check
+	NOT-FOR-US: DECISO OPNsense
 CVE-2023-27151
 	RESERVED
 CVE-2023-27150
 	RESERVED
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
-	TODO: check
+	NOT-FOR-US: Enhancesoft osTicket
 CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...)
-	TODO: check
+	NOT-FOR-US: Enhancesoft osTicket
 CVE-2023-27147
 	RESERVED
 CVE-2023-27146
@@ -186543,15 +186543,15 @@ CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doy
 CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows  ...)
 	NOT-FOR-US: doyocms
 CVE-2021-26738 (Zscaler Client Connector for macOS prior to 3.7 had an unquoted search ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2021-26737 (The Zscaler Client Connector for macOS prior to 3.6 did not sufficient ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2021-26736 (Multiple vulnerabilities in the Zscaler Client Connector Installer and ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2021-26735 (The Zscaler Client Connector Installer and Unsintallers for Windows pr ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2021-26734 (Zscaler Client Connector Installer on Windows before version 3.4.0.124 ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Client Connector
 CVE-2021-26733 (A broken access control vulnerability in the FirstReset_handler_func f ...)
 	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26732 (A broken access control vulnerability in the First_network_func functi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4ac4c642eac8a38655439d911ec48400fe7b1f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4ac4c642eac8a38655439d911ec48400fe7b1f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/319fed00/attachment.htm>


More information about the debian-security-tracker-commits mailing list