[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Oct 24 09:26:49 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6b6a7ee by Salvatore Bonaccorso at 2023-10-24T10:26:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Geeklog-Core geeklog
 CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...)
-	TODO: check
+	NOT-FOR-US: kodbox
 CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: WenwenaiCMS
 CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...)
-	TODO: check
+	NOT-FOR-US: umputun remark42
 CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
-	TODO: check
+	NOT-FOR-US: CMSmadesimple
 CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...)
 	TODO: check
 CVE-2023-39817
@@ -25,11 +25,11 @@ CVE-2023-39815
 CVE-2023-39814
 	REJECTED
 CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community  ...)
-	TODO: check
+	NOT-FOR-US: UVDesk Community Skeleton
 CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...)
-	TODO: check
+	NOT-FOR-US: UVDesk Community Skeleton
 CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...)
-	TODO: check
+	NOT-FOR-US: carRental
 CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...)
 	- linux 6.5.8-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -82375,9 +82375,9 @@ CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.plat
 CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
 	NOT-FOR-US: NotrinosERP
 CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...)
-	TODO: check
+	NOT-FOR-US: AgeVolt Portal
 CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...)
-	TODO: check
+	NOT-FOR-US: AgeVolt Portal
 CVE-2022-38483
 	RESERVED
 CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/3dfef14e/attachment-0001.htm>
