[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 25 13:00:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f63f2eb by Salvatore Bonaccorso at 2023-10-25T14:00:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,23 +3,23 @@ CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have c
 CVE-2023-5752 (When installing a package from a Mercurial VCS URL  (ie "pip install   ...)
 	TODO: check
 CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4608 (An authenticated XCC user with elevated privileges can perform blind S ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-4607 (An authenticated XCC user can change permissions for any user through  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-4606 (An authenticated XCC user with Read-Only permission can change a diffe ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-46574 (An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-46358 (In the module "Referral and Affiliation Program" (referralbyphone) ver ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-46347 (In the module "Step by Step products Pack" (ndk_steppingpack) version  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 co ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...)
 	TODO: check
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys.  ...)
@@ -31,71 +31,71 @@ CVE-2023-46125 (Fides is an open-source privacy engineering platform for managin
 CVE-2023-46124 (Fides is an open-source privacy engineering platform for managing the  ...)
 	TODO: check
 CVE-2023-46123 (jumpserver is an open source bastion machine, professional operation a ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based application ...)
 	TODO: check
 CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API  ...)
 	TODO: check
 CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: zzzCMS
 CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: zzzCMS
 CVE-2023-44794 (An issue in Dromara SaToken version 1.36.0 and before allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: Dromara SaToken
 CVE-2023-44769 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197  ...)
-	TODO: check
+	NOT-FOR-US: Zenario CMS
 CVE-2023-44767 (A File upload vulnerability in RiteCMS 3.0 allows a local attacker to  ...)
-	TODO: check
+	NOT-FOR-US: RiteCMS
 CVE-2023-43961 (An issue in Dromara SaToken version 1.3.50RC and before when using Spr ...)
-	TODO: check
+	NOT-FOR-US: Dromara SaToken
 CVE-2023-43795 (GeoServer is an open source software server written in Java that allow ...)
 	TODO: check
 CVE-2023-43360 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
-	TODO: check
+	NOT-FOR-US: CMSmadesimple
 CVE-2023-41721 (Instances of UniFi Network Application that (i) are run on a UniFi Gat ...)
-	TODO: check
+	NOT-FOR-US: UniFi Network Application
 CVE-2023-41339 (GeoServer is an open source software server written in Java that allow ...)
 	TODO: check
 CVE-2023-3112 (A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-39930 (A first-factor authentication bypass vulnerability exists in the PingF ...)
-	TODO: check
+	NOT-FOR-US: PingFederate
 CVE-2023-39740 (The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allo ...)
 	TODO: check
 CVE-2023-39739 (The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 a ...)
-	TODO: check
+	NOT-FOR-US: REGINA SWEETS&BAKERY Line
 CVE-2023-39737 (The leakage of the client secret in Matsuya Line 13.6.1 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: Matsuya Line
 CVE-2023-39736 (The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 a ...)
-	TODO: check
+	NOT-FOR-US: Fukunaga_memberscard Line
 CVE-2023-39735 (The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allo ...)
-	TODO: check
+	NOT-FOR-US: Uomasa_Saiji_news Line
 CVE-2023-39734 (The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_ ...)
-	TODO: check
+	NOT-FOR-US: VISION MEAT WORKS TrackDiner10/10_mc Line
 CVE-2023-39733 (The leakage of the client secret in TonTon-Tei Line v13.6.1 allows att ...)
-	TODO: check
+	NOT-FOR-US: TonTon-Tei Line
 CVE-2023-39732 (The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 all ...)
-	TODO: check
+	NOT-FOR-US: Tokueimaru_waiting Line
 CVE-2023-39219 (PingFederate Administrative Console dependency contains a weakness whe ...)
-	TODO: check
+	NOT-FOR-US: PingFederate
 CVE-2023-38041 (A logged in user may elevate its permissions by abusing a Time-of-Chec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-37283 (Under a very specific and highly unrecommended configuration, authenti ...)
-	TODO: check
+	NOT-FOR-US: PingFederate
 CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host he ...)
-	TODO: check
+	NOT-FOR-US: sisqualWFM
 CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, it is p ...)
 	TODO: check
 CVE-2023-34056 (vCenter Server contains a partial information disclosure vulnerability ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability in the im ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration count of  ...)
 	TODO: check
 CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.)
-	TODO: check
+	NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any  ...)
 	TODO: check
 CVE-2023-5574 [Use-after-free bug in DamageDestroy]
@@ -26675,7 +26675,7 @@ CVE-2023-29975
 CVE-2023-29974
 	RESERVED
 CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...)
-	TODO: check
+	NOT-FOR-US: Pfsense CE
 CVE-2023-29972
 	RESERVED
 CVE-2023-29971
@@ -68186,9 +68186,9 @@ CVE-2022-3701
 CVE-2022-3700
 	RESERVED
 CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
 	- ansible 7.0.0+dfsg-1
 	[bullseye] - ansible <no-dsa> (Minor issue)
@@ -125246,7 +125246,7 @@ CVE-2022-0355 (Improper Removal of Sensitive Information Before Storage or Trans
 CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow  ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-0353 (A denial of service vulnerability was reported in the Lenovo HardwareS ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...)
 	NOT-FOR-US: Lenovo
 CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231025/542bb4af/attachment.htm>

More information about the debian-security-tracker-commits mailing list