[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 27 16:07:45 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea444445 by Moritz Muehlenhoff at 2023-10-27T17:05:19+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,33 +47,33 @@ CVE-2023-46093 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-46091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45499 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...)
-	TODO: check
+	NOT-FOR-US: VinChin Backup & Recovery
 CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...)
-	TODO: check
+	NOT-FOR-US: VinChin Backup & Recovery
 CVE-2023-44375 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Online Art Gallery
 CVE-2023-44268 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Online Art Gallery
 CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and  ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall Directory Serv ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-44162 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Online Art Gallery
 CVE-2023-43738 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Online Art Gallery
 CVE-2023-43737 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Online Art Gallery
 CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute  ...)
-	TODO: check
+	NOT-FOR-US: CMSmadesimple
 CVE-2023-42406 (SQL injection vulnerability in D-Link Online behavior audit gateway DA ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-42188 (IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).)
-	TODO: check
+	NOT-FOR-US: IceCMS
 CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: Mintty
 CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An Improper Passw ...)
-	TODO: check
+	- egroupware <removed>
 CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability in the v ...)
 	- open-vm-tools <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/3
@@ -84,9 +84,9 @@ CVE-2023-34058 (VMware Tools contains a SAML token signature bypass vulnerabilit
 CVE-2023-34057 (VMware Tools contains a local privilege escalation vulnerability.A mal ...)
 	NOT-FOR-US: WMware
 CVE-2023-33559 (A local file inclusion vulnerability via the lang parameter in OcoMon  ...)
-	TODO: check
+	NOT-FOR-US: OcoMon
 CVE-2023-33558 (An information disclosure vulnerability in the component users-grid-da ...)
-	TODO: check
+	NOT-FOR-US: OcoMon
 CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9, exploitable  ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/63e44bc52047f182601e7817da969a105aa1f721 (6.6-rc7)
@@ -240,12 +240,12 @@ CVE-2023-46345 (Catdoc v0.95 was discovered to contain a NULL pointer dereferenc
 CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to versio ...)
 	TODO: check
 CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...)
-	TODO: check
+	NOT-FOR-US: era-compiler-vyper
 CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...)
 	- twisted <unfixed>
 	NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
 CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...)
-	TODO: check
+	NOT-FOR-US: D-Tale
 CVE-2023-46133 (CryptoES is a cryptography algorithms library compatible with ES6 and  ...)
 	TODO: check
 CVE-2023-45137 (XWiki Platform is a generic wiki platform offering runtime services fo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea4444459b6d89c629b31e4c216a111e2c19ca16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea4444459b6d89c629b31e4c216a111e2c19ca16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231027/23172001/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list