[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 31 19:51:05 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcffc51e by Salvatore Bonaccorso at 2023-10-31T20:50:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,9 +79,9 @@ CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-
 CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...)
-	TODO: check
+	NOT-FOR-US: AnythingLLM
 CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...)
-	TODO: check
+	NOT-FOR-US: AnythingLLM
 CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...)
@@ -109,9 +109,9 @@ CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to
 CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...)
-	TODO: check
+	NOT-FOR-US: Microfocus opentext
 CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...)
-	TODO: check
+	NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs)
 CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...)
 	NOT-FOR-US: Securepoint SSL VPN Client
 CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...)
@@ -145,7 +145,7 @@ CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bou
 CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
 	NOT-FOR-US: SAP
 CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...)
-	TODO: check
+	NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs)
 CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...)
 	- dolibarr <removed>
 	NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3
@@ -153,11 +153,11 @@ CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr
 CVE-2023-4393 (HTML and SMTP injections on the registration page of LiquidFiles versi ...)
 	NOT-FOR-US: LiquidFiles
 CVE-2023-46867 (In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixT ...)
-	TODO: check
+	NOT-FOR-US: International Color Consortium DemoIccMAX
 CVE-2023-46866 (In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp ...)
-	TODO: check
+	NOT-FOR-US: International Color Consortium DemoIccMAX
 CVE-2023-46865 (/api/v1/company/upload-logo in CompanyController.php in crater through ...)
-	TODO: check
+	NOT-FOR-US: Crater
 CVE-2023-46864 (Peppermint Ticket Management through 0.2.4 allows remote attackers to  ...)
 	NOT-FOR-US: Peppermint Ticket Management
 CVE-2023-46863 (Peppermint Ticket Management before 0.2.4 allows remote attackers to r ...)
@@ -1043,7 +1043,7 @@ CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration cou
 CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.)
 	NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any  ...)
-	TODO: check
+	NOT-FOR-US: light-oauth2
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...)
 	- xorg-server <unfixed>
 	[bookworm] - xorg-server <no-dsa> (Minor issue)
@@ -63992,7 +63992,7 @@ CVE-2023-21374 (In System UI, there is a possible factory reset protection bypas
 CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...)
 	NOT-FOR-US: Android
 CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...)
 	NOT-FOR-US: Android
 CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...)
@@ -64118,7 +64118,7 @@ CVE-2023-21311 (In Settings, there is a possible way to control private DNS sett
 CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...)
 	NOT-FOR-US: Android
 CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...)
 	NOT-FOR-US: Android
 CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcffc51eede220b5fa38e11fc8cfbe254cc5a8ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcffc51eede220b5fa38e11fc8cfbe254cc5a8ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231031/cac4b2af/attachment.htm>

More information about the debian-security-tracker-commits mailing list