[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 1 09:20:39 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e938aaa by Moritz Muehlenhoff at 2023-09-01T10:20:03+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2023-4698 (Improper Input Validation in GitHub repository usememos/memos prior to ...)
-	TODO: check
+	NOT-FOR-US: Memos
 CVE-2023-4697 (Improper Privilege Management in GitHub repository usememos/memos prio ...)
-	TODO: check
+	NOT-FOR-US: Memos
 CVE-2023-4696 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
-	TODO: check
+	NOT-FOR-US: Memos
 CVE-2023-4695 (Use of Predictable Algorithm in Random Number Generator in GitHub repo ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-4688 (Sensitive information leak through log files. The following products a ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-4299 (Digi RealPort Protocol is vulnerable to a replay attack that may allow ...)
-	TODO: check
+	NOT-FOR-US: Digi RealPort
 CVE-2023-41751 (Sensitive information disclosure due to improper token expiration vali ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-41750 (Sensitive information disclosure due to missing authorization. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-41749 (Sensitive information disclosure due to excessive collection of system ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-39912 (Zoho ManageEngine ADManager Plus through 7202 allows admin users to do ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -60,7 +60,7 @@ CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Function
 CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: Synology
 CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...)
-	TODO: check
+	NOT-FOR-US: Zscaler Proxy
 CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...)
 	NOT-FOR-US: GruppoSCAI RealGimm
 CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...)
@@ -78,7 +78,7 @@ CVE-2023-41045 (Graylog is a free and open log management platform. Graylog make
 CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...)
 	- graylog2 <itp> (bug #652273)
 CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Leshan
 CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	- freerdp2 <unfixed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x
@@ -185,7 +185,7 @@ CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenam
 CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...)
 	TODO: check
 CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...)
-	TODO: check
+	NOT-FOR-US: Zip Swift
 CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...)
 	NOT-FOR-US: Badaso
 CVE-2023-31925 (Brocade  SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication ...)
@@ -203,7 +203,7 @@ CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable to
 CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross ...)
 	NOT-FOR-US: CHP Ads Block Detector plugin for WordPress
 CVE-2023-4640 (The controller responsible for setting the logging level does not incl ...)
-	TODO: check
+	NOT-FOR-US: YugabyteDB
 CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/b ...)
 	NOT-FOR-US: bookstack
 CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...)
@@ -258,7 +258,6 @@ CVE-2023-41039 (RestrictedPython is a restricted execution environment for Pytho
 	- restrictedpython <unfixed>
 	NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
 	NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
-	TODO: check details
 CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
 	NOT-FOR-US: Tenda
 CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
@@ -296,7 +295,7 @@ CVE-2023-40593 (In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a mal
 CVE-2023-40592 (In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attac ...)
 	NOT-FOR-US: Splunk
 CVE-2023-40582 (find-exec is a utility to discover available shell commands. Versions  ...)
-	TODO: check
+	NOT-FOR-US: Node find-exec
 CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
 	- freerdp2 <unfixed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e938aaad72343f64581f3f708dd5d2cf1a07cd6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/37d55eee/attachment.htm>

More information about the debian-security-tracker-commits mailing list