[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Sep 2 09:25:11 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1735d69 by Salvatore Bonaccorso at 2023-09-02T10:24:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress
 CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
 	- gpac <unfixed>
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
@@ -20,7 +20,7 @@ CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as pro
 CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
 	NOT-FOR-US: IBOS OA
 CVE-2023-4712 (A vulnerability, which was classified as critical, was found in Xintia ...)
-	TODO: check
+	NOT-FOR-US: Xintian Smart Table Integrated Management System
 CVE-2023-4711 (A vulnerability, which was classified as critical, has been found in D ...)
 	NOT-FOR-US: D-Link
 CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 12.1.  ...)
@@ -56,7 +56,7 @@ CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vuln
 CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allow ...)
 	TODO: check
 CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...)
 	NOT-FOR-US: Lexmark
 CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -70,7 +70,7 @@ CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Edito
 CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...)
 	TODO: check
 CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: LanChain-ai Langchain
 CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh ...)
@@ -98,15 +98,15 @@ CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf
 CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...)
 	TODO: check
 CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...)
-	TODO: check
+	NOT-FOR-US: IceCMS
 CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...)
-	TODO: check
+	NOT-FOR-US: NebulaGraph Studio
 CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...)
 	TODO: check
 CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1735d698450d71e60083889b6876b8d252b4a3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1735d698450d71e60083889b6876b8d252b4a3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230902/84eafcb0/attachment.htm>
