[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 3 08:00:28 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f49568f8 by Salvatore Bonaccorso at 2023-09-03T09:00:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -126,9 +126,9 @@ CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath b
 	NOTE: https://github.com/libtom/libtommath/pull/546
 	NOTE: https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9
 CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...)
-	TODO: check
+	NOT-FOR-US: RELIC
 CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...)
-	TODO: check
+	NOT-FOR-US: RELIC
 CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...)
 	NOT-FOR-US: NETGEAR
 CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...)
@@ -136,7 +136,7 @@ CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attacker
 CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...)
 	NOT-FOR-US: NebulaGraph Studio
 CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...)
-	TODO: check
+	NOT-FOR-US: smanga
 CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -672,7 +672,7 @@ CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffe
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
 	NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129
 CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions  ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...)
 	NOT-FOR-US: Aruba
 CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...)
@@ -32532,7 +32532,7 @@ CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25489
 	RESERVED
 CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25486
@@ -32554,7 +32554,7 @@ CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25476
 	RESERVED
 CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...)
@@ -33617,11 +33617,11 @@ CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25045
 	RESERVED
 CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25043
 	RESERVED
 CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -34655,9 +34655,9 @@ CVE-2023-24677
 CVE-2023-24676
 	RESERVED
 CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...)
-	TODO: check
+	NOT-FOR-US: BluditCMS
 CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...)
-	TODO: check
+	NOT-FOR-US: BluditCMS
 CVE-2023-24673
 	RESERVED
 CVE-2023-24672
@@ -35700,7 +35700,7 @@ CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Phot
 CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24410
@@ -48873,7 +48873,7 @@ CVE-2022-46529
 CVE-2022-46528
 	RESERVED
 CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow ...)
-	TODO: check
+	NOT-FOR-US: ELSYS ERS
 CVE-2022-46526
 	RESERVED
 CVE-2022-46525
@@ -56598,7 +56598,7 @@ CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vuln
 CVE-2022-44350
 	RESERVED
 CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scri ...)
-	TODO: check
+	NOT-FOR-US: NAVBLUE S.A.S N-Ops & Crew
 CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Sanitization Management System
 CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -63616,7 +63616,7 @@ CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause
 CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and the de ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
 	NOT-FOR-US: Generex CS141
 CVE-2022-42456
@@ -122667,7 +122667,7 @@ CVE-2021-46130
 CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS  ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] inFortiMana ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f49568f8b4b673ef04403eee39a4b2a398670242

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f49568f8b4b673ef04403eee39a4b2a398670242
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230903/a05f6807/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list