[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 6 22:23:11 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38a1a571 by Salvatore Bonaccorso at 2023-09-06T23:22:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix comp
CVE-2023-4621
REJECTED
CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in Deline ...)
- TODO: check
+ NOT-FOR-US: Delinea Secret Server
CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its v10. ...)
- TODO: check
+ NOT-FOR-US: Delinea Secret Server
CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...)
NOT-FOR-US: Tenda
CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
@@ -31,81 +31,81 @@ CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: c
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in install/index.p ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PD ...)
TODO: check
CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the ...)
TODO: check
CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: F-RevoCRM
CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...)
- TODO: check
+ NOT-FOR-US: F-RevoCRM
CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...)
TODO: check
CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
TODO: check
CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Soc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausibl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 B ...)
- TODO: check
+ NOT-FOR-US: Archer AX6000 firmware
CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 2023061 ...)
- TODO: check
+ NOT-FOR-US: Deco M4 firmware
CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' a ...)
- TODO: check
+ NOT-FOR-US: Archer C5400 firmware
CVE-2023-39511 (Cacti is an open source operational monitoring and fault management fr ...)
TODO: check
CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware versions prior ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' a ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allow ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' a ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-38486 (A vulnerability in the secure boot implementation on affectedAruba 920 ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-37941 (If an attacker gains write access to the Apache Superset metadata data ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware versions ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2023-36388 (Improper REST API permission in Apache Superset up to and including 2. ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-36387 (An improper default REST API permission for Gamma users in Apache Supe ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset versions ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and A ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 1.1 and ea ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Te ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a1a571bffbaa216408599af7e341c07bb41dea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38a1a571bffbaa216408599af7e341c07bb41dea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/ce99f3e2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list