[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 11 22:11:27 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b24ba48 by Salvatore Bonaccorso at 2023-09-11T23:10:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,61 +24,61 @@ CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy Far
 CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for Symfony ...)
 	TODO: check
 CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions  ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
 CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in  ...)
-	TODO: check
+	NOT-FOR-US: Interact
 CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function  ...)
 	TODO: check
 CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...)
-	TODO: check
+	NOT-FOR-US: Schoolmate
 CVE-2023-40945 (Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Inje ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Doctor Appointment System
 CVE-2023-40944 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schooln ...)
-	TODO: check
+	NOT-FOR-US: Schoolmate
 CVE-2023-40786 (HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowi ...)
-	TODO: check
+	NOT-FOR-US: HKcms
 CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check and pe ...)
-	TODO: check
+	NOT-FOR-US: Softneta MedDream PACS
 CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...)
 	TODO: check
 CVE-2023-3612 (Govee Home app has unprotected access to WebView component which can b ...)
-	TODO: check
+	NOT-FOR-US: Govee Home app
 CVE-2023-3510 (The FTP Access WordPress plugin through 1.0 does not have authorisatio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authentic ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...)
-	TODO: check
+	NOT-FOR-US: Softneta MedDream PACS
 CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...)
 	TODO: check
 CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...)
 	TODO: check
 CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allo ...)
-	TODO: check
+	NOT-FOR-US: ZLMediaKiet
 CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local at ...)
-	TODO: check
+	NOT-FOR-US: RaidenFTPD
 CVE-2023-38829 (An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: NETIS SYSTEMS WF2409E
 CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows admin users  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions  ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
 CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balanc ...)
 	TODO: check
 CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions  ...)
-	TODO: check
+	NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration
 CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_ ...)
-	TODO: check
+	NOT-FOR-US: Qubo
 CVE-2023-36140 (In PHPJabbers Cleaning Business Software 1.0, there is no encryption o ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers
 CVE-2023-31468 (An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime ...)
-	TODO: check
+	NOT-FOR-US: Inosoft
 CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, when c ...)
 	TODO: check
 CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android allows a re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b24ba4809d2132c6678190c53cff830ca423a05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b24ba4809d2132c6678190c53cff830ca423a05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/eefa4903/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list