[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Sep 19 10:05:08 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed083f93 by Moritz Muehlenhoff at 2023-09-19T11:04:33+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
 CVE-2023-4998
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5009 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-42454 (SQLpage is a SQL-only webapp builder. Someone using SQLpage versions p ...)
-	TODO: check
+	NOT-FOR-US: SQLpage
 CVE-2023-42446 (Pow is a authentication and user management solution for Phoenix and P ...)
-	TODO: check
+	NOT-FOR-US: Pow
 CVE-2023-42443 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2023-42441 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2023-42399 (Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0- ...)
-	TODO: check
+	NOT-FOR-US: Jodit Editor
 CVE-2023-41599 (An issue in the component /common/DownController.java of JFinalCMS v5. ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2023-41443 (SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2023-40788 (SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to  ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2023-39058 (An information leak in THE_B_members card v13.6.1 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: THE_B_members
 CVE-2023-39056 (An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Coffee-jumbo
 CVE-2023-39049 (An information leak in youmart-tokunaga v13.6.1 allows attackers to ob ...)
-	TODO: check
+	NOT-FOR-US: youmart-tokunaga
 CVE-2023-39046 (An information leak in TonTon-Tei_waiting Line v13.6.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: TonTon-Tei_waiting Line
 CVE-2023-39043 (An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows at ...)
-	TODO: check
+	NOT-FOR-US: YKC Tokushima_awayokocho Line
 CVE-2023-39040 (An information leak in Cheese Cafe Line v13.6.1 allows attackers to ob ...)
-	TODO: check
+	NOT-FOR-US: Cheese Cafe Line
 CVE-2023-39039 (An information leak in Camp Style Project Line v13.6.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Camp Style Project Line
 CVE-2023-38582 (Persistent cross-site scripting (XSS) in the web application of MOD3GP ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-38255 (A potential attacker with or without (cookie theft) access to the devi ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a re ...)
-	TODO: check
+	NOT-FOR-US: Neos CMS
 CVE-2023-4237 [ec2_key module prints out the private key directly to the standard output]
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
@@ -65,27 +65,27 @@ CVE-2023-42320 (Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V1
 CVE-2023-42253 (Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scrip ...)
 	NOT-FOR-US: Code-Projects Vehicle Management
 CVE-2023-41965 (Sending some requests in the web application of the vulnerable device  ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-41929 (A DLL hijacking vulnerability in Samsung Memory Card & UFD Authenticat ...)
 	NOT-FOR-US: Samsung
 CVE-2023-41595 (An issue in xui-xray v1.8.3 allows attackers to obtain sensitive infor ...)
 	NOT-FOR-US: xui-xray
 CVE-2023-41084 (Session management within the web application is incorrect and allows  ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-41030 (Hard-coded credentials inJuplink RX4-1500 versions V1.0.2 through V1.0 ...)
 	NOT-FOR-US: Juplink RX4-1500
 CVE-2023-40221 (The absence of filters when loading some sections in the web applicati ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-39452 (The web application that owns the device clearly stores the credential ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-39446 (Thanks to the weaknesses that the web application has at the user mana ...)
-	TODO: check
+	NOT-FOR-US: MODULYS GP
 CVE-2023-34999 (A command injection vulnerability exists in RTS VLink Virtual Matrix S ...)
 	NOT-FOR-US: RTS VLink Virtual Matrix Software
 CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyd ...)
 	NOT-FOR-US: Insyde InsydeH2O
 CVE-2023-33831 (A remote command execution (RCE) vulnerability in the /api/runscript e ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling vulnerability  ...)
 	TODO: check
 CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed083f93867a72b8a87e42b2ef698d24f87d39c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed083f93867a72b8a87e42b2ef698d24f87d39c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230919/968bf2f7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list