[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 20 21:40:41 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
223950e9 by Salvatore Bonaccorso at 2023-09-20T22:40:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,47 +45,47 @@ CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vuln
 CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
 	- hoteldruid <unfixed>
 CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43204 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43203 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack ov ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43202 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43201 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43200 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43199 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43198 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43197 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43196 (D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack ove ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-43134 (There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3 ...)
 	TODO: check
 CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-42335 (Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and f ...)
-	TODO: check
+	NOT-FOR-US: Fl3xx Dispatch
 CVE-2023-42334 (An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3x ...)
-	TODO: check
+	NOT-FOR-US: Fl3xx Dispatch
 CVE-2023-42331 (A file upload vulnerability in EliteCMS 1.01 allows a remote attacker  ...)
-	TODO: check
+	NOT-FOR-US: EliteCMS
 CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sens ...)
-	TODO: check
+	NOT-FOR-US: CloudExplorer Lite
 CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...)
-	TODO: check
+	NOT-FOR-US: CoreCode MacUpdater
 CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...)
 	TODO: check
 CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...)
@@ -99,25 +99,25 @@ CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization o
 CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...)
 	TODO: check
 CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-39052 (An information leak in Earthgarden_waiting 13.6.1 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Earthgarden_waiting
 CVE-2023-39045 (An information leak in kokoroe_members card Line 13.6.1 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: kokoroe_members card Line
 CVE-2023-39044 (An information leak in ajino-Shiretoko Line v13.6.1 allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: ajino-Shiretoko Line
 CVE-2023-39041 (An information leak in KUKURUDELI Line v13.6.1 allows attackers to obt ...)
-	TODO: check
+	NOT-FOR-US: KUKURUDELI Line
 CVE-2023-38718 (IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a loc ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 a ...)
 	TODO: check
 CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...)
-	TODO: check
+	NOT-FOR-US: PaperCutNG
 CVE-2023-4504 [Postscript parsing heap-based buffer overflow]
 	- cups 2.4.2-6
 	[bookworm] - cups <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223950e92354a89c197605377b185377edf51a22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223950e92354a89c197605377b185377edf51a22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230920/bbbcf46a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list