[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 21 21:21:36 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1562d165 by Salvatore Bonaccorso at 2023-09-21T22:21:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb prior to  ...)
-	TODO: check
+	NOT-FOR-US: nocodb
 CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash c ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to version 7.10,  ...)
 	TODO: check
 CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of PCRs is us ...)
@@ -15,35 +15,35 @@ CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and c
 CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in Webmin 2 ...)
 	TODO: check
 CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via th ...)
-	TODO: check
+	NOT-FOR-US: Phpjabbers
 CVE-2023-43242 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43241 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43240 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43239 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43238 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43237 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...)
 	TODO: check
 CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...)
-	TODO: check
+	NOT-FOR-US: Frappe Framework
 CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
 	TODO: check
 CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport protocol. Prior  ...)
 	TODO: check
 CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-42458 (Zope is an open-source web application server. Prior to versions 4.8.1 ...)
-	TODO: check
+	NOT-FOR-US: Zope
 CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELE ...)
 	TODO: check
 CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to  ...)
@@ -51,7 +51,7 @@ CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows use
 CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...)
 	TODO: check
 CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
 	TODO: check
 CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in i ...)
@@ -63,11 +63,11 @@ CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields
 CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...)
 	TODO: check
 CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and ...)
-	TODO: check
+	NOT-FOR-US: Prestashop opartplannedpopup
 CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop opartfaq th ...)
 	TODO: check
 CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse RAP
 CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
 	NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi
 CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
@@ -104,9 +104,9 @@ CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart through
 CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
 	TODO: check
 CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2023-5042 (Sensitive information disclosure due to insecure folder permissions. T ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromi ...)
 	TODO: check
 CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs       The measured boot solution imple ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1562d1654ad4436f2234c48c32b12a9c59a2c77e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1562d1654ad4436f2234c48c32b12a9c59a2c77e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230921/6c78bd35/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list