[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 29 12:53:05 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e98dd29 by Salvatore Bonaccorso at 2023-09-29T13:52:05+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
 	TODO: check
 CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to  an Insecure File  ...)
-	TODO: check
+	NOT-FOR-US: Gym Management System Project
 CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authentica ...)
-	TODO: check
+	NOT-FOR-US: Hospital management system
 CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...)
-	TODO: check
+	NOT-FOR-US: Hospital management system
 CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
@@ -17,11 +17,11 @@ CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer
 CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...)
 	TODO: check
 CVE-2023-44464 (pretix before 2023.7.2 allows Pillow to parse EPS files.)
-	TODO: check
+	NOT-FOR-US: pretix
 CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to  an authentic ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to  an authentic ...)
-	TODO: check
+	NOT-FOR-US: Online Movie Ticket Booking System
 CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource  does n ...)
 	TODO: check
 CVE-2023-44167 (The 'name' parameter of the process_registration.php resource  does no ...)
@@ -39,13 +39,13 @@ CVE-2023-43740 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on
 CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource  does not validate t ...)
 	TODO: check
 CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
-	TODO: check
+	NOT-FOR-US: ShokoServer
 CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
 	TODO: check
 CVE-2023-43014 (Asset Management System v1.0 is vulnerable to  an Authenticated SQL In ...)
-	TODO: check
+	NOT-FOR-US: Asset Management System
 CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an  unauthenticated SQL  ...)
-	TODO: check
+	NOT-FOR-US: Asset Management System
 CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -59,11 +59,11 @@ CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior
 CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...)
 	TODO: check
 CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...)
 	TODO: check
 CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)
 	TODO: check
 CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e98dd2986dea373b5724d3f5cefb70e7bc33eb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e98dd2986dea373b5724d3f5cefb70e7bc33eb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230929/76727e5f/attachment.htm>

More information about the debian-security-tracker-commits mailing list