[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 15 Sep 2023 02:13:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
71736432 by Salvatore Bonaccorso at 2023-09-15T11:12:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2023-4766 (Improper Neutralization of Special Elements 
used in an SQL Comman
 CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
        NOT-FOR-US: Yepas Digital Yepas
 CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Yordam MedasPro
 CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability 
in Exaga ...)
        NOT-FOR-US: Exagate SYSGuard 3001
 CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
@@ -23,7 +23,7 @@ CVE-2023-42180 (An arbitrary file upload vulnerability in the 
/user/upload compo
 CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log 
query mo ...)
        NOT-FOR-US: lenosp
 CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA 
plugin v10.1 ...)
-       TODO: check
+       NOT-FOR-US: Time to SLA plugin
 CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications 
China M ...)
        NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home 
Gateway
 CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe 
Communicat ...)
@@ -39,11 +39,11 @@ CVE-2023-38558 (A vulnerability has been identified in 
SIMATIC PCS neo (Administ
 CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All 
versions  ...)
        NOT-FOR-US: Siemens
 CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ 
weak passw ...)
-       TODO: check
+       NOT-FOR-US: I-doit pro
 CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are 
configured wi ...)
-       TODO: check
+       NOT-FOR-US: I-doit pro
 CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to 
path trave ...)
-       TODO: check
+       NOT-FOR-US: I-doit pro
 CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 
3.0.2, allow ...)
        TODO: check
 CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site 
WebSocket Hija ...)
@@ -700,7 +700,7 @@ CVE-2023-40040 (An issue was discovered in the MyCrops 
HiGrade "THC Testing & Ca
 CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G 
devices.  ...)
        NOT-FOR-US: ARRIS TG852G, TG862G, and TG1672G devices
 CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS 
certifica ...)
-       TODO: check
+       NOT-FOR-US: Anaconda Python
 CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository 
instantsoft/i ...)
        NOT-FOR-US: icms2
 CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository 
instantsoft/ic ...)
@@ -28441,7 +28441,7 @@ CVE-2023-27472 (quickentity-editor-next is an open 
source, system local, video g
 CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
        NOT-FOR-US: Insyde
 CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 
7.0.41.1141  ...)
-       TODO: check
+       NOT-FOR-US: N-able Take Control Agent
 CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary 
file de ...)
        NOT-FOR-US: Malwarebytes Anti-Exploit
 CVE-2023-27468
@@ -29298,7 +29298,7 @@ CVE-2023-27171
 CVE-2023-27170
        RESERVED
 CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in 
license cl ...)
-       TODO: check
+       NOT-FOR-US: Xpand IT Write-back manager
 CVE-2023-27168
        RESERVED
 CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL 
injection vu ...)
@@ -31251,7 +31251,7 @@ CVE-2023-26371 (Adobe Dimension version 3.4.8 (and 
earlier) is affected by an ou
 CVE-2023-26370
        RESERVED
 CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 
20.005.30516 (and  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2023-26368
        RESERVED
 CVE-2023-26367
@@ -33831,7 +33831,7 @@ CVE-2023-25610
 CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] 
inFortiMan ...)
        NOT-FOR-US: Fortinet
 CVE-2023-25608 (An incomplete filtering of one or more instances of special 
elements v ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-25607
        RESERVED
 CVE-2023-25606 (An improper limitation of a pathname to a restricted directory 
('Path  ...)
@@ -38937,7 +38937,7 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) 
vulnerability in Synopsys Je
 CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP 
library versi ...)
        NOT-FOR-US: Open5GS
 CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
@@ -38947,7 +38947,7 @@ CVE-2023-23842 (The SolarWinds Network Configuration 
Manager was susceptible to
 CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing 
or updat ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of 
Sensitive I ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23838 (Directory traversal and file enumeration vulnerability which 
allowed u ...)
@@ -53847,13 +53847,13 @@ CVE-2022-4058 (The Photo Gallery by 10Web WordPress 
plugin before 1.8.3 does not
 CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily 
guessable ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the 
Management Co ...)
-       TODO: check
+       NOT-FOR-US: BlackBerry
 CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the 
Management ...)
-       TODO: check
+       NOT-FOR-US: BlackBerry
 CVE-2023-21521 (An SQL Injection vulnerability in the Management 
Console(Operator Audi ...)
-       TODO: check
+       NOT-FOR-US: BlackBerry
 CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self 
Service(Credenti ...)
-       TODO: check
+       NOT-FOR-US: BlackBerry
 CVE-2023-21519
        RESERVED
 CVE-2022-45467
@@ -60555,13 +60555,13 @@ CVE-2023-20238 (A vulnerability in the single sign-on 
(SSO) implementation of Ci
 CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could 
allow an u ...)
        NOT-FOR-US: Cisco
 CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR 
software cou ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20235
        RESERVED
 CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow 
an authe ...)
        NOT-FOR-US: Cisco FXOS Software
 CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) 
feature of  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified 
Contact ...)
        NOT-FOR-US: Cisco
 CVE-2023-20231
@@ -60653,9 +60653,9 @@ CVE-2023-20193 (A vulnerability in the Embedded Service 
Router (ESR) of Cisco IS
 CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco 
TelePres ...)
        NOT-FOR-US: Cisco
 CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on 
MPLS in ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20190 (A vulnerability in the classic access control list (ACL) 
compression f ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of 
certain Ci ...)
        NOT-FOR-US: Cisco
 CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco 
Small B ...)
@@ -60765,7 +60765,7 @@ CVE-2023-20137 (Multiple vulnerabilities in the 
web-based management interface o
 CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could 
allow an ...)
        NOT-FOR-US: Cisco
 CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification 
checks cou ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex 
Meetings  ...)
        NOT-FOR-US: Cisco
 CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings 
could all ...)
@@ -83373,7 +83373,7 @@ CVE-2022-35851 (An improper neutralization of input 
during web page generation v
 CVE-2022-35850 (An improper neutralization of script-related HTML tags in a 
web page v ...)
        NOT-FOR-US: Fortinet
 CVE-2022-35849 (An improper neutralization of special elements used in an OS 
command v ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2022-35848
        RESERVED
 CVE-2022-35847 (An improper neutralization of special elements used in a 
template engi ...)
@@ -88039,7 +88039,7 @@ CVE-2022-34240
 CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 (and  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
@@ -88061,13 +88061,13 @@ CVE-2022-34229 (Adobe Acrobat Reader versions 
22.001.20142 (and earlier), 20.005
 CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
@@ -103433,17 +103433,17 @@ CVE-2022-28838 (Acrobat Acrobat Pro DC version 
22.001.2011x (and earlier), 20.00
 CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 
20.005.3033x (and e ...)
        NOT-FOR-US: Adobe
 CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and 
earlier ...)
        NOT-FOR-US: Adobe
 CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and 
earlier ...)
@@ -117811,7 +117811,7 @@ CVE-2022-24095 (Adobe After Effects versions 22.2 
(and earlier) and 18.4.4 (and
 CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 
(and earlie ...)
        NOT-FOR-US: Adobe
 CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 
(and earli ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 
20.004.30017 (an ...)
        NOT-FOR-US: Adobe
 CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 
20.004.30017 (an ...)
@@ -120574,7 +120574,7 @@ CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site 
Request Forgery (CSRF) in
 CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without 
login, unaut ...)
        NOT-FOR-US: YzmCMS
 CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware 
V11.4.8.1.1-20170 ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Hichip Vision Technology IP Camera Firmware
 CVE-2022-23381
        RESERVED
 CVE-2022-23380 (There is a SQL injection vulnerability in the background of 
taocms 3.0 ...)
@@ -131633,7 +131633,7 @@ CVE-2021-44174
 CVE-2021-44173
        RESERVED
 CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-44171 (A improper neutralization of special elements used in an os 
command (' ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the 
command l ...)
@@ -176000,7 +176000,7 @@ CVE-2021-28487
 CVE-2021-28486
        RESERVED
 CVE-2021-28485 (Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 
3.1 rele ...)
-       TODO: check
+       NOT-FOR-US: Ericsson
 CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler 
in Yubi ...)
        NOT-FOR-US: yubihsm-connector
 CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper 
versions b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71736432d3099529542893da0296654368dea8cc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to