[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 15 Sep 2023 13:31:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d521b6f2 by Salvatore Bonaccorso at 2023-09-15T22:30:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2023-42362 (An arbitrary file upload vulnerability in 
Teller Web App v.4.4.0
 CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery 
(CSRF).)
        TODO: check
 CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 
1.18.0, SHI ...)
-       TODO: check
+       NOT-FOR-US: SHIRASAGI
 CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
        TODO: check
 CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
@@ -75,19 +75,19 @@ CVE-2023-41886 (OpenRefine is a powerful free, open source 
tool for working with
 CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime 
versions fr ...)
        TODO: check
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a 
cross-site  ...)
-       TODO: check
+       NOT-FOR-US: Froala Editor
 CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
-       TODO: check
+       NOT-FOR-US: OP-TEE
 CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH 
configura ...)
-       TODO: check
+       NOT-FOR-US: Usermin
 CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while 
editing the au ...)
-       TODO: check
+       NOT-FOR-US: Usermin
 CVE-2023-41156 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
filter and fo ...)
-       TODO: check
+       NOT-FOR-US: Usermin
 CVE-2023-41043 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-41042 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-40986 (A stored cross-site scripting (XSS) vulnerability in the 
Usermin Confi ...)
        TODO: check
 CVE-2023-40985 (An issue was discovered in Webmin 2.100. The File Manager 
functionalit ...)
@@ -99,19 +99,19 @@ CVE-2023-40983 (A reflected cross-site scripting (XSS) 
vulnerability in the File
 CVE-2023-40982 (A stored cross-site scripting (XSS) vulnerability in Webmin 
v2.100 all ...)
        TODO: check
 CVE-2023-40958 (A SQL injection vulnerability in Didotech srl Engineering & 
Lifecycle  ...)
-       TODO: check
+       NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm)
 CVE-2023-40957 (A SQL injection vulnerability in Didotech srl Engineering & 
Lifecycle  ...)
-       TODO: check
+       NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm)
 CVE-2023-40956 (A SQL injection vulnerability in Cloudroits Website Job Search 
v.15.0  ...)
-       TODO: check
+       NOT-FOR-US: Cloudroits Website Job Search
 CVE-2023-40955 (A SQL injection vulnerability in Didotech srl Engineering & 
Lifecycle  ...)
-       TODO: check
+       NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm)
 CVE-2023-40869 (Cross Site Scripting vulnerability in mooSocial mooSocial 
Software 3.1 ...)
-       TODO: check
+       NOT-FOR-US: mooSocial
 CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial 
MooSocial Softwa ...)
-       TODO: check
+       NOT-FOR-US: mooSocial
 CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to 
versions ...)
        TODO: check
 CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
@@ -119,33 +119,33 @@ CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom 
Stack enabling the digi
 CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital tr ...)
        TODO: check
 CVE-2023-3891 (Race condition in Lapce v0.2.8 allows an attacker to elevate 
privilege ...)
-       TODO: check
+       NOT-FOR-US: Lapce
 CVE-2023-3378
        REJECTED
 CVE-2023-39643 (Bl Modules xmlfeeds before v3.9.8 was discovered to contain a 
SQL inje ...)
-       TODO: check
+       NOT-FOR-US: Bl Modules xmlfeeds
 CVE-2023-39642 (Carts Guru cartsguru up to v2.4.2 was discovered to contain a 
SQL inje ...)
-       TODO: check
+       NOT-FOR-US: Carts Guru cartsguru
 CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was discovered to 
contain a SQ ...)
-       TODO: check
+       NOT-FOR-US: Active Design psaffiliate
 CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL 
injectio ...)
-       TODO: check
+       NOT-FOR-US: LeoTheme leoblog
 CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script 
v.3.6 all ...)
        TODO: check
 CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a 
remote auth ...)
-       TODO: check
+       NOT-FOR-US: Vtiger CRM
 CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-38507 (Strapi is the an open-source headless content management 
system. Prior ...)
-       TODO: check
+       NOT-FOR-US: Strapi
 CVE-2023-37459 (Contiki-NG is an operating system for internet-of-things 
devices. In v ...)
-       TODO: check
+       NOT-FOR-US: Contiki-NG
 CVE-2023-37281 (Contiki-NG is an operating system for internet-of-things 
devices. In v ...)
-       TODO: check
+       NOT-FOR-US: Contiki-NG
 CVE-2023-37263 (Strapi is the an open-source headless content management 
system. Prior ...)
-       TODO: check
+       NOT-FOR-US: Strapi
 CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. Long  ...)
        TODO: check
 CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. It ha ...)
@@ -155,9 +155,9 @@ CVE-2023-36657 (An issue was discovered in OPSWAT 
MetaDefender KIOSK 4.6.1.9996.
 CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository 
for the ...)
        TODO: check
 CVE-2023-36472 (Strapi is the an open-source headless content management 
system. Prior ...)
-       TODO: check
+       NOT-FOR-US: Strapi
 CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-4958
        NOT-FOR-US: StackRox
 CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital 
Yepas all ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d521b6f254446517eb93fd3c0377aed711c57acf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d521b6f254446517eb93fd3c0377aed711c57acf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to