[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 25 Oct 2023 05:00:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6f63f2eb by Salvatore Bonaccorso at 2023-10-25T14:00:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,23 +3,23 @@ CVE-2023-5758 (When opening a page in reader mode, the 
redirect URL could have c
 CVE-2023-5752 (When installing a package from a Mercurial VCS URL  (ie "pip 
install   ...)
        TODO: check
 CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized 
modifi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4608 (An authenticated XCC user with elevated privileges can perform 
blind S ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-4607 (An authenticated XCC user can change permissions for any user 
through  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-4606 (An authenticated XCC user with Read-Only permission can change 
a diffe ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-46574 (An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a 
remote att ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2023-46358 (In the module "Referral and Affiliation Program" 
(referralbyphone) ver ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-46347 (In the module "Step by Step products Pack" (ndk_steppingpack) 
version  ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" 
(exportpr ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 
23.0.0.10 co ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If 
an upload ...)
        TODO: check
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar 
Strkeys.  ...)
@@ -31,71 +31,71 @@ CVE-2023-46125 (Fides is an open-source privacy engineering 
platform for managin
 CVE-2023-46124 (Fides is an open-source privacy engineering platform for 
managing the  ...)
        TODO: check
 CVE-2023-46123 (jumpserver is an open source bastion machine, professional 
operation a ...)
-       TODO: check
+       NOT-FOR-US: JumpServer
 CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based 
application ...)
        TODO: check
 CVE-2023-46119 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. 
HTTP API  ...)
        TODO: check
 CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: zzzCMS
 CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: zzzCMS
 CVE-2023-44794 (An issue in Dromara SaToken version 1.36.0 and before allows a 
remote  ...)
-       TODO: check
+       NOT-FOR-US: Dromara SaToken
 CVE-2023-44769 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS 
v.9.4.59197  ...)
-       TODO: check
+       NOT-FOR-US: Zenario CMS
 CVE-2023-44767 (A File upload vulnerability in RiteCMS 3.0 allows a local 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: RiteCMS
 CVE-2023-43961 (An issue in Dromara SaToken version 1.3.50RC and before when 
using Spr ...)
-       TODO: check
+       NOT-FOR-US: Dromara SaToken
 CVE-2023-43795 (GeoServer is an open source software server written in Java 
that allow ...)
        TODO: check
 CVE-2023-43360 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 
allows a  ...)
-       TODO: check
+       NOT-FOR-US: CMSmadesimple
 CVE-2023-41721 (Instances of UniFi Network Application that (i) are run on a 
UniFi Gat ...)
-       TODO: check
+       NOT-FOR-US: UniFi Network Application
 CVE-2023-41339 (GeoServer is an open source software server written in Java 
that allow ...)
        TODO: check
 CVE-2023-3112 (A vulnerability was reported in Elliptic Labs Virtual Lock 
Sensor for  ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2023-39930 (A first-factor authentication bypass vulnerability exists in 
the PingF ...)
-       TODO: check
+       NOT-FOR-US: PingFederate
 CVE-2023-39740 (The leakage of the client secret in Onigiriya-musubee Line 
13.6.1 allo ...)
        TODO: check
 CVE-2023-39739 (The leakage of the client secret in REGINA SWEETS&BAKERY Line 
13.6.1 a ...)
-       TODO: check
+       NOT-FOR-US: REGINA SWEETS&BAKERY Line
 CVE-2023-39737 (The leakage of the client secret in Matsuya Line 13.6.1 allows 
attacke ...)
-       TODO: check
+       NOT-FOR-US: Matsuya Line
 CVE-2023-39736 (The leakage of the client secret in Fukunaga_memberscard Line 
13.6.1 a ...)
-       TODO: check
+       NOT-FOR-US: Fukunaga_memberscard Line
 CVE-2023-39735 (The leakage of the client secret in Uomasa_Saiji_news Line 
13.6.1 allo ...)
-       TODO: check
+       NOT-FOR-US: Uomasa_Saiji_news Line
 CVE-2023-39734 (The leakage of the client secret in VISION MEAT WORKS 
TrackDiner10/10_ ...)
-       TODO: check
+       NOT-FOR-US: VISION MEAT WORKS TrackDiner10/10_mc Line
 CVE-2023-39733 (The leakage of the client secret in TonTon-Tei Line v13.6.1 
allows att ...)
-       TODO: check
+       NOT-FOR-US: TonTon-Tei Line
 CVE-2023-39732 (The leakage of the client secret in Tokueimaru_waiting Line 
13.6.1 all ...)
-       TODO: check
+       NOT-FOR-US: Tokueimaru_waiting Line
 CVE-2023-39219 (PingFederate Administrative Console dependency contains a 
weakness whe ...)
-       TODO: check
+       NOT-FOR-US: PingFederate
 CVE-2023-38041 (A logged in user may elevate its permissions by abusing a 
Time-of-Chec ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-37283 (Under a very specific and highly unrecommended configuration, 
authenti ...)
-       TODO: check
+       NOT-FOR-US: PingFederate
 CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a 
host he ...)
-       TODO: check
+       NOT-FOR-US: sisqualWFM
 CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, 
it is p ...)
        TODO: check
 CVE-2023-34056 (vCenter Server contains a partial information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability 
in the im ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration 
count of  ...)
        TODO: check
 CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a 
hardcoded key.)
-       TODO: check
+       NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key 
without any  ...)
        TODO: check
 CVE-2023-5574 [Use-after-free bug in DamageDestroy]
@@ -26675,7 +26675,7 @@ CVE-2023-29975
 CVE-2023-29974
        RESERVED
 CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which 
can lead ...)
-       TODO: check
+       NOT-FOR-US: Pfsense CE
 CVE-2023-29972
        RESERVED
 CVE-2023-29971
@@ -68186,9 +68186,9 @@ CVE-2022-3701
 CVE-2022-3700
        RESERVED
 CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo 
Hardwa ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo 
HardwareS ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when 
using th ...)
        - ansible 7.0.0+dfsg-1
        [bullseye] - ansible <no-dsa> (Minor issue)
@@ -125246,7 +125246,7 @@ CVE-2022-0355 (Improper Removal of Sensitive 
Information Before Storage or Trans
 CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could 
allow  ...)
        NOT-FOR-US: Lenovo
 CVE-2022-0353 (A denial of service vulnerability was reported in the Lenovo 
HardwareS ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2021-4212 (A potential vulnerability in the SMI callback function used in 
the Leg ...)
        NOT-FOR-US: Lenovo
 CVE-2021-4211 (A potential vulnerability in the SMI callback function used in 
the SMB ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f63f2ebb31fd02a67d953ed1514d2adbd373bd3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to