[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 06 Dec 2023 00:35:16 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6ca12182 by Salvatore Bonaccorso at 2023-12-06T09:34:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2023-6527 (The Email Subscription Popup plugin for WordPress is vulnerable 
to Ref ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5970 (Improper authentication in the SMA100 SSL-VPN virtual office 
portal al ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2023-49897 (An OS command injection vulnerability exists in AE1021PE 
firmware vers ...)
-       TODO: check
+       NOT-FOR-US: AE1021PE firmware
 CVE-2023-49297 (PyDrive2 is a wrapper library of google-api-python-client that 
simplif ...)
        - pydrive2 <unfixed>
        NOTE: 
https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5
@@ -13,19 +13,19 @@ CVE-2023-49283 (microsoft-graph-core the Microsoft Graph 
Library for PHP. The Mi
 CVE-2023-49282 (msgraph-sdk-php is the Microsoft Graph Library for PHP. The 
Microsoft  ...)
        TODO: check
 CVE-2023-48940 (A stored cross-site scripting (XSS) vulnerability in 
/admin.php of Dai ...)
-       TODO: check
+       NOT-FOR-US: DaiCuo
 CVE-2023-48930 (xinhu xinhuoa 2.2.1 contains a File upload vulnerability.)
-       TODO: check
+       NOT-FOR-US: xinhu xinhuoa
 CVE-2023-48849 (Ruijie EG Series Routers version EG_3.0(1)B11P216 and before 
allows un ...)
-       TODO: check
+       NOT-FOR-US: Ruijie EG Series Routers
 CVE-2023-46736 (EspoCRM is an Open Source CRM (Customer Relationship 
Management) softw ...)
-       TODO: check
+       NOT-FOR-US: EspoCRM
 CVE-2023-44221 (Improper neutralization of special elements in the SMA100 
SSL-VPN mana ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2023-41268 (Improper input validation vulnerability in Samsung Open Source 
Escargo ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome 
prior  ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -37302,9 +37302,9 @@ CVE-2023-28878
 CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly 
restric ...)
        NOT-FOR-US: VTEX apps-graphql@2.x GraphQL API module
 CVE-2023-28876 (A Broken Access Control issue in comments to uploaded files in 
Filerun ...)
-       TODO: check
+       NOT-FOR-US: Filerun
 CVE-2023-28875 (A Stored XSS issue in shared files download terms in Filerun 
Update 20 ...)
-       TODO: check
+       NOT-FOR-US: Filerun
 CVE-2023-28874
        RESERVED
 CVE-2023-28873
@@ -50697,7 +50697,7 @@ CVE-2023-24549 (A vulnerability has been identified in 
Solid Edge SE2022 (All ve
 CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN 
configured, malfor ...)
        NOT-FOR-US: Arista
 CVE-2023-24547 (On affected platforms running Arista MOS, the configuration of 
a BGP p ...)
-       TODO: check
+       NOT-FOR-US: Arista
 CVE-2023-24546 (On affected versions of the CloudVision Portal improper access 
control ...)
        NOT-FOR-US: Arista
 CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the 
Software ...)
@@ -57363,11 +57363,11 @@ CVE-2023-22526
 CVE-2023-22525
        RESERVED
 CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were 
affecte ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to 
perform privil ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22522 (This Template Injection vulnerability allows an authenticated 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability 
was intro ...)
        NOT-FOR-US: Crowd Data Center and Server
 CVE-2023-22520



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca12182471ef3510a0bb602315128bb3063b7be

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca12182471ef3510a0bb602315128bb3063b7be
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to