[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 11 11:28:38 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e180492a by Salvatore Bonaccorso at 2023-04-11T12:28:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2339,7 +2339,7 @@ CVE-2023-29400
 CVE-2023-1904
 	RESERVED
 CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-1902
 	RESERVED
 CVE-2023-1901
@@ -2998,15 +2998,15 @@ CVE-2023-29191
 CVE-2023-29190
 	RESERVED
 CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29188
 	RESERVED
 CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...)
 	TODO: check
 CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29184
 	RESERVED
 CVE-2023-29183
@@ -3198,15 +3198,15 @@ CVE-2023-29114
 CVE-2023-29113
 	RESERVED
 CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29111 (The SAP AIF (ODATA service) - versions 755, 756, discloses more detail ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29110 (The SAP Application Interface (Message Dashboard) - versions AIF 703,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - versions ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-29107
 	RESERVED
 CVE-2023-29106
@@ -4412,15 +4412,15 @@ CVE-2023-XXXX [RUSTSEC-2022-0092]
 	- rust-rmp-serde 1.1.1-1
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html
 CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-28764
 	RESERVED
 CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-28762
 	RESERVED
 CVE-2023-28761 (In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-28760
 	RESERVED
 CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A vulnerabil ...)
@@ -7331,7 +7331,7 @@ CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a tem
 CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.37 ...)
 	- jenkins <removed>
 CVE-2023-27897 (In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is auth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - version 420, 4 ...)
 	NOT-FOR-US: SAP
 CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the screen to be ...)
@@ -8546,11 +8546,11 @@ CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701,
 CVE-2023-27500 (An attacker with non-administrative authorizations can exploit a direc ...)
 	NOT-FOR-US: SAP
 CVE-2023-27499 (SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-27498 (SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated at ...)
 	NOT-FOR-US: SAP
 CVE-2023-27497 (Due to missing authentication and input sanitization of code the Event ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-27393
 	RESERVED
 CVE-2023-27386
@@ -9216,7 +9216,7 @@ CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform - ve
 CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does  ...)
 	NOT-FOR-US: SAP
 CVE-2023-27267 (Due to missing authentication and insufficient input validation, the O ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
@@ -9705,7 +9705,7 @@ CVE-2023-27078 (A command injection issue was found in TP-Link MR3020 v.1_150921
 CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote attacke ...)
 	NOT-FOR-US: 360 D901
 CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27075
 	RESERVED
 CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...)
@@ -11209,7 +11209,7 @@ CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server for
 CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP P ...)
 	NOT-FOR-US: SAP
 CVE-2023-26458 (An information disclosure vulnerability exists in SAP Landscape Manage ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...)
 	NOT-FOR-US: SAP
 CVE-2023-26456
@@ -16893,7 +16893,7 @@ CVE-2023-24529 (Due to lack of proper input validation, BSP application (CRM_BSP
 CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - ...)
 	NOT-FOR-US: SAP
 CVE-2023-24527 (SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perfo ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - version  ...)
 	NOT-FOR-US: SAP
 CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e180492a9fde7d3b7ac6c511a2820e9d00702975

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e180492a9fde7d3b7ac6c511a2820e9d00702975
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230411/62ed8516/attachment.htm>

More information about the debian-security-tracker-commits mailing list