[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 12 07:28:02 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
481dc564 by Salvatore Bonaccorso at 2023-04-12T08:26:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4377,7 +4377,7 @@ CVE-2023-28830
 CVE-2023-28829
 	RESERVED
 CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-28827
 	RESERVED
 CVE-2023-28379
@@ -5857,7 +5857,7 @@ CVE-2023-26595
 CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...)
 	NOT-FOR-US: Yokogawa
 CVE-2023-25955 (National land numerical information data conversion tool all versions  ...)
-	TODO: check
+	NOT-FOR-US: National land numerical information data conversion tool
 CVE-2023-25954
 	RESERVED
 CVE-2023-25953
@@ -5871,7 +5871,7 @@ CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version
 CVE-2023-25946
 	RESERVED
 CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: Screen Creator Advance
 CVE-2023-25184
 	RESERVED
 CVE-2023-25072
@@ -6403,11 +6403,11 @@ CVE-2023-28217
 CVE-2023-28216
 	RESERVED
 CVE-2023-27917 (OS command injection vulnerability in CONPROSYS IoT Gateway products a ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS IoT Gateway products
 CVE-2023-27389 (Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway  ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS IoT Gateway products
 CVE-2023-23575 (Improper access control vulnerability in CONPROSYS IoT Gateway product ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS IoT Gateway products
 CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-48402
@@ -6983,7 +6983,7 @@ CVE-2023-28064
 CVE-2023-28063
 	RESERVED
 CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28061
 	RESERVED
 CVE-2023-28060
@@ -7218,7 +7218,7 @@ CVE-2023-27997
 CVE-2023-27996
 	RESERVED
 CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-27994
 	RESERVED
 CVE-2023-27993
@@ -8269,7 +8269,7 @@ CVE-2023-27652
 CVE-2023-27651
 	RESERVED
 CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...)
-	TODO: check
+	NOT-FOR-US: APUS Group Launcher
 CVE-2023-27649
 	RESERVED
 CVE-2023-27648
@@ -8279,7 +8279,7 @@ CVE-2023-27647
 CVE-2023-27646
 	RESERVED
 CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...)
-	TODO: check
+	NOT-FOR-US: POWERAMP audioplayer
 CVE-2023-27644
 	RESERVED
 CVE-2023-27643
@@ -8722,7 +8722,7 @@ CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Persolus
 CVE-2023-27520 (Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printer ...)
-	TODO: check
+	NOT-FOR-US: Epson
 CVE-2023-27511
 	RESERVED
 CVE-2023-27509
@@ -8754,7 +8754,7 @@ CVE-2023-25772
 CVE-2023-24460
 	RESERVED
 CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...)
-	TODO: check
+	NOT-FOR-US: Epson
 CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
 	NOT-FOR-US: SourceCodester Electronic Medical Records System
 CVE-2023-1150
@@ -8873,7 +8873,7 @@ CVE-2023-27466
 CVE-2023-27465
 	RESERVED
 CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
 	NOT-FOR-US: RUGGEDCOM CROSSBOW
 CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
@@ -9644,9 +9644,9 @@ CVE-2023-27194
 CVE-2023-27193
 	RESERVED
 CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker  ...)
-	TODO: check
+	NOT-FOR-US: DUALSPACE Super Secuirty
 CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker  ...)
-	TODO: check
+	NOT-FOR-US: DUALSPACE Super Secuirty
 CVE-2023-27190
 	RESERVED
 CVE-2023-27189
@@ -9670,9 +9670,9 @@ CVE-2023-27181
 CVE-2023-27180 (GDidees CMS v3.9.1 was discovered to contain a source code disclosure  ...)
 	NOT-FOR-US: GDidees CMS
 CVE-2023-27179 (GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: GDidees CMS
 CVE-2023-27178 (An arbitrary file upload vulnerability in the upload function of GDide ...)
-	TODO: check
+	NOT-FOR-US: GDidees CMS
 CVE-2023-27177
 	RESERVED
 CVE-2023-27176
@@ -10079,7 +10079,7 @@ CVE-2023-26988
 CVE-2023-26987
 	RESERVED
 CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: China Mobile OA Mailbox PC
 CVE-2023-26985
 	RESERVED
 CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...)
@@ -10339,7 +10339,7 @@ CVE-2023-26862
 CVE-2023-26861
 	RESERVED
 CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop Igbudget
 CVE-2023-26859
 	RESERVED
 CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
@@ -10483,7 +10483,7 @@ CVE-2023-26790
 CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...)
 	NOT-FOR-US: Veritas
 CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header Injection attack ...)
-	TODO: check
+	NOT-FOR-US: Veritas Appliance
 CVE-2023-26787
 	RESERVED
 CVE-2023-26786
@@ -10511,9 +10511,9 @@ CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 all
 CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...)
 	NOT-FOR-US: Monitorr
 CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Sales Tracker Management System
 CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Management S ...)
-	TODO: check
+	NOT-FOR-US: Sales Tracker Management System
 CVE-2023-26772
 	RESERVED
 CVE-2023-26771
@@ -10894,7 +10894,7 @@ CVE-2023-26599
 CVE-2023-26598
 	RESERVED
 CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2023-26584
 	RESERVED
 CVE-2023-26583
@@ -10974,9 +10974,9 @@ CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/dese
 CVE-2023-26546
 	RESERVED
 CVE-2023-24544 (Improper access control vulnerability in Buffalo network devices allow ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2023-24464 (Stored-cross-site scripting vulnerability in Buffalo network devices a ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...)
 	NOT-FOR-US: TechPowerUp Ryzen DRAM Calculator
 CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...)
@@ -12387,21 +12387,21 @@ CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband M
 CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...)
 	NOT-FOR-US: MCUBO ICT
 CVE-2023-26070 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26069 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26068 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26067 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26066 (Certain Lexmark devices through 2023-02-19 have Improper Validation of ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26065 (Certain Lexmark devices through 2023-02-19 have an Integer Overflow. ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using  ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-26062
 	RESERVED
 CVE-2023-26061



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/481dc5649e6e205dc512c374293ed8684e4b75df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/481dc5649e6e205dc512c374293ed8684e4b75df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/eedb5bc4/attachment.htm>

More information about the debian-security-tracker-commits mailing list