[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 12 12:02:10 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14973751 by Moritz Muehlenhoff at 2023-04-12T13:01:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3939,9 +3939,9 @@ CVE-2022-48431 (In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle a
 CVE-2022-48430 (In JetBrains IntelliJ IDEA before 2023.1 file content could be disclos ...)
 	- intellij-idea <itp> (bug #747616)
 CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong var ...)
-	TODO: check
+	NOT-FOR-US: Treasure Data Fluent Bit
 CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous p ...)
-	TODO: check
+	NOT-FOR-US: Treasure Data Fluent Bit
 CVE-2023-28958
 	RESERVED
 CVE-2023-28957
@@ -4837,7 +4837,7 @@ CVE-2023-1554
 CVE-2023-1553
 	RESERVED
 CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...)
-	TODO: check
+	NOT-FOR-US: ToolboxST
 CVE-2023-28709
 	RESERVED
 CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse pr ...)
@@ -5928,7 +5928,7 @@ CVE-2023-22441
 CVE-2023-22361
 	RESERVED
 CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
-	TODO: check
+	NOT-FOR-US: WAB-MAT
 CVE-2023-1420
 	RESERVED
 CVE-2023-1419
@@ -10257,7 +10257,7 @@ CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows at
 CVE-2023-26920
 	RESERVED
 CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
-	TODO: check
+	NOT-FOR-US: delight-nashorn-sandbox
 CVE-2023-26918
 	RESERVED
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
@@ -10402,11 +10402,11 @@ CVE-2023-26849
 CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-26847 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...)
-	TODO: check
+	NOT-FOR-US: OpenCATS
 CVE-2023-26846 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...)
-	TODO: check
+	NOT-FOR-US: OpenCATS
 CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: OpenCATS
 CVE-2023-26844
 	RESERVED
 CVE-2023-26843
@@ -11277,7 +11277,7 @@ CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Ex
 CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
 	NOT-FOR-US: Samsung
 CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2023-26494
 	RESERVED
 CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
@@ -11346,9 +11346,9 @@ CVE-2023-26469
 CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...)
 	NOT-FOR-US: Cerebrate
 CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server in a co ...)
-	TODO: check
+	NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...)
-	TODO: check
+	NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26465
 	RESERVED
 CVE-2023-25944
@@ -11858,7 +11858,7 @@ CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arb
 	[bullseye] - mono <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
 CVE-2023-26293 (A vulnerability has been identified in TIA Portal V15 (All versions),  ...)
-	TODO: check
+	NOT-FOR-US: TIA Portal V15
 CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Forcepoint
 CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149737510088229d863ce86501a1957b9fe7f384

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149737510088229d863ce86501a1957b9fe7f384
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/581997b4/attachment.htm>

More information about the debian-security-tracker-commits mailing list