[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 14 11:15:32 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd8c0e1a by Moritz Muehlenhoff at 2023-04-14T12:14:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8289,7 +8289,7 @@ CVE-2023-27777
 CVE-2023-27776
 	RESERVED
 CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...)
-	TODO: check
+	NOT-FOR-US: LiveAction LiveSP
 CVE-2023-27774
 	RESERVED
 CVE-2023-27773
@@ -8431,9 +8431,9 @@ CVE-2023-27706
 CVE-2023-27705
 	RESERVED
 CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Void Tools
 CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...)
-	TODO: check
+	NOT-FOR-US: pikpak
 CVE-2023-27702
 	RESERVED
 CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
@@ -10637,7 +10637,7 @@ CVE-2023-26854
 CVE-2023-26853
 	RESERVED
 CVE-2023-26852 (An arbitrary file upload vulnerability in the upload plugin of Textpat ...)
-	TODO: check
+	NOT-FOR-US: Textpattern CMS
 CVE-2023-26851
 	RESERVED
 CVE-2023-26850
@@ -12551,9 +12551,9 @@ CVE-2023-26124
 CVE-2023-26123
 	RESERVED
 CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...)
-	TODO: check
+	NOT-FOR-US: Node safe-eval
 CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...)
-	TODO: check
+	NOT-FOR-US: Node safe-eval
 CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...)
 	NOT-FOR-US: com.xuxueli:xxl-job
 CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
@@ -12572,7 +12572,7 @@ CVE-2023-26115
 CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
 	NOT-FOR-US: Node code-server
 CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
-	TODO: check
+	NOT-FOR-US: collection.js
 CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...)
 	- configobj <unfixed> (bug #1034152)
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
@@ -29141,7 +29141,7 @@ CVE-2022-47055
 CVE-2022-47054
 	RESERVED
 CVE-2022-47053 (An arbitrary file upload vulnerability in the Digital Assets Manager m ...)
-	TODO: check
+	NOT-FOR-US: DotNetNuke
 CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' i ...)
 	NOT-FOR-US: NETGEAR
 CVE-2022-47051
@@ -60025,7 +60025,7 @@ CVE-2015-10004 (Token validation methods are susceptible to a timing side-channe
 CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...)
 	NOT-FOR-US: golz4 (Golang interface to LZ4)
 CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...)
-	TODO: check
+	NOT-FOR-US: btcsuite
 CVE-2022-37020
 	RESERVED
 CVE-2022-37019
@@ -62497,7 +62497,7 @@ CVE-2022-36062 (Grafana is an open-source platform for monitoring and observabil
 CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
 	NOT-FOR-US: Elrond go
 CVE-2022-36060 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. E ...)
-	TODO: check
+	NOT-FOR-US: matrix-react-sdk
 CVE-2022-36059 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
 	- node-matrix-js-sdk <unfixed> (bug #1018970)
 	[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
@@ -99608,7 +99608,7 @@ CVE-2022-23493 (xrdp is an open source project which provides a graphical login
 	- xrdp 0.9.21.1-1 (bug #1025879)
 	NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v
 CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...)
-	TODO: check
+	NOT-FOR-US: go-libp2p
 CVE-2022-23491 (Certifi is a curated collection of Root Certificates for validating th ...)
 	- python-certifi <unfixed> (unimportant)
 	NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
@@ -150942,7 +150942,7 @@ CVE-2021-30136
 CVE-2021-30135
 	RESERVED
 CVE-2021-30134 (php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows ...)
-	TODO: check
+	NOT-FOR-US: PHP mod-curl
 CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
 	NOT-FOR-US: CloverDX
 CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd8c0e1a577542606428a4cb1f004837fb9b3a91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd8c0e1a577542606428a4cb1f004837fb9b3a91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230414/b99497a2/attachment.htm>


More information about the debian-security-tracker-commits mailing list