[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 17 15:25:15 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6decb0f by Moritz Muehlenhoff at 2023-04-17T16:24:37+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-30775
 CVE-2023-30774
 	RESERVED
 CVE-2023-2109 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging Management Sy ...)
 	NOT-FOR-US: SourceCodester Judging Management System
 CVE-2023-30773
@@ -580,7 +580,7 @@ CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 an
 CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...)
 	NOT-FOR-US: Control iD iDSecure
 CVE-2023-2042 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: DataGear
 CVE-2023-2041 (A vulnerability classified as critical was found in novel-plus 3.6.2.  ...)
 	NOT-FOR-US: novel-plus
 CVE-2023-2040 (A vulnerability classified as critical has been found in novel-plus 3. ...)
@@ -768,7 +768,7 @@ CVE-2023-30544
 CVE-2023-30543
 	RESERVED
 CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin
 CVE-2023-30541
 	RESERVED
 CVE-2023-30540
@@ -778,11 +778,11 @@ CVE-2023-30539
 CVE-2023-30538
 	RESERVED
 CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-30536
 	RESERVED
 CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
-	TODO: check
+	NOT-FOR-US: Snowflake JDBC
 CVE-2023-30534
 	RESERVED
 CVE-2023-30533
@@ -968,7 +968,7 @@ CVE-2023-30476
 CVE-2023-30475
 	RESERVED
 CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
-	TODO: check
+	NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
 CVE-2023-30473
 	RESERVED
 CVE-2023-30472
@@ -2825,7 +2825,7 @@ CVE-2023-29586
 CVE-2023-29585
 	RESERVED
 CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
-	TODO: check
+	NOT-FOR-US: mp4v2
 CVE-2023-29583
 	RESERVED
 CVE-2023-29582
@@ -2859,7 +2859,7 @@ CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerabili
 CVE-2023-29570
 	RESERVED
 CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
-	TODO: check
+	NOT-FOR-US: Cesenta MJS
 CVE-2023-29568
 	RESERVED
 CVE-2023-29567
@@ -3082,7 +3082,7 @@ CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It
 CVE-2023-29530
 	RESERVED
 CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
-	TODO: check
+	NOT-FOR-US: matrix-js-sdk
 CVE-2023-29528
 	RESERVED
 CVE-2023-29527
@@ -3118,7 +3118,7 @@ CVE-2023-29513
 CVE-2023-29512
 	RESERVED
 CVE-2023-29511 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-29510
 	RESERVED
 CVE-2023-29509 (XWiki Commons are technical libraries common to several other top leve ...)
@@ -4147,7 +4147,7 @@ CVE-2023-29196
 CVE-2023-29195
 	RESERVED
 CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
-	TODO: check
+	NOT-FOR-US: Vitess
 CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
 	NOT-FOR-US: Go SpiceDB
 CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with access to t ...)
@@ -4695,7 +4695,7 @@ CVE-2023-29020
 CVE-2023-29019
 	RESERVED
 CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...)
-	TODO: check
+	NOT-FOR-US: open-feature-operator
 CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
 	NOT-FOR-US: Node vm2
 CVE-2023-29016 (The Goobi viewer is a web application that allows digitised material t ...)
@@ -4851,7 +4851,7 @@ CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions fr
 CVE-2023-1707
 	RESERVED
 CVE-2023-1706 (This candidate is unused by its CNA. ...)
-	TODO: check
+	NOT-FOR-US: Unused CVE
 CVE-2023-1705
 	RESERVED
 CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -6869,7 +6869,7 @@ CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vuln
 CVE-2023-25955 (National land numerical information data conversion tool all versions  ...)
 	NOT-FOR-US: National land numerical information data conversion tool
 CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...)
-	TODO: check
+	NOT-FOR-US: KYOCERA
 CVE-2023-25953
 	RESERVED
 CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...)
@@ -8429,7 +8429,7 @@ CVE-2023-1273
 CVE-2023-1272
 	RESERVED
 CVE-2023-1271 (Duplicate. Please use CVE-2023-24421. ...)
-	TODO: check
+	NOT-FOR-US: Duplicated CVE entry
 CVE-2023-1270 (Command Injection in GitHub repository btcpayserver/btcpayserver prior ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...)
@@ -9381,7 +9381,7 @@ CVE-2023-27612
 CVE-2023-27611
 	RESERVED
 CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...)
-	TODO: check
+	NOT-FOR-US: TransbankDevelopers Transbank Webpay
 CVE-2023-27609
 	RESERVED
 CVE-2023-27608
@@ -11132,7 +11132,7 @@ CVE-2023-26971
 CVE-2023-26970
 	RESERVED
 CVE-2023-26969 (Atropim 1.5.26 is vulnerable to Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Atropim
 CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyph ...)
 	NOT-FOR-US: Atrocore
 CVE-2023-26967
@@ -23031,7 +23031,7 @@ CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, doe
 CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...)
 	NOT-FOR-US: Pandora
 CVE-2023-22897 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
-	TODO: check
+	NOT-FOR-US: SecurePoint UTM
 CVE-2023-22896
 	RESERVED
 CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...)
@@ -23826,7 +23826,7 @@ CVE-2023-22689
 CVE-2023-22688
 	RESERVED
 CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...)
-	TODO: check
+	NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
 CVE-2023-22686
 	RESERVED
 CVE-2023-22685
@@ -23912,9 +23912,9 @@ CVE-2014-125046 (A vulnerability, which was classified as critical, was found in
 CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...)
 	- ghidra <itp> (bug #923851)
 CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading procedure  ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...)
-	TODO: check
+	NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2023-22668
 	RESERVED
 CVE-2023-22667
@@ -24104,7 +24104,7 @@ CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits t
 CVE-2023-22621
 	RESERVED
 CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
-	TODO: check
+	NOT-FOR-US: SecurePoint UTM
 CVE-2023-22619
 	RESERVED
 CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does not vali ...)
@@ -24986,9 +24986,9 @@ CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as problem
 CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has been d ...)
 	NOT-FOR-US: Talend Open Studio for MDM
 CVE-2022-48178 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a st ...)
-	TODO: check
+	NOT-FOR-US: X2CRM Open Source Sales CRM
 CVE-2022-48177 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a re ...)
-	TODO: check
+	NOT-FOR-US: X2CRM Open Source Sales CRM
 CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7 ...)
 	NOT-FOR-US: Netgear
 CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...)
@@ -27149,7 +27149,7 @@ CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier)
 CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
 	NOT-FOR-US: Adobe
 CVE-2023-22235 (InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...)
 	NOT-FOR-US: Adobe
 CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6decb0f3540b3a9d3763d1416b40dd7922198c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6decb0f3540b3a9d3763d1416b40dd7922198c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230417/1d3a3760/attachment.htm>

More information about the debian-security-tracker-commits mailing list