[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 19 15:37:32 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f823e512 by Moritz Muehlenhoff at 2023-04-19T16:35:16+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9519,7 +9519,7 @@ CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a
 CVE-2023-27706
 	RESERVED
 CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...)
-	TODO: check
+	NOT-FOR-US: APNG Optimizer
 CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
 	NOT-FOR-US: Void Tools
 CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...)
@@ -11234,7 +11234,7 @@ CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to
 CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
 	NOT-FOR-US: My-Blog
 CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Jbootfly
 CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...)
 	NOT-FOR-US: XiaoBingby TeaCMS
 CVE-2023-27090
@@ -15599,25 +15599,25 @@ CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub fr
 CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...)
 	NOT-FOR-US: DataHub
 CVE-2023-25556 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25555 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25554 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25553 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25552 (A CWE-862: Missing Authorization vulnerability exists that could allow ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25551 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25550 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25549 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25548 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25547 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' versi ...)
 	NOT-FOR-US: Dell
 CVE-2023-25543
@@ -17009,7 +17009,7 @@ CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_re
 CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...)
 	NOT-FOR-US: PC settings tool
 CVE-2023-25010 (A malicious actor may convince a victim to open a malicious USD file t ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2023-25009
 	RESERVED
 CVE-2023-25008
@@ -18575,15 +18575,15 @@ CVE-2023-24506
 CVE-2023-24505
 	RESERVED
 CVE-2023-24504 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
-	TODO: check
+	NOT-FOR-US: Electra Central
 CVE-2023-24503 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
-	TODO: check
+	NOT-FOR-US: Electra Central
 CVE-2023-24502 (Electra Central AC unit – The unit opens an AP with an easily ca ...)
-	TODO: check
+	NOT-FOR-US: Electra Central
 CVE-2023-24501 (Electra Central AC unit – Hardcoded Credentials in unspecified c ...)
-	TODO: check
+	NOT-FOR-US: Electra Central
 CVE-2023-24500 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
-	TODO: check
+	NOT-FOR-US: Electra Central
 CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device.  ...)
 	NOT-FOR-US: Butterfly Button plugin
 CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
@@ -20477,9 +20477,9 @@ CVE-2023-22318
 CVE-2023-22309
 	RESERVED
 CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows  ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34,  ...)
 	- check-mk <removed>
 CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
@@ -28196,7 +28196,7 @@ CVE-2023-22005
 CVE-2023-22004
 	RESERVED
 CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	TODO: check
 CVE-2023-22001 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f823e51275a82ea1e76e2e4042354ca48bdf9920

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f823e51275a82ea1e76e2e4042354ca48bdf9920
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230419/5d165037/attachment.htm>

More information about the debian-security-tracker-commits mailing list