[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 19 21:27:07 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
755399ce by Salvatore Bonaccorso at 2023-04-19T22:26:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -847,7 +847,7 @@ CVE-2023-30613
 CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
 	TODO: check
 CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
-	TODO: check
+	NOT-FOR-US: Discourse-reactions plugin
 CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...)
 	TODO: check
 CVE-2023-30609
@@ -2597,11 +2597,11 @@ CVE-2023-29925
 CVE-2023-29924
 	RESERVED
 CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...)
-	TODO: check
+	NOT-FOR-US: PowerJob
 CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
-	TODO: check
+	NOT-FOR-US: PowerJob
 CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
-	TODO: check
+	NOT-FOR-US: PowerJob
 CVE-2023-29920
 	RESERVED
 CVE-2023-29919
@@ -3271,7 +3271,7 @@ CVE-2023-29588
 CVE-2023-29587
 	RESERVED
 CVE-2023-29586 (Code Sector TeraCopy 3.9.7 does not perform proper access validation o ...)
-	TODO: check
+	NOT-FOR-US: Code Sector TeraCopy
 CVE-2023-29585
 	RESERVED
 CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
@@ -3937,7 +3937,7 @@ CVE-2023-1902
 CVE-2023-1901
 	RESERVED
 CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2023-1899
 	RESERVED
 CVE-2023-1898
@@ -6088,11 +6088,11 @@ CVE-2023-28752
 CVE-2023-1588
 	RESERVED
 CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2023-1584
 	RESERVED
 	NOT-FOR-US: Quarkus
@@ -9474,9 +9474,9 @@ CVE-2023-27779 (AM Presencia v3.7.3 was discovered to contain a SQL injection vu
 CVE-2023-27778
 	RESERVED
 CVE-2023-27777 (Cross-site scripting (XSS) vulnerability was discovered in Online Jewe ...)
-	TODO: check
+	NOT-FOR-US: Online Jewelry Shop
 CVE-2023-27776 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=c ...)
-	TODO: check
+	NOT-FOR-US: Online Jewelry Shop
 CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...)
 	NOT-FOR-US: LiveAction LiveSP
 CVE-2023-27774
@@ -12365,7 +12365,7 @@ CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer
 CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP thro ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-26599 (XSS vulnerability in TripleSign in Tripleplay Platform releases prior  ...)
-	TODO: check
+	NOT-FOR-US: Tripleplay
 CVE-2023-26598
 	RESERVED
 CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
@@ -14805,9 +14805,9 @@ CVE-2023-0824
 CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...)
-	TODO: check
+	NOT-FOR-US: Tripleplay
 CVE-2023-25759 (OS Command Injection in TripleData Reporting Engine in Tripleplay Plat ...)
-	TODO: check
+	NOT-FOR-US: Tripleplay
 CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...)
 	NOT-FOR-US: Onekey
 CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...)
@@ -15441,9 +15441,9 @@ CVE-2023-25622
 CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...)
 	NOT-FOR-US: Apache Sling
 CVE-2023-25620 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-25619 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
 	NOT-FOR-US: SAP
 CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, allows  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755399ceefba0d522543b93daae11a2fb69cf857

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755399ceefba0d522543b93daae11a2fb69cf857
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230419/94641687/attachment.htm>

More information about the debian-security-tracker-commits mailing list