[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 21 12:45:35 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dfe66ac3 by Salvatore Bonaccorso at 2023-04-21T13:45:20+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,9 +29,9 @@ CVE-2023-2207
CVE-2023-2206
RESERVED
CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
- TODO: check
+ NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
- TODO: check
+ NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2203
RESERVED
CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
@@ -454,7 +454,7 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom
CVE-2023-2132
RESERVED
CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...)
- TODO: check
+ NOT-FOR-US: INEA ME RTU firmware
CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Purchase Order Management System
CVE-2023-30792
@@ -10763,13 +10763,13 @@ CVE-2023-27357
CVE-2023-27356
RESERVED
CVE-2023-27355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Sonos One Speaker
CVE-2023-27354 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: Sonos One Speaker
CVE-2023-27353 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: Sonos One Speaker
CVE-2023-27352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Sonos One Speaker
CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...)
NOT-FOR-US: PaperCut
CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...)
@@ -11446,7 +11446,7 @@ CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows atta
CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...)
NOT-FOR-US: XiaoBingby TeaCMS
CVE-2023-27090 (Cross Site Scripting vulnerability found in TeaCMS storage allows atta ...)
- TODO: check
+ NOT-FOR-US: TeaCMS
CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...)
NOT-FOR-US: Ehuacui
CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
@@ -39015,9 +39015,9 @@ CVE-2023-20867
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
NOT-FOR-US: Spring Session
CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20864 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...)
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2023-20863
@@ -135981,7 +135981,7 @@ CVE-2021-36438
CVE-2021-36437
RESERVED
CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows attackers to ...)
- TODO: check
+ NOT-FOR-US: Mobicint Backend for Credit Unions
CVE-2021-36435
RESERVED
CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe66ac380bdd5df6f22123a60c61853e816e305
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfe66ac380bdd5df6f22123a60c61853e816e305
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230421/4e259c54/attachment.htm>
More information about the debian-security-tracker-commits
mailing list