[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 22 14:00:42 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f395d3b6 by Salvatore Bonaccorso at 2023-04-22T15:00:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -249,7 +249,7 @@ CVE-2023-30914
CVE-2023-30913
RESERVED
CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2023-2239
RESERVED
CVE-2023-2238
@@ -267,15 +267,15 @@ CVE-2023-2233
CVE-2023-2232
RESERVED
CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
- TODO: check
+ NOT-FOR-US: MAXTECH
CVE-2023-2230
RESERVED
CVE-2023-2229
RESERVED
CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...)
TODO: check
CVE-2023-2225
@@ -291,35 +291,35 @@ CVE-2023-2221
CVE-2022-4944
RESERVED
CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...)
- TODO: check
+ NOT-FOR-US: Dream Technology mica
CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-2218 (A vulnerability has been found in SourceCodester Task Reminder System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-2217 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-2216 (A vulnerability classified as problematic was found in Campcodes Coffe ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2215 (A vulnerability classified as critical has been found in Campcodes Cof ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2214 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2213 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2212 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2211 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2210 (A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2209 (A vulnerability, which was classified as critical, was found in Campco ...)
- TODO: check
+ NOT-FOR-US: Campcodes Coffee Shop POS System
CVE-2023-2208 (A vulnerability, which was classified as critical, has been found in C ...)
- TODO: check
+ NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2207 (A vulnerability classified as critical was found in Campcodes Retro Ba ...)
- TODO: check
+ NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2206 (A vulnerability classified as critical has been found in Campcodes Ret ...)
- TODO: check
+ NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
@@ -701,9 +701,9 @@ CVE-2023-2142
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...)
TODO: check
CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2 ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
CVE-2022-48475
@@ -809,7 +809,7 @@ CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable
CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress
CVE-2023-2118 (Insufficient access control in support ticket feature in Devolutions S ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2023-2117
RESERVED
CVE-2023-2116
@@ -2991,7 +2991,7 @@ CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote co
CVE-2023-29925
RESERVED
CVE-2023-29924 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows ...)
- TODO: check
+ NOT-FOR-US: PowerJob
CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...)
NOT-FOR-US: PowerJob
CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
@@ -3005,31 +3005,31 @@ CVE-2023-29919
CVE-2023-29918
RESERVED
CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29915 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29914 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29913 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29912 (H3C Magic R200 R200V100R004 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29911 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29910 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29909 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29908 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29907 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29906 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29905 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
- TODO: check
+ NOT-FOR-US: H3C
CVE-2023-29904
RESERVED
CVE-2023-29903
@@ -3693,7 +3693,7 @@ CVE-2023-29577
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
NOT-FOR-US: Bento4
CVE-2023-29575 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
NOT-FOR-US: Bento4
CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
@@ -14238,9 +14238,9 @@ CVE-2023-0921
CVE-2022-48330
RESERVED
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...)
- TODO: check
+ NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
- TODO: check
+ NOT-FOR-US: Progress Flowmon
CVE-2023-26099
RESERVED
CVE-2023-26098
@@ -16277,15 +16277,15 @@ CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerabili
CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer ...)
TODO: check
CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1 SBIOS
CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1 BMC
CVE-2023-25507 (NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1 BMC
CVE-2023-25506 (NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a pr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1
CVE-2023-25505 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the A ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1 BMC
CVE-2023-25504 (A malicious actor who has been authenticated and granted specific perm ...)
NOT-FOR-US: Apache Superset
CVE-2023-25503
@@ -23492,25 +23492,25 @@ CVE-2023-22328
CVE-2023-22289
RESERVED
CVE-2023-0209 (NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-1 SBIOS
CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...)
NOT-FOR-US: NVIDIA DCGM for Linux
CVE-2023-0207 (NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modi ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX-2 SBIOS
CVE-2023-0206 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...)
- TODO: check
+ NOT-FOR-US: NVIDIA DGX A100 SBIOS
CVE-2023-0205 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0204 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0203 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0202 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0201 (NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0200 (NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high p ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783)
- nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782)
@@ -25943,7 +25943,7 @@ CVE-2022-48152 (SQL Injection vulnerability in RemoteClinic 2.0 allows attackers
CVE-2022-48151
RESERVED
CVE-2022-48150 (Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...)
NOT-FOR-US: Online Student Admission System in PHP Free Source Code
CVE-2022-48148
@@ -29456,7 +29456,7 @@ CVE-2022-47511
CVE-2022-47510
RESERVED
CVE-2022-47509 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...)
NOT-FOR-US: SolarWinds
CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -29464,7 +29464,7 @@ CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Un
CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...)
NOT-FOR-US: SolarWinds
CVE-2022-47505 (The SolarWinds Platform was susceptible to the Local Privilege Escalat ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -61843,7 +61843,7 @@ CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input fie
CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
NOT-FOR-US: SolarWinds
CVE-2022-36963 (The SolarWinds Platform was susceptible to the Command Injection Vulne ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...)
NOT-FOR-US: SolarWinds
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f395d3b64cf1e728bb51433d30c88063c6d1649c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f395d3b64cf1e728bb51433d30c88063c6d1649c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230422/33710df4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list