[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 24 21:21:45 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0a2610b by Salvatore Bonaccorso at 2023-04-24T22:20:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2023-31105
 CVE-2023-31104
 	RESERVED
 CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2023-2256
 	RESERVED
 CVE-2023-2255
@@ -57,9 +57,9 @@ CVE-2023-2249
 CVE-2023-2248
 	RESERVED
 CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Ktor
 CVE-2023-31103
 	RESERVED
 CVE-2023-31102
@@ -216,9 +216,9 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P
 	NOTE: https://github.com/podofo/podofo/issues/69
 	NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
 CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-31037
 	RESERVED
 CVE-2023-31036
@@ -1011,7 +1011,7 @@ CVE-2023-30778
 CVE-2023-30777
 	RESERVED
 CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2023-2129
 	RESERVED
 CVE-2023-2128
@@ -1468,7 +1468,7 @@ CVE-2023-30615
 CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
 	NOT-FOR-US: Pay (payments engine for Ruby on Rails)
 CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
-	TODO: check
+	NOT-FOR-US: Kiwi TCMS
 CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
 	NOT-FOR-US: Cloud hypervisor
 CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
@@ -1834,7 +1834,7 @@ CVE-2023-30546
 CVE-2023-30545
 	RESERVED
 CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
-	TODO: check
+	NOT-FOR-US: Kiwi TCMS
 CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
 	NOT-FOR-US: @web3-react
 CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
@@ -2138,7 +2138,7 @@ CVE-2023-30460
 CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...)
 	NOT-FOR-US: SmartPTT SCADA
 CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...)
-	TODO: check
+	NOT-FOR-US: Medicine Tracker System
 CVE-2023-30457
 	RESERVED
 CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...)
@@ -3373,9 +3373,9 @@ CVE-2023-29851
 CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...)
 	NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia
 CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: Bang Resto
 CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: Bang Resto
 CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...)
 	NOT-FOR-US: AeroCMS
 CVE-2023-29846
@@ -9330,9 +9330,9 @@ CVE-2023-27993
 CVE-2023-27992
 	RESERVED
 CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-27989
 	RESERVED
 CVE-2023-27988
@@ -10834,7 +10834,7 @@ CVE-2023-27526
 CVE-2023-27525 (An authenticated user with Gamma role authorization could have access  ...)
 	NOT-FOR-US: Apache Superset
 CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2023-27523
 	RESERVED
 CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
@@ -12474,7 +12474,7 @@ CVE-2023-26867
 CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...)
 	NOT-FOR-US: GreenPacket
 CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop bdroppy
 CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-26863
@@ -14568,11 +14568,11 @@ CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By
 CVE-2023-26062
 	RESERVED
 CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site  ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-26058
 	RESERVED
 CVE-2023-26057



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0a2610b553b9d78891e2cd8bdd328f191e07991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/6b974ef6/attachment.htm>


More information about the debian-security-tracker-commits mailing list