[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 26 21:38:38 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3da1a22 by Salvatore Bonaccorso at 2023-04-26T22:38:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -212,7 +212,7 @@ CVE-2023-2275
 CVE-2023-2274
 	RESERVED
 CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-2272
 	RESERVED
 CVE-2023-2271
@@ -2253,7 +2253,7 @@ CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which e
 CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
 	NOT-FOR-US: Node vm2
 CVE-2023-30546 (Contiki-NG is an operating system for Internet of Things devices. An o ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
@@ -2971,15 +2971,15 @@ CVE-2023-30271
 CVE-2023-30270
 	RESERVED
 CVE-2023-30269 (CLTPHP <=6.0 is vulnerable to Improper Input Validation via applica ...)
-	TODO: check
+	NOT-FOR-US: CLTPHP
 CVE-2023-30268
 	RESERVED
 CVE-2023-30267 (CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via applic ...)
-	TODO: check
+	NOT-FOR-US: CLTPHP
 CVE-2023-30266 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dang ...)
-	TODO: check
+	NOT-FOR-US: CLTPHP
 CVE-2023-30265 (CLTPHP <=6.0 is vulnerable to Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: CLTPHP
 CVE-2023-30264
 	RESERVED
 CVE-2023-30263
@@ -3085,11 +3085,11 @@ CVE-2023-30214
 CVE-2023-30213
 	RESERVED
 CVE-2023-30212 (OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /cli ...)
-	TODO: check
+	NOT-FOR-US: OURPHP
 CVE-2023-30211 (OURPHP <= 7.2.0 is vulnerable to SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: OURPHP
 CVE-2023-30210 (OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via our ...)
-	TODO: check
+	NOT-FOR-US: OURPHP
 CVE-2023-30209
 	RESERVED
 CVE-2023-30208
@@ -3285,7 +3285,7 @@ CVE-2023-30114
 CVE-2023-30113
 	RESERVED
 CVE-2023-30112 (Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: Medicine Tracker System in PHP
 CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scrip ...)
 	NOT-FOR-US: Medicine Tracker System
 CVE-2023-30110
@@ -5427,7 +5427,7 @@ CVE-2023-29270
 CVE-2023-29269
 	RESERVED
 CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Sta ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2023-29267
 	RESERVED
 CVE-2023-29266
@@ -18873,7 +18873,7 @@ CVE-2023-24798 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack
 CVE-2023-24797 (D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack over ...)
 	NOT-FOR-US: D-Link
 CVE-2023-24796 (Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and befo ...)
-	TODO: check
+	NOT-FOR-US: Vinga
 CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...)
 	NOT-FOR-US: JHR-N916R
 CVE-2023-24794
@@ -25355,9 +25355,9 @@ CVE-2023-22731 (Shopware is an open source commerce platform based on Symfony Fr
 CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony Framewor ...)
 	NOT-FOR-US: Shopware
 CVE-2023-22729 (Silverstripe Framework is the Model-View-Controller framework that pow ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe
 CVE-2023-22728 (Silverstripe Framework is the Model-View-Controller framework that pow ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe
 CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
 	NOT-FOR-US: CakePHP
 CVE-2023-22726 (act is a project which allows for local running of github actions. The ...)
@@ -54092,7 +54092,7 @@ CVE-2022-39991
 CVE-2022-39990
 	RESERVED
 CVE-2022-39989 (An issue was discovered in Fighting Cock Information System 1.0, which ...)
-	TODO: check
+	NOT-FOR-US: Fighting Cock Information System
 CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows  ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2022-39987
@@ -88101,9 +88101,9 @@ CVE-2022-27981
 CVE-2022-27980
 	RESERVED
 CVE-2022-27979 (A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows at ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2022-27978 (Tooljet v1.6 does not properly handle missing values in the API, allow ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2022-27977
 	RESERVED
 CVE-2022-27976



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3da1a227f72f63ea4e3b479a2a656057e359fa7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3da1a227f72f63ea4e3b479a2a656057e359fa7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230426/2c11af3f/attachment.htm>

More information about the debian-security-tracker-commits mailing list