[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 12 10:45:48 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3bdd539 by Moritz Muehlenhoff at 2023-12-12T11:45:07+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,7 +187,7 @@ CVE-2023-6671 (A vulnerability has been discovered on OJS, that consists in a CS
 CVE-2023-6538 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...)
 	NOT-FOR-US: Hitachi
 CVE-2023-6194 (In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition X ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Memory Analyzer
 CVE-2023-6035 (The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5955 (The Contact Form Email WordPress plugin before 1.3.44 does not sanitis ...)
@@ -233,16 +233,16 @@ CVE-2023-5500 (This vulnerability allows an remote attacker with low privileges
 CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in Monica (ak ...)
 	NOT-FOR-US: MonicaHQ
 CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, whe ...)
-	TODO: check
+	NOT-FOR-US: caddy-geo-ip
 CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition through 7 ...)
 	NOT-FOR-US: Hyland Alfresco Community Edition
 CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ...)
 	- jq <undetermined>
 	NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md
 CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution)
-	TODO: check
+	NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian)
 CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation in a prod ...)
-	TODO: check
+	NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian)
 CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and Manipul ...)
 	NOT-FOR-US: Android
 CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...)
@@ -276,7 +276,7 @@ CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files via
 CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1 ...)
 	NOT-FOR-US: Mullvad VPN Windows app
 CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.)
-	TODO: check
+	NOT-FOR-US: Semantik MediaWiki
 CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...)
 	NOT-FOR-US: AMTT HiBOS
 CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...)
@@ -371,7 +371,7 @@ CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX
 	NOTE: https://github.com/python/cpython/issues/112334
 	NOTE: https://github.com/python/cpython/pull/112617
 CVE-2023-6245 (The Candid library causes a Denial of Service while  parsing a special ...)
-	TODO: check
+	NOT-FOR-US: Candid
 CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability  ...)
 	NOT-FOR-US: Qualys
 CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...)
@@ -1086,7 +1086,7 @@ CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.
 CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation  ...)
 	NOT-FOR-US: Vite
 CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1  ...)
-	TODO: check
+	NOT-FOR-US: ecies
 CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...)
 	NOT-FOR-US: Github action
 CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/J ...)
@@ -46535,7 +46535,7 @@ CVE-2023-26160
 CVE-2023-26159
 	RESERVED
 CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...)
-	TODO: check
+	NOT-FOR-US: mockjs
 CVE-2023-26157
 	RESERVED
 CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to  ...)
@@ -46543,7 +46543,7 @@ CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerab
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
 	NOT-FOR-US: node-qpdf
 CVE-2023-26154 (Versions of the package pubnub before 7.4.0; all versions of the packa ...)
-	TODO: check
+	NOT-FOR-US: pubnub
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)
 	NOT-FOR-US: geokit-rails
 CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory  ...)
@@ -198062,7 +198062,7 @@ CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attac
 CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...)
 	- phplist <itp> (bug #612288)
 CVE-2021-3187 (An issue was discovered in BeyondTrust Privilege Management for Mac be ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Mac
 CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...)
 	NOT-FOR-US: Tenda AC5
 CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...)
@@ -260458,7 +260458,7 @@ CVE-2020-12615
 CVE-2020-12614
 	RESERVED
 CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management for Window ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust Privilege Management for Windows
 CVE-2020-12612
 	RESERVED
 CVE-2020-12611



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bdd53936d586c6644ce43d809359261c10daf0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3bdd53936d586c6644ce43d809359261c10daf0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/28726713/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list