[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Tue Dec 12 20:53:14 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1169c86 by Salvatore Bonaccorso at 2023-12-12T21:52:47+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31768,7 +31768,7 @@ CVE-2023-31050
 CVE-2023-31049
 	RESERVED
 CVE-2023-31048 (The OPC UA .NET Standard Reference Server before 1.4.371.86. places se ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Reference Server
 CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...)
 	{DLA-3415-1}
 	- python-django 3:3.2.19-1 (bug #1035467)
@@ -39511,7 +39511,7 @@ CVE-2023-28606 (js/event-graph.js in MISP before 2.4.169 allows XSS via event-gr
 CVE-2023-28605
 	RESERVED
 CVE-2023-28604 (The fluid_components (aka Fluid Components) extension before 3.5.0 for ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2023-1484 (A vulnerability was found in xzjie cms up to 1.0.3 and classified as c ...)
 	NOT-FOR-US: xzjie cms
 CVE-2023-1483 (A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and cl ...)
@@ -62992,7 +62992,7 @@ CVE-2023-21742 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
 CVE-2023-21741 (Microsoft Office Visio Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21740 (Windows Media Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21739 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21738 (Microsoft Office Visio Remote Code Execution Vulnerability)
@@ -72907,7 +72907,7 @@ CVE-2022-44545
 CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...)
 	- mahara <removed>
 CVE-2022-44543 (The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...)
 	NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less)
 CVE-2022-44541
@@ -75449,7 +75449,7 @@ CVE-2023-20277
 CVE-2023-20276
 	RESERVED
 CVE-2023-20275 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
@@ -267411,7 +267411,7 @@ CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-prem
 CVE-2020-10677
 	RESERVED
 CVE-2020-10676 (In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly ap ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...)
 	- golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373)
 	[buster] - golang-github-buger-jsonparser <postponed> (Limited support, minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1169c8681491034fa927ebe63756c89b5bec89f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1169c8681491034fa927ebe63756c89b5bec89f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/9fe6421e/attachment.htm>
