[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 16 08:21:29 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f0d72a5 by Salvatore Bonaccorso at 2023-12-16T09:20:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been  ...)
-	TODO: check
+	NOT-FOR-US: kalcaddle kodbox
 CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been  ...)
-	TODO: check
+	NOT-FOR-US: kalcaddle kodbox
 CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for Node.js. Start ...)
-	TODO: check
+	NOT-FOR-US: octokit/webhooks (GitHub webhook events toolset for Node.js)
 CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discov ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T310
 CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the proxy me ...)
-	TODO: check
+	NOT-FOR-US: Bazarr
 CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swagg ...)
-	TODO: check
+	NOT-FOR-US: Bazarr
 CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contain ...)
-	TODO: check
+	NOT-FOR-US: Bazarr
 CVE-2023-4020 (An unvalidated input in a library function responsible for communicati ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs
 CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect Secure below  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-31813
 	REJECTED
 CVE-2023-6839 (Due to improper error handling, a REST API resource could expose a ser ...)
@@ -42883,7 +42883,7 @@ CVE-2023-28024
 CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...)
 	NOT-FOR-US: HCL
 CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.)
 	NOT-FOR-US: HCL
 CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicious use ...)
@@ -45071,7 +45071,7 @@ CVE-2023-27319
 CVE-2023-27318
 	RESERVED
 CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...)
-	TODO: check
+	NOT-FOR-US: ONTAP
 CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a  vulnerabilit ...)
 	NOT-FOR-US: NetApp
 CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability   ...)
@@ -133154,7 +133154,7 @@ CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute
 CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: TP-Link
 CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
 	NOT-FOR-US: Insyde
 CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
@@ -154055,13 +154055,13 @@ CVE-2021-42799
 CVE-2021-42798
 	RESERVED
 CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Stud ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly In ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2021-42795
 	RESERVED
 CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) v ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2021-42793
 	REJECTED
 CVE-2021-42792
@@ -249291,11 +249291,11 @@ CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causi
 CVE-2020-17486
 	RESERVED
 CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker a ...)
-	TODO: check
+	NOT-FOR-US: Uffizio
 CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS Tracker all  ...)
-	TODO: check
+	NOT-FOR-US: Uffizio
 CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's GPS Track ...)
-	TODO: check
+	NOT-FOR-US: Uffizio
 CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1  ...)
 	- pdns 4.3.1-1 (bug #970737)
 	[buster] - pdns 4.1.6-3+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0d72a5f0f76e24baa1c4a43ea85d60f96accc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0d72a5f0f76e24baa1c4a43ea85d60f96accc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231216/0e016507/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list