[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 22 20:31:51 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1a21d7b by Salvatore Bonaccorso at 2023-12-22T21:31:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,66 +1,66 @@
 CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been  ...)
-	TODO: check
+	NOT-FOR-US: slawkens MyAAC
 CVE-2023-7075 (A vulnerability was found in code-projects Point of Sales and Inventor ...)
-	TODO: check
+	NOT-FOR-US: code-projects Point of Sales and Inventory Management System
 CVE-2023-51662 (The Snowflake .NET driver provides an interface to the Microsoft .NET  ...)
 	TODO: check
 CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run anywher ...)
 	TODO: check
 CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation Platform  ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2023-51448 (Cacti provides an operational monitoring and fault management framewor ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594
 CVE-2023-51035 (TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51034 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51033 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51028 (TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51027 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51025 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthori ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51024 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51023 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51022 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51021 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51020 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51019 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51018 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51017 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51016 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51015 (TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51014 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51013 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51012 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-51011 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-50725 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...)
-	TODO: check
+	NOT-FOR-US: Resque
 CVE-2023-50714 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
-	TODO: check
+	NOT-FOR-US: ii2-authclient extension for Yii framework
 CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident responder ...)
-	TODO: check
+	NOT-FOR-US: Iris
 CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
-	TODO: check
+	NOT-FOR-US: ii2-authclient extension for Yii framework
 CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...)
 	- cacti <unfixed>
 	NOTE: https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf
@@ -74,15 +74,15 @@ CVE-2023-50250 (Cacti is an open source operational monitoring and fault managem
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
 CVE-2023-50147 (There is an arbitrary command execution vulnerability in the setDiagno ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-49792 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	TODO: check
 CVE-2023-49791 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	TODO: check
 CVE-2023-49790 (The Nextcloud iOS Files app allows users of iOS to interact with Nextc ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud iOS Files app
 CVE-2023-49391 (An issue was discovered in free5GC version 3.3.0, allows remote attack ...)
-	TODO: check
+	NOT-FOR-US: free5GC
 CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an atta ...)
 	TODO: check
 CVE-2023-49088 (Cacti is an open source operational monitoring and fault management fr ...)
@@ -95,7 +95,7 @@ CVE-2023-49085 (Cacti provides an operational monitoring and fault management fr
 CVE-2023-48704 (ClickHouse is an open-source column-oriented database management syste ...)
 	TODO: check
 CVE-2023-48670 (Dell SupportAssist for Home PCs version 3.14.1 and prior versions cont ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-45957 (A stored cross-site scripting (XSS) vulnerability in the component adm ...)
 	TODO: check
 CVE-2023-45165 (IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit ...)
@@ -105,11 +105,11 @@ CVE-2023-43741 (A time-of-check-time-of-use race condition vulnerability in Buil
 CVE-2023-43116 (A symbolic link following vulnerability in Buildkite Elastic CI for AW ...)
 	TODO: check
 CVE-2023-43088 (Dell Client BIOS contains a pre-boot direct memory access (DMA) vulner ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker to uplo ...)
 	NOT-FOR-US: IBM
 CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-XXXX [XSS issue fixed in 4.1.13 upstream]
 	- spip 4.1.13+dfsg-1 (bug #1059331)
 	[bookworm] - spip <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a21d7bd20f34de184ebe3104a9d193dfbd03b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a21d7bd20f34de184ebe3104a9d193dfbd03b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/c040ae87/attachment.htm>

More information about the debian-security-tracker-commits mailing list