[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 25 08:26:52 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38f746a7 by Salvatore Bonaccorso at 2023-12-25T09:26:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
 CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...)
-	TODO: check
+	NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102)
 CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...)
 	- libspreadsheet-parseexcel-perl <unfixed>
 	NOTE: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
 	NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc
 CVE-2023-7100 (A vulnerability, which was classified as critical, was found in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Restaurant Table Booking System
 CVE-2023-7099 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System
 CVE-2023-7098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
-	TODO: check
+	NOT-FOR-US: icret EasyImages
 CVE-2023-7097 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Water Billing System
 CVE-2023-7096 (A vulnerability was found in code-projects Faculty Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Faculty Management System
 CVE-2023-7095 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2023-7094 (A vulnerability classified as problematic was found in Netentsec NS-AS ...)
-	TODO: check
+	NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
 CVE-2023-7093 (A vulnerability classified as critical has been found in KylinSoft kyl ...)
-	TODO: check
+	NOT-FOR-US: KylinSoft kylin-system-updater
 CVE-2023-7092 (A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as ...)
-	TODO: check
+	NOT-FOR-US: Uniway UW-302VP
 CVE-2023-7091 (A vulnerability was found in Dreamer CMS 4.1.3. It has been declared a ...)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2023-51772 (One Identity Password Manager before 5.13.1 allows Kiosk Escape. This  ...)
-	TODO: check
+	NOT-FOR-US: One Identity Password Manager
 CVE-2023-51771 (In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHead ...)
-	TODO: check
+	NOT-FOR-US: MicroHttpServer
 CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt before 5.15. ...)
 	TODO: check
 CVE-2023-49954 (The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494  ...)
-	TODO: check
+	NOT-FOR-US: 3CX
 CVE-2023-49944 (The Challenge Response feature of BeyondTrust Privilege Management for ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust
 CVE-2023-49880 (In the Message Entry and Repair (MER) facility of IBM Financial Transa ...)
 	NOT-FOR-US: IBM
 CVE-2023-49328 (On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, ...)
-	TODO: check
+	NOT-FOR-US: Wolters Kluwer B.POINT
 CVE-2023-49226 (An issue was discovered in Peplink Balance Two before 8.4.0. Command i ...)
-	TODO: check
+	NOT-FOR-US: Peplink Balance Two
 CVE-2023-48654 (One Identity Password Manager before 5.13.1 allows Kiosk Escape. This  ...)
-	TODO: check
+	NOT-FOR-US: One Identity Password Manager
 CVE-2023-48652 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forger ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2023-47247 (In SysAid On-Premise before 23.3.34, there is an edge case in which an ...)
-	TODO: check
+	NOT-FOR-US: SysAid
 CVE-2023-47091 (An issue was discovered in Stormshield Network Security (SNS) SNS 4.3. ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS) SNS
 CVE-2023-43064 (Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local ...)
 	NOT-FOR-US: IBM
 CVE-2023-40236 (In Pexip VMR self-service portal before 3, the same SSH host key is us ...)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2023-38826 (A Cross Site Scripting (XSS) vulnerability exists in Follet Learning S ...)
-	TODO: check
+	NOT-FOR-US: Follet Learning Solutions Destiny
 CVE-2023-37225 (Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2023-37188 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...)
-	TODO: check
+	NOT-FOR-US: C-blosc2
 CVE-2023-37187 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...)
-	TODO: check
+	NOT-FOR-US: C-blosc2
 CVE-2023-37186 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...)
-	TODO: check
+	NOT-FOR-US: C-blosc2
 CVE-2023-37185 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...)
-	TODO: check
+	NOT-FOR-US: C-blosc2
 CVE-2023-36486 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remot ...)
-	TODO: check
+	NOT-FOR-US: ILIAS
 CVE-2023-36485 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remot ...)
-	TODO: check
+	NOT-FOR-US: ILIAS
 CVE-2023-31455 (Pexip Infinity before 31.2 has Improper Input Validation for RTCP, all ...)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2023-31297 (An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transpo ...)
-	TODO: check
+	NOT-FOR-US: SESAMI planfocus CPTO (Cash Point & Transport Optimizer)
 CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might allow r ...)
 	- openssh <unfixed> (bug #1059393)
 	[bookworm] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
@@ -34022,7 +34022,7 @@ CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c in the Linux kernel befo
 CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser ex ...)
 	NOT-FOR-US: Trust Wallet Core
 CVE-2023-31289 (Pexip Infinity before 31.2 has Improper Input Validation for signallin ...)
-	TODO: check
+	NOT-FOR-US: Pexip
 CVE-2023-31288
 	RESERVED
 CVE-2023-31287 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...)
@@ -34211,7 +34211,7 @@ CVE-2021-46882 (The video framework has memory overwriting caused by addition ov
 CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...)
 	NOT-FOR-US: Huawei
 CVE-2023-31224 (There is broken access control during authentication in Jamf Pro Serve ...)
-	TODO: check
+	NOT-FOR-US: Jamf Pro
 CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...)
 	NOT-FOR-US: Dradis
 CVE-2023-2295 (A vulnerability was found in the libreswan library. This security issu ...)
@@ -41409,7 +41409,7 @@ CVE-2023-28874 (The next parameter in the /accounts/login endpoint of Seafile 9.
 CVE-2023-28873 (An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows atta ...)
 	- seafile-server <itp> (bug #865830)
 CVE-2023-28872 (Support Assistant in NCP Secure Enterprise Client before 13.10 allows  ...)
-	TODO: check
+	NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows  ...)
 	NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure Enterpris ...)
@@ -79735,7 +79735,7 @@ CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and
 CVE-2022-43676
 	RESERVED
 CVE-2022-43675 (An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Net ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-43674
 	RESERVED
 CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent messages ...)
@@ -85314,11 +85314,11 @@ CVE-2022-41764
 CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...)
 	NOT-FOR-US: NOKIA AMS
 CVE-2022-41762 (An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS v ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-41761 (An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Travers ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-41760 (An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal  ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-41759
 	RESERVED
 CVE-2022-41758
@@ -90310,15 +90310,15 @@ CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allo
 CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x bef ...)
 	NOT-FOR-US: Softing
 CVE-2022-39822 (In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...)
 	NOT-FOR-US: NOKIA
 CVE-2022-39820 (In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storag ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...)
 	NOT-FOR-US: NOKIA
 CVE-2022-39818 (In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in  ...)
-	TODO: check
+	NOT-FOR-US: NOKIA
 CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs ...)
 	NOT-FOR-US: NOKIA
 CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (clearte ...)
@@ -105958,9 +105958,9 @@ CVE-2022-34270
 CVE-2022-34269
 	RESERVED
 CVE-2022-34268 (An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin ...)
-	TODO: check
+	NOT-FOR-US: RWS WorldServer
 CVE-2022-34267 (An issue was discovered in RWS WorldServer before 11.7.3. Adding a tok ...)
-	TODO: check
+	NOT-FOR-US: RWS WorldServer
 CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 a ...)
 	NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package
 CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f746a775af8398cbef874c4ba32b2ab352e2c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f746a775af8398cbef874c4ba32b2ab352e2c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/4384865f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list