[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 3 20:25:44 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c269fc50 by Salvatore Bonaccorso at 2023-02-03T21:25:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1605,7 +1605,7 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certi
 	- libapache-session-ldap-perl 0.5-1
 	NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5)
 CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2023-24575
 	RESERVED
 CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...)
@@ -2643,45 +2643,45 @@ CVE-2023-24159
 CVE-2023-24158
 	RESERVED
 CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in the fun ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24156 (A command injection vulnerability in the ip parameter in the function  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24155 (TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password fo ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24154 (TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vul ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24153 (A command injection vulnerability in the version parameter in the func ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24152 (A command injection vulnerability in the serverIp parameter in the fun ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24151 (A command injection vulnerability in the ip parameter in the function  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24150 (A command injection vulnerability in the serverIp parameter in the fun ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24149 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24148 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24147 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24146 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24145 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24144 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24143 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24142 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24141 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24140 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24139 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24138 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-24137
 	RESERVED
 CVE-2023-24136
@@ -4711,7 +4711,7 @@ CVE-2023-23479
 CVE-2023-23478
 	RESERVED
 CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-23476
 	RESERVED
 CVE-2023-23475
@@ -4765,7 +4765,7 @@ CVE-2023-0255
 CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: Simple Membership WP user Import plugin for WordPress
 CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin ...)
-	TODO: check
+	NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress
 CVE-2023-0252
 	RESERVED
 CVE-2023-0251
@@ -8198,7 +8198,7 @@ CVE-2022-48132
 CVE-2022-48131
 	RESERVED
 CVE-2022-48130 (Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflo ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-48129
 	RESERVED
 CVE-2022-48128
@@ -8232,7 +8232,7 @@ CVE-2022-48115
 CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
 	TODO: check
 CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-48112
 	RESERVED
 CVE-2022-48111
@@ -39757,7 +39757,7 @@ CVE-2022-38391 (IBM Spectrum Control 5.4 uses weaker than expected cryptographic
 CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...)
 	NOT-FOR-US: IBM
 CVE-2022-38389 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a loc ...)
 	NOT-FOR-US: IBM
 CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...)
@@ -87026,7 +87026,7 @@ CVE-2022-22488 (IBM OpenBMC OP910 and OP940 could allow a privileged user to cau
 CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...)
 	NOT-FOR-US: IBM
 CVE-2022-22486 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22485 (In some cases, an unsuccessful attempt to log into IBM Spectrum Protec ...)
 	NOT-FOR-US: IBM
 CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c269fc509b822f177c485869c11cfacc45ac9b3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c269fc509b822f177c485869c11cfacc45ac9b3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230203/5dacfe25/attachment.htm>

More information about the debian-security-tracker-commits mailing list