[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 10 11:23:38 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f5cab46 by Moritz Muehlenhoff at 2023-02-10T12:23:15+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2023-25643
 CVE-2023-25642
 	RESERVED
 CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
-	TODO: check
+	- ampache <removed>
 CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
 	TODO: check
 CVE-2023-0769
@@ -177,7 +177,7 @@ CVE-2023-0755
 CVE-2023-0754
 	RESERVED
 CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
-	TODO: check
+	NOT-FOR-US: dimtion Shaarlier
 CVE-2023-25611
 	RESERVED
 CVE-2023-25610
@@ -205,7 +205,7 @@ CVE-2023-0753
 CVE-2023-0752
 	RESERVED
 CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse the  ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD GELI
 CVE-2023-0750
 	RESERVED
 CVE-2023-0749
@@ -217,7 +217,7 @@ CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayse
 CVE-2023-0746
 	RESERVED
 CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Manag ...)
-	TODO: check
+	- yugabyte-db <itp> (bug #989673)
 CVE-2022-48321
 	RESERVED
 CVE-2022-48320
@@ -2229,7 +2229,7 @@ CVE-2023-24817
 CVE-2023-24816
 	RESERVED
 CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web applications i ...)
-	TODO: check
+	NOT-FOR-US: Vert.x-Web
 CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released  ...)
 	NOT-FOR-US: Typo3
 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...)
@@ -2272,9 +2272,9 @@ CVE-2023-0577
 CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
 	- yugabyte-db <itp> (bug #989673)
 CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...)
-	TODO: check
+	- yugabyte-db <itp> (bug #989673)
 CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...)
-	TODO: check
+	- yugabyte-db <itp> (bug #989673)
 CVE-2022-48305
 	RESERVED
 CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
@@ -2508,19 +2508,19 @@ CVE-2023-24692
 CVE-2023-24691
 	RESERVED
 CVE-2023-24690 (ChurchCRM 4.5.3 and below was discovered to contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-24689 (An issue in Mojoportal v2.7.0.0 and below allows an authenticated atta ...)
-	TODO: check
+	NOT-FOR-US: Mojoportal
 CVE-2023-24688 (An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Mojoportal
 CVE-2023-24687 (Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: Mojoportal
 CVE-2023-24686 (An issue in the CSV Import function of ChurchCRM v4.5.3 and below allo ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-24685 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-24684 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2023-24683
 	RESERVED
 CVE-2023-24682
@@ -2699,39 +2699,39 @@ CVE-2023-0568
 CVE-2023-0567
 	RESERVED
 CVE-2022-48302 (The AMS module has a vulnerability of lacking permission verification  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48301 (The bundle management module lacks permission verification in some API ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48300 (The WMS module lacks the authentication mechanism in some APIs. Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48299 (The WMS module lacks the authentication mechanism in some APIs. Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48298 (The geofencing kernel code does not verify the length of the input dat ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48297 (The geofencing kernel code has a vulnerability of not verifying the le ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48296 (The SystemUI has a vulnerability in permission management. Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification. Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48294 (The IHwAttestationService interface has a defect in authentication. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48291
 	RESERVED
 CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48288 (The bundle management module lacks authentication and control mechanis ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability. Successful exp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation vulne ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-24607
 	RESERVED
 CVE-2023-24606
@@ -3628,9 +3628,9 @@ CVE-2023-24325
 CVE-2023-24324
 	RESERVED
 CVE-2023-24323 (Mojoportal v2.7 was discovered to contain an authenticated XML externa ...)
-	TODO: check
+	NOT-FOR-US: Mojoportal
 CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the FileDialog ...)
-	TODO: check
+	NOT-FOR-US: Mojoportal
 CVE-2023-24321
 	RESERVED
 CVE-2023-24320
@@ -4603,7 +4603,7 @@ CVE-2023-23914
 CVE-2023-23913
 	RESERVED
 CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
-	TODO: check
+	NOT-FOR-US: EdgeRouters
 CVE-2023-23911
 	RESERVED
 CVE-2023-23900
@@ -5432,7 +5432,7 @@ CVE-2023-23633
 CVE-2023-23632
 	RESERVED
 CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...)
-	TODO: check
+	NOT-FOR-US: github.com/ipfs/go-unixfsnode
 CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno,  ...)
 	NOT-FOR-US: Eta
 CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions  ...)
@@ -5666,7 +5666,7 @@ CVE-2023-23594
 CVE-2023-23593
 	RESERVED
 CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
-	TODO: check
+	NOT-FOR-US: WALLIX Access Manager
 CVE-2023-23591
 	RESERVED
 CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
@@ -7272,7 +7272,7 @@ CVE-2023-22955
 CVE-2023-22954
 	RESERVED
 CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be achieve ...)
-	TODO: check
+	NOT-FOR-US: ExpressionEngine
 CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...)
 	NOT-FOR-US: SugarCRM
 CVE-2023-22951
@@ -7843,7 +7843,7 @@ CVE-2023-0117
 CVE-2023-0116
 	RESERVED
 CVE-2023-0115 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
-	TODO: check
+	NOT-FOR-US: REJECTED
 CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
 	NOT-FOR-US: CapsAdmin PAC3
 CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -8109,7 +8109,7 @@ CVE-2023-22799 (A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
 	NOTE: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b (v1.1.0)
 CVE-2023-22798 (Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://gith ...)
-	TODO: check
+	NOT-FOR-US: Brave adblock-lists
 CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new  ...)
 	- rails <not-affected> (Only affects 7.x)
 	NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
@@ -15078,7 +15078,7 @@ CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and
 CVE-2022-4367
 	RESERVED
 CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Seq ...)
-	TODO: check
+	NOT-FOR-US: Zuken Elmic
 CVE-2022-43460
 	RESERVED
 CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS  ...)
@@ -18458,7 +18458,7 @@ CVE-2022-45701
 CVE-2022-45700
 	RESERVED
 CVE-2022-45699 (Command injection in the administration interface in APSystems ECU-R v ...)
-	TODO: check
+	NOT-FOR-US: APSystems
 CVE-2022-45698
 	RESERVED
 CVE-2022-45697
@@ -19419,71 +19419,71 @@ CVE-2023-21453
 CVE-2023-21452
 	RESERVED
 CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRI ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation + prior to v ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21449
 	RESERVED
 CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.3 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09 in Andro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to versions 12. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for Android prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21442 (Improper access control vulnerability in Runestone application prior t ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability in Routin ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21440 (Improper access control vulnerability in WindowManagerService prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21439 (Improper input validation vulnerability in UwbDataTxStatusEvent prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows ph ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21437 (Improper access control vulnerability in Phone application prior to SM ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint TA prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to version ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior to 1.7.9 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21431 (Improper input validation in Bixby Vision prior to version 3.7.70.17 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in libSDKRe ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior to SMR Ja ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR Jan-2023 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Ja ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21425 (Improper access control vulnerability in telecom application prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior to SMR J ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in WifiSev ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in STST TA  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR Jan-202 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ...)
 	{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
 	- firefox 107.0-1
@@ -20034,7 +20034,7 @@ CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCode
 CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: Photospace Gallery plugin for WordPress
 CVE-2022-3990 (HPSFViewer might allow Escalation of Privilege. This potential vulnera ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
@@ -20133,11 +20133,11 @@ CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML docume
 CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...)
 	NOT-FOR-US: CBRN-Analysis
 CVE-2022-45192 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-45191 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-45189
 	RESERVED
 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow  ...)
@@ -20412,19 +20412,19 @@ CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Soluti
 CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...)
 	NOT-FOR-US: EMC
 CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45099 (Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding f ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45098 (Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45097 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Manag ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45096 (Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45095 (Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulner ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
 	NOT-FOR-US: Siemens
 CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
@@ -20480,7 +20480,7 @@ CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowd
 CVE-2022-45068
 	RESERVED
 CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45065
@@ -20490,7 +20490,7 @@ CVE-2022-45064
 CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3918 (A program using FoundationNetworking in swift-corelibs-foundation is p ...)
-	TODO: check
+	NOT-FOR-US: swift-corelibs-foundation
 CVE-2022-3917 (Improper access control of bootloader function was discovered in Motor ...)
 	NOT-FOR-US: Motorola
 CVE-2022-3916
@@ -20501,7 +20501,7 @@ CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitis
 CVE-2022-3914
 	RESERVED
 CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to v ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + m ...)
@@ -20973,7 +20973,7 @@ CVE-2022-44899
 CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not p ...)
 	NOT-FOR-US: Asus Aura Sync
 CVE-2022-44897 (A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuild ...)
-	TODO: check
+	NOT-FOR-US: ApolloTheme AP PageBuilder
 CVE-2022-44896
 	RESERVED
 CVE-2022-44895
@@ -21416,13 +21416,13 @@ CVE-2022-44720
 CVE-2022-44719
 	RESERVED
 CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44716
 	RESERVED
 CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allow ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection  ...)
@@ -22891,11 +22891,11 @@ CVE-2023-20858
 CVE-2023-20857
 	RESERVED
 CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-20855
 	RESERVED
 CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-44605
 	RESERVED
 CVE-2022-44604
@@ -22937,7 +22937,7 @@ CVE-2022-44587
 CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...)
 	NOT-FOR-US: Ayoub Media
 CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sà ...)
-	TODO: check
+	NOT-FOR-US: Magneticlab
 CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin & ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin & ...)
@@ -23344,9 +23344,9 @@ CVE-2023-20853
 CVE-2023-20852
 	RESERVED
 CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This could l ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This could l ...)
@@ -23398,7 +23398,7 @@ CVE-2022-44423 (In music service, there is a missing permission check. This coul
 CVE-2022-44422 (In music service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-44420
 	RESERVED
 CVE-2022-44419
@@ -23560,7 +23560,7 @@ CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injecti
 CVE-2022-44344
 	RESERVED
 CVE-2022-44343 (CRMEB 4.4.4 is vulnerable to Any File download. ...)
-	TODO: check
+	NOT-FOR-US: CRMEB
 CVE-2022-44342
 	RESERVED
 CVE-2022-44341
@@ -23650,7 +23650,7 @@ CVE-2022-44300
 CVE-2022-44299
 	RESERVED
 CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: SiteServer CMS
 CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
 	NOT-FOR-US: SiteServer CMS
 CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -23722,9 +23722,9 @@ CVE-2022-44266
 CVE-2022-44265
 	RESERVED
 CVE-2022-44264 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Pa ...)
-	TODO: check
+	NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Co ...)
-	TODO: check
+	NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
 	NOT-FOR-US: ff4j
 CVE-2022-44261
@@ -24205,17 +24205,17 @@ CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments
 	NOTE: https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909
 	NOTE: https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833
 CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...)
-	TODO: check
+	NOT-FOR-US: NetScout
 CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify disabled ...)
 	NOT-FOR-US: PwnDoc
 CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify valid us ...)
@@ -24279,7 +24279,7 @@ CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq
 CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed Aternity before ...)
-	TODO: check
+	NOT-FOR-US: Riverbed Aternity
 CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF d ...)
 	NOT-FOR-US: csaf_provider
 CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...)
@@ -24319,11 +24319,11 @@ CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with
 CVE-2022-43981
 	RESERVED
 CVE-2022-43980 (There is a stored cross-site scripting vulnerability in Pandora FMS v7 ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion in Pand ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2022-43978 (There is an improper authentication vulnerability in Pandora FMS v764. ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post withou ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3749
@@ -24817,41 +24817,41 @@ CVE-2023-20621
 CVE-2023-20620
 	RESERVED
 CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20617
 	RESERVED
 CVE-2023-20616 (In ion, there is a possible out of bounds read due to type confusion.  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20615 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20614 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20613 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20612 (In ril, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20611 (In gpu, there is a possible use after free due to a race condition. Th ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20610 (In display drm, there is a possible memory corruption due to a race co ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20609 (In ccu, there is a possible out of bounds read due to a logic error. T ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20608 (In display drm, there is a possible use after free due to a race condi ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20607 (In ccu, there is a possible memory corruption due to a race condition. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20606 (In apusys, there is a possible out of bounds read due to a missing bou ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20605 (In keyinstall, there is a possible out of bounds read due to a missing ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20604 (In ged, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-20603
 	RESERVED
 CVE-2023-20602 (In ged, there is a possible out of bounds write due to an integer over ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices before 3.7 ...)
 	NOT-FOR-US: GE
 CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000  ...)
@@ -26128,11 +26128,11 @@ CVE-2023-0005
 CVE-2023-0004
 	RESERVED
 CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto
 CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto
 CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto
 CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions).  ...)
 	NOT-FOR-US: QMS Automotive
 CVE-2022-43957
@@ -26553,7 +26553,7 @@ CVE-2022-43781 (There is a command injection vulnerability using environment var
 CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to  ...)
 	NOT-FOR-US: HP
 CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-43778
 	RESERVED
 CVE-2022-43777



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5cab46ac7b854f48342b63da965f376a059712

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5cab46ac7b854f48342b63da965f376a059712
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230210/08650419/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list