[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 14 10:44:14 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6499f903 by Moritz Muehlenhoff at 2023-02-14T11:44:01+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2023-25760
 CVE-2023-25759
 	RESERVED
 CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Onekey
 CVE-2023-0822
 	RESERVED
 CVE-2023-0821
@@ -112,11 +112,11 @@ CVE-2023-25721
 CVE-2023-25720
 	RESERVED
 CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...)
-	TODO: check
+	NOT-FOR-US: ConnectWise
 CVE-2023-25718 (The cryptographic code signing process and controls on ConnectWise Con ...)
-	TODO: check
+	NOT-FOR-US: ConnectWise
 CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...)
-	TODO: check
+	NOT-FOR-US: Ruckus Wireless Admin
 CVE-2023-25716
 	RESERVED
 CVE-2023-25715
@@ -254,7 +254,7 @@ CVE-2021-4317
 CVE-2021-4316
 	RESERVED
 CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
-	TODO: check
+	NOT-FOR-US: juju2143 WalrusIRC
 CVE-2023-25690
 	RESERVED
 CVE-2023-0794 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -280,7 +280,7 @@ CVE-2023-0785 (A vulnerability classified as problematic was found in SourceCode
 CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Best Online News Portal
 CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has  ...)
-	TODO: check
+	NOT-FOR-US: UDX Stateless Media Plugin
 CVE-2023-25689
 	RESERVED
 CVE-2023-25688
@@ -656,7 +656,7 @@ CVE-2023-25574
 CVE-2023-25573
 	RESERVED
 CVE-2023-25572 (react-admin is a frontend framework for building browser applications  ...)
-	TODO: check
+	NOT-FOR-US: react-admin
 CVE-2023-25571
 	RESERVED
 CVE-2023-25570
@@ -1448,9 +1448,9 @@ CVE-2023-25243
 CVE-2023-25242
 	RESERVED
 CVE-2023-25241 (bgERP v22.31 was discovered to contain a reflected cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: bgERP
 CVE-2023-25240 (An improper SameSite Attribute vulnerability in pimCore v10.5.15 allow ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-25239
 	RESERVED
 CVE-2023-25238
@@ -1694,13 +1694,13 @@ CVE-2023-25164 (Tinacms is a Git-backed headless content management system with
 CVE-2023-25163 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-25162 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25161 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server platform. ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Mail
 CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25158
 	RESERVED
 CVE-2023-25157
@@ -1906,7 +1906,7 @@ CVE-2023-25068
 CVE-2023-25067
 	RESERVED
 CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...)
-	TODO: check
+	NOT-FOR-US: FolioVision
 CVE-2023-25065
 	RESERVED
 CVE-2023-25064
@@ -2006,7 +2006,7 @@ CVE-2023-0657
 CVE-2023-0656
 	RESERVED
 CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a  ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-0654
 	RESERVED
 CVE-2023-0653
@@ -2616,7 +2616,7 @@ CVE-2023-24806
 CVE-2023-24805
 	RESERVED
 CVE-2023-24804 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
-	TODO: check
+	NOT-FOR-US: ownCloud Android app
 CVE-2023-0584
 	RESERVED
 CVE-2023-0583
@@ -2956,11 +2956,11 @@ CVE-2023-24650
 CVE-2023-24649
 	RESERVED
 CVE-2023-24648 (Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Zstore
 CVE-2023-24647 (Food Ordering System v2.0 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: Food Ordering System
 CVE-2023-24646 (An arbitrary file upload vulnerability in the component /fos/admin/aja ...)
-	TODO: check
+	NOT-FOR-US: Food Ordering System
 CVE-2023-24645
 	RESERVED
 CVE-2023-24644
@@ -3014,7 +3014,7 @@ CVE-2023-24621
 CVE-2023-24620
 	RESERVED
 CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...)
-	TODO: check
+	NOT-FOR-US: Redpanda
 CVE-2023-24618
 	RESERVED
 CVE-2023-24617



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6499f90398deae7872fb7054d4333e4ab242f4a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6499f90398deae7872fb7054d4333e4ab242f4a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230214/50dc6768/attachment.htm>

More information about the debian-security-tracker-commits mailing list