[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 16 20:31:44 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9479c8ed by Salvatore Bonaccorso at 2023-02-16T21:31:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65,11 +65,11 @@ CVE-2023-0864
CVE-2023-0863
RESERVED
CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable to path ...)
- TODO: check
+ NOT-FOR-US: NetModule NSRW web administration interface
CVE-2023-0861 (NetModule NSRW web administration interface executes an OS command con ...)
- TODO: check
+ NOT-FOR-US: NetModule NSRW web administration interface
CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2023-0859
RESERVED
CVE-2023-0858
@@ -948,7 +948,8 @@ CVE-2023-25655
CVE-2023-25654
RESERVED
CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
- TODO: check
+ NOT-FOR-US: Cisco node-jose (different from src:node-jose)
+ NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
CVE-2023-25652
RESERVED
CVE-2023-25651
@@ -1114,7 +1115,7 @@ CVE-2023-25604
CVE-2023-25603
RESERVED
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-25601
RESERVED
CVE-2023-0753
@@ -2459,7 +2460,7 @@ CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnam
CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...)
TODO: check
CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...)
NOT-FOR-US: OnShift TurboGears
CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -4153,11 +4154,11 @@ CVE-2023-24487
CVE-2023-24486
RESERVED
CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24483 (A vulnerability has been identified that, if exploited, could result i ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...)
NOT-FOR-US: Siemens
CVE-2023-24477
@@ -4756,11 +4757,11 @@ CVE-2023-24240
CVE-2023-24239
RESERVED
CVE-2023-24238 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-24237
RESERVED
CVE-2023-24236 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-24235
RESERVED
CVE-2023-24234 (A stored cross-site scripting (XSS) vulnerability in the component php ...)
@@ -5470,7 +5471,7 @@ CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript c
CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
NOT-FOR-US: ownCloud Android app
CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...)
- git 1:2.39.2-1 (bug #1031310)
NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5
@@ -5875,19 +5876,19 @@ CVE-2023-23786
CVE-2023-23785
RESERVED
CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23783 (A use of externally-controlled format string in Fortinet FortiWeb vers ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23782 (A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23781 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23780 (A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 throu ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23779 (Multiple improper neutralization of special elements used in an OS Com ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb version 7 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-23777
RESERVED
CVE-2023-23776
@@ -6092,7 +6093,7 @@ CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as
CVE-2023-23753
RESERVED
CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
NOT-FOR-US: Joomla!
CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...)
@@ -9508,7 +9509,7 @@ CVE-2023-22640
CVE-2023-22639
RESERVED
CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-22637
RESERVED
CVE-2023-22636
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9479c8ed0e56ee0fcb61bbba63a79c9bb3d479f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9479c8ed0e56ee0fcb61bbba63a79c9bb3d479f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/f0f7c059/attachment.htm>
More information about the debian-security-tracker-commits
mailing list