[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 21 13:06:03 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a10ea4a5 by Moritz Muehlenhoff at 2023-02-21T14:04:31+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2023-26237
 CVE-2023-26236
 	RESERVED
 CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...)
-	TODO: check
+	NOT-FOR-US: JD-GUI
 CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...)
-	TODO: check
+	NOT-FOR-US: JD-GUI
 CVE-2023-26233
 	RESERVED
 CVE-2023-26232
@@ -115,7 +115,7 @@ CVE-2023-26215
 CVE-2023-26214
 	RESERVED
 CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
-	TODO: check
+	NOT-FOR-US: Answer
 CVE-2023-0933
 	RESERVED
 CVE-2023-0932
@@ -518,7 +518,7 @@ CVE-2015-10082 (A vulnerability classified as problematic has been found in UIKi
 CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...)
 	NOT-FOR-US: arnoldle submitByMailPlugin
 CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been ...)
-	TODO: check
+	NOT-FOR-US: cention-chatserver
 CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...)
 	NOT-FOR-US: pixelfed
 CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodester Aut ...)
@@ -528,13 +528,13 @@ CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCo
 CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...)
 	TODO: check
 CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...)
-	TODO: check
+	NOT-FOR-US: dd-plist
 CVE-2016-15025 (A vulnerability, which was classified as problematic, was found in gen ...)
-	TODO: check
+	NOT-FOR-US: generator-hottowel
 CVE-2015-10080 (A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been  ...)
-	TODO: check
+	NOT-FOR-US: api-umbrella-web
 CVE-2014-125088 (A vulnerability was found in qt-users-jp silk 0.0.1. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: qt-users-jp
 CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been  ...)
 	NOT-FOR-US: OAICat
 CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...)
@@ -1192,7 +1192,7 @@ CVE-2023-25807
 CVE-2023-25806
 	RESERVED
 CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
-	TODO: check
+	NOT-FOR-US: Node versionn
 CVE-2023-25804
 	RESERVED
 CVE-2023-25803
@@ -1847,7 +1847,7 @@ CVE-2023-25658
 CVE-2023-25657
 	RESERVED
 CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
-	TODO: check
+	NOT-FOR-US: notation-go
 CVE-2023-25655
 	RESERVED
 CVE-2023-25654
@@ -4803,7 +4803,7 @@ CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certi
 CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...)
 	NOT-FOR-US: EMC
 CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, versions p ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...)
 	NOT-FOR-US: Dell
 CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...)
@@ -8113,9 +8113,9 @@ CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
 CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-23451
 	RESERVED
 CVE-2023-23450
@@ -22497,7 +22497,7 @@ CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transcei
 CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute  ...)
-	TODO: check
+	NOT-FOR-US: Visioweb.js
 CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45058
@@ -47029,7 +47029,7 @@ CVE-2020-36560 (Due to improper path santization, archives containing relative f
 CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle allows fo ...)
 	TODO: check
 CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...)
-	TODO: check
+	- tendermint-go-common <removed>
 CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...)
 	NOT-FOR-US: GO code.cloudfoundry.org/archiver
 CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...)
@@ -78736,7 +78736,7 @@ CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the
 CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are vulnerable to Com ...)
 	TODO: check
 CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: com.github.samtools:htsjdk
 CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...)
 	NOT-FOR-US: Node metacalc
 CVE-2022-0758 (Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10ea4a58bddeeca5060654ae24ba0a55c0f49a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a10ea4a58bddeeca5060654ae24ba0a55c0f49a0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230221/7cc8d4df/attachment.htm>

More information about the debian-security-tracker-commits mailing list