[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 23 19:56:45 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9205cae9 by Salvatore Bonaccorso at 2023-02-23T20:56:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1683,11 +1683,11 @@ CVE-2023-25814
 CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...)
 	TODO: check
 CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do  ...)
-	TODO: check
+	NOT-FOR-US: Minio
 CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2023-25809
 	RESERVED
 CVE-2023-25808
@@ -1747,7 +1747,7 @@ CVE-2023-25782
 CVE-2023-25781
 	RESERVED
 CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2023-0845
 	RESERVED
 CVE-2023-0844
@@ -3705,7 +3705,7 @@ CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server pla
 CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...)
-	TODO: check
+	NOT-FOR-US: GeoTools
 CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...)
 	TODO: check
 CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
@@ -6058,7 +6058,7 @@ CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the File
 CVE-2023-24321
 	RESERVED
 CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Axcora POS
 CVE-2023-24319
 	RESERVED
 CVE-2023-24318
@@ -6512,7 +6512,7 @@ CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrad
 CVE-2023-24094
 	RESERVED
 CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: H3C A210-G A210-GV100R005
 CVE-2023-24092
 	RESERVED
 CVE-2023-24091
@@ -9520,7 +9520,7 @@ CVE-2023-23065
 CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-23063 (Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. ...)
-	TODO: check
+	NOT-FOR-US: Cellinx NVT
 CVE-2023-23062
 	RESERVED
 CVE-2023-23061
@@ -9566,7 +9566,7 @@ CVE-2023-23042
 CVE-2023-23041
 	RESERVED
 CVE-2023-23040 (TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-23039 (An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers ...)
 	TODO: check
 CVE-2023-23038
@@ -9699,11 +9699,11 @@ CVE-2023-22976
 CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). ...)
 	NOT-FOR-US: jfinal_cms
 CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unau ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2023-22973 (A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new. ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interface/form ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...)
 	NOT-FOR-US: Hughes
 CVE-2023-22970
@@ -12005,7 +12005,7 @@ CVE-2022-48151
 CVE-2022-48150
 	RESERVED
 CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...)
-	TODO: check
+	NOT-FOR-US: Online Student Admission System in PHP Free Source Code
 CVE-2022-48148
 	RESERVED
 CVE-2022-48147
@@ -18211,7 +18211,7 @@ CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correo
 CVE-2022-46638
 	RESERVED
 CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded credentials ...)
-	TODO: check
+	NOT-FOR-US: Prolink router
 CVE-2022-46636
 	RESERVED
 CVE-2022-46635
@@ -21128,9 +21128,9 @@ CVE-2022-45602
 CVE-2022-45601
 	RESERVED
 CVE-2022-45600 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices imprope ...)
-	TODO: check
+	NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
 CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware
 CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
 	NOT-FOR-US: Joplin Desktop App
 CVE-2022-45597
@@ -25356,13 +25356,13 @@ CVE-2023-20860
 CVE-2023-20859
 	RESERVED
 CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-20857
 	RESERVED
 CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
 	NOT-FOR-US: VMware
 CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability.  ...)
 	NOT-FOR-US: VMware
 CVE-2022-44605



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205cae91568fdb8383f0702de3c5a6390c8c986

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9205cae91568fdb8383f0702de3c5a6390c8c986
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230223/db698e95/attachment.htm>


More information about the debian-security-tracker-commits mailing list