[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 19 17:17:09 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d14b103f by Moritz Muehlenhoff at 2023-01-19T18:16:45+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,9 +49,9 @@ CVE-2023-23837
 CVE-2023-23836
 	RESERVED
 CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...)
-	TODO: check
+	NOT-FOR-US: Zephyr
 CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...)
-	TODO: check
+	NOT-FOR-US: Zephyr
 CVE-2023-0395
 	RESERVED
 CVE-2023-0393
@@ -286,7 +286,7 @@ CVE-2022-46302
 CVE-2022-43440
 	RESERVED
 CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...)
-	TODO: check
+	NOT-FOR-US: Zowe
 CVE-2017-20174
 	RESERVED
 CVE-2015-10070
@@ -392,7 +392,7 @@ CVE-2023-0344
 CVE-2023-0343
 	RESERVED
 CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
-	TODO: check
+	NOT-FOR-US: frioux ptome
 CVE-2023-23753
 	RESERVED
 CVE-2023-23752
@@ -512,9 +512,9 @@ CVE-2023-0340
 CVE-2023-0339
 	RESERVED
 CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
-	TODO: check
+	NOT-FOR-US: lirantal/daloradius
 CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
-	TODO: check
+	NOT-FOR-US: lirantal/daloradius
 CVE-2023-0336
 	RESERVED
 CVE-2023-0335
@@ -532,11 +532,11 @@ CVE-2020-36653 (A vulnerability was found in GENI Portal. It has been rated as p
 CVE-2017-20173 (A vulnerability was found in AlexRed contentmap. It has been rated as  ...)
 	NOT-FOR-US: AlexRed contentmap
 CVE-2017-20172 (A vulnerability was found in ridhoq soundslike. It has been classified ...)
-	TODO: check
+	NOT-FOR-US: ridhoq soundslike
 CVE-2015-10068 (A vulnerability classified as critical was found in danynab movify-j.  ...)
-	TODO: check
+	NOT-FOR-US: danynab movify-j
 CVE-2012-10006 (A vulnerability classified as critical has been found in ale7714 sigep ...)
-	TODO: check
+	NOT-FOR-US: ale7714
 CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been declared ...)
 	NOT-FOR-US: iamdroppy phoenixcf
 CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...)
@@ -686,25 +686,25 @@ CVE-2022-48261
 CVE-2020-36652
 	RESERVED
 CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and classifi ...)
-	TODO: check
+	NOT-FOR-US: youngerheart nodeserver
 CVE-2018-25077 (A vulnerability was found in melnaron mel-spintax. It has been rated a ...)
-	TODO: check
+	NOT-FOR-US: melnaron mel-spintax
 CVE-2017-20171 (A vulnerability classified as critical has been found in PrivateSky ap ...)
-	TODO: check
+	NOT-FOR-US: PrivateSky
 CVE-2015-10067 (A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has ...)
-	TODO: check
+	NOT-FOR-US: oznetmaster SSharpSmartThreadPool
 CVE-2015-10066 (A vulnerability was found in tynx wuersch and classified as critical.  ...)
-	TODO: check
+	NOT-FOR-US: tynx wuersch
 CVE-2015-10065 (A vulnerability classified as critical was found in AenBleidd FiND. Th ...)
-	TODO: check
+	NOT-FOR-US: AenBleidd FiND
 CVE-2014-125082 (A vulnerability was found in nivit redports. It has been declared as c ...)
-	TODO: check
+	NOT-FOR-US: nivit redports
 CVE-2014-125081 (A vulnerability, which was classified as critical, has been found in r ...)
-	TODO: check
+	NOT-FOR-US: risheesh debutsav
 CVE-2010-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil ...)
-	TODO: check
+	NOT-FOR-US: lierdakil click-reminder
 CVE-2010-10006 (A vulnerability, which was classified as problematic, was found in mic ...)
-	TODO: check
+	NOT-FOR-US: michaelliao jopenid
 CVE-2023-23637 (IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain te ...)
 	NOT-FOR-US: IMPatienT
 CVE-2023-23636
@@ -849,27 +849,27 @@ CVE-2023-0318
 CVE-2023-0317
 	RESERVED
 CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...)
-	TODO: check
+	NOT-FOR-US: Sisimai
 CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified  ...)
 	NOT-FOR-US: ollpu parontalli
 CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated as crit ...)
 	NOT-FOR-US: nickzren alsdb
 CVE-2015-10064 (A vulnerability was found in VictorFerraresi pokemon-database-php. It  ...)
-	TODO: check
+	NOT-FOR-US: pokemon-database-php
 CVE-2015-10063 (A vulnerability was found in saemorris TheRadSystem and classified as  ...)
 	NOT-FOR-US: saemorris TheRadSystem
 CVE-2015-10062 (A vulnerability, which was classified as problematic, was found in gal ...)
-	TODO: check
+	NOT-FOR-US: galaxy-data-resource
 CVE-2015-10061 (A vulnerability was found in evandro-machado Trabalho-Web2. It has bee ...)
-	TODO: check
+	NOT-FOR-US: Trabalho-Web2.
 CVE-2015-10060 (A vulnerability was found in MNBikeways database and classified as cri ...)
-	TODO: check
+	NOT-FOR-US: MNBikeways
 CVE-2015-10059 (A vulnerability has been found in s134328 Webapplication-Veganguide an ...)
-	TODO: check
+	NOT-FOR-US: Webapplication-Veganguide
 CVE-2015-10058 (A vulnerability, which was classified as problematic, was found in Wik ...)
-	TODO: check
+	NOT-FOR-US: Wikisource Category Browser
 CVE-2013-10013 (A vulnerability was found in Bricco Authenticator Plugin. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Bricco Authenticator Plugin
 CVE-2023-0316 (Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor pr ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-0315 (Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. ...)
@@ -1014,7 +1014,7 @@ CVE-2023-0292
 CVE-2023-0291
 	RESERVED
 CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter  ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
 	NOT-FOR-US: craigk5n/webcalendar
 CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -1391,7 +1391,7 @@ CVE-2023-0244 (A vulnerability classified as critical was found in TuziCMS 2.0.6
 CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS 2.0.6 ...)
 	NOT-FOR-US: TuziCMS
 CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2023-0241
 	RESERVED
 CVE-2023-0240
@@ -2196,7 +2196,7 @@ CVE-2023-0216
 CVE-2023-0215
 	RESERVED
 CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...)
-	TODO: check
+	NOT-FOR-US: Skyhigh SWG
 CVE-2023-0213
 	RESERVED
 CVE-2023-0212
@@ -2670,7 +2670,7 @@ CVE-2023-0166
 CVE-2023-0165
 	RESERVED
 CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
-	TODO: check
+	NOT-FOR-US: OrangeScrum
 CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...)
 	NOT-FOR-US: Nostromo webserver
 CVE-2022-48252 (The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote ...)
@@ -2735,7 +2735,7 @@ CVE-2023-0160
 CVE-2023-0159
 	RESERVED
 CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...)
-	TODO: check
+	NOT-FOR-US: NLnet Labs Krill
 CVE-2023-0157
 	RESERVED
 CVE-2023-0156
@@ -3459,21 +3459,21 @@ CVE-2023-22736
 CVE-2023-22735
 	RESERVED
 CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-22732 (Shopware is an open source commerce platform based on Symfony Framewor ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-22731 (Shopware is an open source commerce platform based on Symfony Framewor ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony Framewor ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2023-22729
 	RESERVED
 CVE-2023-22728
 	RESERVED
 CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
-	TODO: check
+	NOT-FOR-US: CakePHP
 CVE-2023-22726
 	RESERVED
 CVE-2023-22725
@@ -3825,7 +3825,7 @@ CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN be
 CVE-2023-22625
 	RESERVED
 CVE-2023-22624 (Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2023-22623
 	RESERVED
 CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14b103fc2f90764e1ef4a807fa643888dad3e22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d14b103fc2f90764e1ef4a807fa643888dad3e22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230119/0a1b5aaf/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list