[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 24 18:48:46 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0377fa7 by Moritz Muehlenhoff at 2023-01-24T19:48:23+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -968,7 +968,7 @@ CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbound
 	NOTE: https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023 (pkgconf-1.9.4, pkgconf-1.8.1)
 	NOTE: https://nullprogram.com/blog/2023/01/18/
 CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default installation) allows ...)
-	TODO: check
+	NOT-FOR-US: Disputed KeePass issue
 CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to  ...)
 	- pyload <itp> (bug #1001980)
 CVE-2023-24054
@@ -1001,13 +1001,13 @@ CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidia
 CVE-2023-24043
 	RESERVED
 CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to achieve ...)
-	TODO: check
+	NOT-FOR-US: LightFTP
 CVE-2023-24041
 	RESERVED
 CVE-2023-24040 (** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environm ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-24039 (** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow in Parse ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_ ...)
 	- libhtml-stripscripts-perl <unfixed> (bug #1029400)
 	NOTE: https://github.com/clintongormley/perl-html-stripscripts/issues/3
@@ -1036,7 +1036,7 @@ CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a
 CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerabilit ...)
 	NOT-FOR-US: MISP
 CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2 ...)
-	TODO: check
+	NOT-FOR-US: CRYSTALS-DILITHIUM
 CVE-2023-24024
 	RESERVED
 CVE-2023-24023
@@ -1048,7 +1048,7 @@ CVE-2023-0432
 CVE-2023-0431
 	RESERVED
 CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
-	TODO: check
+	- yii <itp> (bug #597899)
 CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the co ...)
 	- modsecurity-apache 2.9.7-1 (bug #1029329)
 	[bullseye] - modsecurity-apache <no-dsa> (Minor issue)
@@ -1546,7 +1546,7 @@ CVE-2023-23826
 CVE-2023-23825
 	RESERVED
 CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23823
 	RESERVED
 CVE-2023-23822
@@ -2015,7 +2015,7 @@ CVE-2023-23689
 CVE-2023-23688
 	RESERVED
 CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube short ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23686
 	RESERVED
 CVE-2023-23685
@@ -2547,7 +2547,7 @@ CVE-2023-23562
 CVE-2023-23561
 	RESERVED
 CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
@@ -3154,7 +3154,7 @@ CVE-2023-23333
 CVE-2023-23332
 	RESERVED
 CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Amano Xoffice
 CVE-2023-23330
 	RESERVED
 CVE-2023-23329
@@ -3188,7 +3188,7 @@ CVE-2023-23316
 CVE-2023-23315
 	RESERVED
 CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...)
-	TODO: check
+	NOT-FOR-US: Zdir
 CVE-2023-23313
 	RESERVED
 CVE-2023-23312
@@ -3950,7 +3950,7 @@ CVE-2023-22962
 CVE-2023-22961
 	RESERVED
 CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of Interacti ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.ph ...)
 	NOT-FOR-US: WebChess
 CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...)
@@ -4952,7 +4952,7 @@ CVE-2023-22728
 CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
 	NOT-FOR-US: CakePHP
 CVE-2023-22726 (act is a project which allows for local running of github actions. The ...)
-	TODO: check
+	NOT-FOR-US: act
 CVE-2023-22725
 	RESERVED
 CVE-2023-22724
@@ -4962,7 +4962,7 @@ CVE-2023-22723
 CVE-2023-22722
 	RESERVED
 CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-22720
 	RESERVED
 CVE-2023-22719
@@ -5068,7 +5068,7 @@ CVE-2023-0103
 CVE-2023-0102
 	RESERVED
 CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2023-0100
 	RESERVED
 CVE-2023-0099
@@ -5290,7 +5290,7 @@ CVE-2023-22632
 CVE-2023-22631
 	RESERVED
 CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...)
-	TODO: check
+	NOT-FOR-US: IzyBat Orange casiers
 CVE-2023-22629
 	RESERVED
 CVE-2023-22628
@@ -5413,7 +5413,7 @@ CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.114
 CVE-2023-0053
 	RESERVED
 CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
-	TODO: check
+	NOT-FOR-US: SAUTER
 CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
@@ -6501,7 +6501,7 @@ CVE-2018-25057 (A vulnerability was found in simple_php_link_shortener. It has b
 CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been declar ...)
 	NOT-FOR-US: centic9 jgit-cookbook
 CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-4815
 	RESERVED
 CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0377fa79b098b52216173e26cebb547c3bc53b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0377fa79b098b52216173e26cebb547c3bc53b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/95d7e379/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list