[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 26 10:14:19 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3da90e6 by Moritz Muehlenhoff at 2023-01-26T11:13:56+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -168,11 +168,11 @@ CVE-2023-XXXX [SQL injection, sanitization, and login bypass]
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
 	NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
 CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2023-24492
 	RESERVED
 CVE-2023-24491
@@ -216,7 +216,7 @@ CVE-2023-0478
 CVE-2023-0477
 	RESERVED
 CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2023-0475
 	RESERVED
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...)
@@ -1277,7 +1277,7 @@ CVE-2023-24024
 CVE-2023-24023
 	RESERVED
 CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with  ...)
-	TODO: check
+	NOT-FOR-US: Baicells
 CVE-2023-0432
 	RESERVED
 CVE-2023-0431
@@ -1471,11 +1471,11 @@ CVE-2023-23953
 CVE-2023-23952
 	RESERVED
 CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23950 (User’s supplied input (usually a CRLF sequence) can be used to s ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23948
 	RESERVED
 CVE-2023-23947
@@ -2421,13 +2421,13 @@ CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engi
 CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...)
 	TODO: check
 CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...)
-	TODO: check
+	NOT-FOR-US: LTI
 CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...)
 	TODO: check
 CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API. In v ...)
-	TODO: check
+	NOT-FOR-US: Spotipy
 CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...)
 	NOT-FOR-US: Dasherr
 CVE-2023-23606
@@ -2514,7 +2514,7 @@ CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 CVE-2023-0322
 	RESERVED
 CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
-	TODO: check
+	NOT-FOR-US: Campbell
 CVE-2023-0320
 	RESERVED
 CVE-2023-0319
@@ -3733,7 +3733,7 @@ CVE-2023-23153
 CVE-2023-23152
 	RESERVED
 CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deleti ...)
-	TODO: check
+	NOT-FOR-US: bloofoxCMS
 CVE-2023-23150
 	RESERVED
 CVE-2023-23149
@@ -5902,7 +5902,7 @@ CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_
 CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It has been  ...)
 	NOT-FOR-US: Evolution Events Artaxerxes
 CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a m ...)
-	TODO: check
+	NOT-FOR-US: SoftPerfect
 CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...)
 	NOT-FOR-US: trampgeek jobe
 CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...)
@@ -7962,7 +7962,7 @@ CVE-2022-47769
 CVE-2022-47768
 	RESERVED
 CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web  ...)
-	TODO: check
+	NOT-FOR-US: Solar-Log
 CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...)
 	NOT-FOR-US: PopojiCMS
 CVE-2022-47765
@@ -8032,7 +8032,7 @@ CVE-2022-47734
 CVE-2022-47733
 	RESERVED
 CVE-2022-47732 (In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthe ...)
-	TODO: check
+	NOT-FOR-US: Yeastar
 CVE-2022-47731
 	RESERVED
 CVE-2022-47730
@@ -8311,7 +8311,7 @@ CVE-2022-47617
 CVE-2022-47616
 	RESERVED
 CVE-2022-47615 (Local File Inclusion vulnerability in LearnPress – WordPress LMS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47614
 	RESERVED
 CVE-2022-47613
@@ -9631,9 +9631,9 @@ CVE-2023-21798
 CVE-2023-21797
 	RESERVED
 CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21794
 	RESERVED
 CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is unique  ...)
@@ -9673,7 +9673,7 @@ CVE-2023-21777
 CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-4580
@@ -9775,7 +9775,7 @@ CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classifi
 CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...)
 	NOT-FOR-US: WP Shamsi plugin for WordPress
 CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...)
-	TODO: check
+	NOT-FOR-US: B2B Customer Ordering System
 CVE-2022-4553
 	RESERVED
 CVE-2022-4552
@@ -10012,7 +10012,7 @@ CVE-2022-4512
 CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...)
 	NOT-FOR-US: RainyGao DocSys
 CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...)
-	TODO: check
+	NOT-FOR-US: ReFirm Labs binwalk
 CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...)
@@ -10380,7 +10380,7 @@ CVE-2023-21721
 CVE-2023-21720
 	RESERVED
 CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21718
 	RESERVED
 CVE-2023-21717
@@ -11096,7 +11096,7 @@ CVE-2022-47102 (A cross-site scripting (XSS) vulnerability in Student Study Cent
 CVE-2022-47101
 	RESERVED
 CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to ar ...)
-	TODO: check
+	NOT-FOR-US: Sengled Smart bulb
 CVE-2022-47099
 	RESERVED
 CVE-2022-47098
@@ -11186,7 +11186,7 @@ CVE-2022-47075
 CVE-2022-47074
 	RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
-	TODO: check
+	NOT-FOR-US: Small CRM
 CVE-2022-47072
 	RESERVED
 CVE-2022-47071
@@ -11202,7 +11202,7 @@ CVE-2022-47067
 CVE-2022-47066
 	RESERVED
 CVE-2022-47065 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
-	TODO: check
+	NOT-FOR-US: TrendNet
 CVE-2022-47064
 	RESERVED
 CVE-2022-47063
@@ -11228,7 +11228,7 @@ CVE-2022-47054
 CVE-2022-47053
 	RESERVED
 CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to contain a c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2022-47051
 	RESERVED
 CVE-2022-47050
@@ -11248,11 +11248,11 @@ CVE-2022-47044
 CVE-2022-47043
 	RESERVED
 CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary file wri ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-47041
 	RESERVED
 CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 al ...)
-	TODO: check
+	NOT-FOR-US: ASKEY
 CVE-2022-47039
 	RESERVED
 CVE-2022-47038
@@ -11311,7 +11311,7 @@ CVE-2022-47014
 CVE-2022-47013
 	RESERVED
 CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 dynamip ...)
-	TODO: check
+	NOT-FOR-US: GNS3
 CVE-2022-47011
 	RESERVED
 CVE-2022-47010



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3da90e653bdf3224c15ca034b24e823793056d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3da90e653bdf3224c15ca034b24e823793056d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/e800b65c/attachment.htm>

More information about the debian-security-tracker-commits mailing list