[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 30 14:46:39 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b662276 by Moritz Muehlenhoff at 2023-01-30T15:46:14+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1855,7 +1855,7 @@ CVE-2023-24067
 CVE-2023-24066
 	RESERVED
 CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For example,  ...)
-	TODO: check
+	NOT-FOR-US: NOSH
 CVE-2023-24064
 	RESERVED
 CVE-2023-24063
@@ -1865,7 +1865,7 @@ CVE-2023-24062
 CVE-2023-24061
 	RESERVED
 CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[u ...)
-	TODO: check
+	NOT-FOR-US: Haven
 CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload prior to 0 ...)
 	- pyload <itp> (bug #1001980)
 CVE-2022-4895
@@ -3112,9 +3112,9 @@ CVE-2023-23631
 CVE-2023-23630
 	RESERVED
 CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions  ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions  ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0  ...)
 	TODO: check
 CVE-2023-23626
@@ -3132,7 +3132,7 @@ CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-23619 (Modelina is a library for generating data models based on inputs such  ...)
-	TODO: check
+	NOT-FOR-US: Modelina
 CVE-2023-23618
 	RESERVED
 CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and  ...)
@@ -3434,7 +3434,7 @@ CVE-2023-0286
 CVE-2023-0285
 	RESERVED
 CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Online Flight Booking Management System
 CVE-2023-0282
@@ -5901,7 +5901,7 @@ CVE-2023-22739 (Discourse is an open source platform for community discussion. V
 CVE-2023-22738
 	RESERVED
 CVE-2023-22737 (wire-server provides back end services for Wire, a team communication  ...)
-	TODO: check
+	NOT-FOR-US: wire-server
 CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22735
@@ -7426,11 +7426,11 @@ CVE-2022-48015
 CVE-2022-48014
 	RESERVED
 CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: Opencats
 CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: Opencats
 CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Opencats
 CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2022-48009
@@ -7671,13 +7671,13 @@ CVE-2023-22336
 CVE-2023-22335
 	RESERVED
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
-	TODO: check
+	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
 	TODO: check
 CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5. ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS
 CVE-2023-22322 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: CX-Motion Pro
 CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...)
 	NOT-FOR-US: OpenAM Web Policy Agent (different from src:openam)
 CVE-2023-22316 (Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...)
@@ -8757,7 +8757,7 @@ CVE-2022-47749
 CVE-2022-47748
 	RESERVED
 CVE-2022-47747 (kraken <= 0.1.4 has an arbitrary file read vulnerability via the co ...)
-	TODO: check
+	NOT-FOR-US: Kraken
 CVE-2022-47746
 	RESERVED
 CVE-2022-47745 (ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After loggin ...)
@@ -9031,7 +9031,7 @@ CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 befo
 CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...)
 	NOT-FOR-US: Kyverno
 CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...)
-	TODO: check
+	NOT-FOR-US: Razer
 CVE-2022-47631
 	RESERVED
 CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509  ...)
@@ -9224,11 +9224,11 @@ CVE-2023-22244
 CVE-2023-22243
 	RESERVED
 CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-22239
 	RESERVED
 CVE-2023-22238
@@ -12159,11 +12159,11 @@ CVE-2022-46970
 CVE-2022-46969
 	RESERVED
 CVE-2022-46968 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=h ...)
-	TODO: check
+	NOT-FOR-US: Revenue Collection System
 CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Revenue Collection System
 CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Revenue Collection System
 CVE-2022-46965
 	RESERVED
 CVE-2022-46964
@@ -14245,13 +14245,13 @@ CVE-2022-4241
 CVE-2022-4240
 	RESERVED
 CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security Manager  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security Manager  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-46357 (Potential vulnerabilities have been identified in HP Security Manager  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-46356 (Potential vulnerabilities have been identified in HP Security Manager  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
@@ -15880,7 +15880,7 @@ CVE-2022-45772
 CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows attacker ...)
 	NOT-FOR-US: Pwndoc
 CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adguard Fo ...)
-	TODO: check
+	NOT-FOR-US: Adguard
 CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...)
 	NOT-FOR-US: ClicShopping_V3
 CVE-2022-45768



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b66227695241cfeff142120d6763cf0d91d9cd6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b66227695241cfeff142120d6763cf0d91d9cd6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/0f07ba06/attachment.htm>

More information about the debian-security-tracker-commits mailing list