[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 3 21:19:20 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26116b54 by Moritz Muehlenhoff at 2023-07-03T22:18:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...)
-	TODO: check
+	NOT-FOR-US: Chrome OS
 CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...)
-	TODO: check
+	NOT-FOR-US: TWinSoft Configuration ToolChrome OS
 CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...)
 	TODO: check
 CVE-2023-36819 (Knowage is the professional open source suite for modern business anal ...)
-	TODO: check
+	NOT-FOR-US: Knowage
 CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's Temple Church ...)
-	TODO: check
+	NOT-FOR-US: tktchurch/website
 CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) accounts an ...)
-	TODO: check
+	NOT-FOR-US: Bubka 2FAuth
 CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing cloud-native  ...)
-	TODO: check
+	NOT-FOR-US: Sealos
 CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope Content M ...)
-	TODO: check
+	NOT-FOR-US: Products.CMFCore
 CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access software se ...)
-	TODO: check
+	NOT-FOR-US: TBox
 CVE-2023-36610 (The affected TBox RTUs generate software security tokens using insuffi ...)
-	TODO: check
+	NOT-FOR-US: TBox
 CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can run us ...)
-	TODO: check
+	NOT-FOR-US: TBox
 CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...)
-	TODO: check
+	NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...)
 	TODO: check
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: Maxsite CMS
 CVE-2023-36262 (An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to ob ...)
 	TODO: check
 CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute arbitrar ...)
-	TODO: check
+	NOT-FOR-US: Langchain
 CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...)
-	TODO: check
+	NOT-FOR-US: mlogclub bbs-go
 CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...)
-	TODO: check
+	NOT-FOR-US: mlogclub bbs-go
 CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...)
 	TODO: check
 CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remot ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vuln ...)
-	TODO: check
+	NOT-FOR-US: @fastify/oauth2
 CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
-	TODO: check
+	NOT-FOR-US: CometBFT
 CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
-	TODO: check
+	NOT-FOR-US: CometBFT
 CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...)
 	- python-django <unfixed> (bug #1040225)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
@@ -53,13 +53,13 @@ CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2
 CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
 	NOT-FOR-US: Hive provider for Apache Airflow
 CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2023-3370
 	REJECTED
 CVE-2023-3314 (A vulnerability arises out of a failure to comprehensively sanitize th ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2023-3313 (An OS common injection vulnerability exists in the ESM certificate API ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2023-36001
 	REJECTED
 CVE-2023-35999



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26116b54cb860003a23438c2a59c2ea63cbcddcf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26116b54cb860003a23438c2a59c2ea63cbcddcf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230703/5e53637f/attachment.htm>

More information about the debian-security-tracker-commits mailing list