[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 7 11:06:37 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d63a51f by Moritz Muehlenhoff at 2023-07-07T12:06:09+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,31 @@
+CVE-2023-33008
+	NOT-FOR-US: Apache Johnzon
 CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2023-37192 (Memory management and protection issues in Bitcoin Core v22 allows att ...)
 	TODO: check
 CVE-2023-36859 (PiiGAB M-Bus   SoftwarePack 900S  does not correctly sanitize user inp ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-36829 (Sentry is an error tracking and performance monitoring platform. Start ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2023-35987 (PiiGAB M-Bus contains hard-coded credentials which it uses for authent ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-35890 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-35765 (PiiGAB M-Bus stores credentials in a plaintext file, which could allow ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-35120 (PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker  ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-34995 (There are no requirements for setting a complex passwordfor PiiGAB M-B ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-34433 (PiiGAB M-Bus stores passwords using a weak hash algorithm.)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-33868 (The number of login attempts is not limited. This could allow an attac ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-32652 (PiiGAB M-Busdoes not validate identification strings before processing ...)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-31277 (PiiGAB M-Bus transmits credentials in plaintext format.)
-	TODO: check
+	NOT-FOR-US: PiiGAB M-Bus
 CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...)
@@ -95,51 +97,51 @@ CVE-2023-36460 (Mastodon is a free, open-source social network server based on A
 CVE-2023-36459 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2023-36189 (SQL injection vulnerability in langchain v.0.0.64 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: langchain
 CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...)
-	TODO: check
+	NOT-FOR-US: langchain
 CVE-2023-35948 (Novu provides an API for sending notifications through multiple channe ...)
-	TODO: check
+	NOT-FOR-US: Novu
 CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...)
-	TODO: check
+	NOT-FOR-US: Metersphere
 CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites.  ...)
 	TODO: check
 CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2023-34164 (Vulnerability of incomplete input parameter verification in the commun ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48520 (Unauthorized access vulnerability in the SystemUI module. Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48519 (Unauthorized access vulnerability in the SystemUI module. Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48518 (Vulnerability of signature verification in the iaware system being ini ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48517 (Unauthorized service access vulnerability in the DSoftBus module. Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48516 (Vulnerability that a unique value can be obtained by a third-party app ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48515 (Vulnerability of inappropriate permission control in Nearby. Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48514 (The Sepolicy module has inappropriate permission control on the use of ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48513 (Vulnerability of identity verification being bypassed in the Gallery m ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48512 (Use After Free (UAF) vulnerability in the Vdecoderservice service. Suc ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48511 (Use After Free (UAF) vulnerability in the audio PCM driver module unde ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48510 (Input verification vulnerability in the AMS module. Successful exploit ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48509 (Race condition vulnerability due to multi-thread access to mutually ex ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...)
 	TODO: check
 CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d63a51f9af965a82bbe3bb1fd33432ed041bff2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d63a51f9af965a82bbe3bb1fd33432ed041bff2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230707/3add6fb8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list