[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 10 09:46:53 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad97d35c by Moritz Muehlenhoff at 2023-07-10T10:46:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2023-3568 (Improper Input Validation in GitHub repository fossbilling/fossbilling ...)
-	TODO: check
+	NOT-FOR-US: fossbilling
 CVE-2023-37288 (SmartBPM.NET component has a vulnerability of path traversal within it ...)
-	TODO: check
+	NOT-FOR-US: SmartBPM.NET
 CVE-2023-37287 (SmartBPM.NET has a vulnerability of using hard-coded authentication ke ...)
-	TODO: check
+	NOT-FOR-US: SmartBPM.NET
 CVE-2023-37286 (SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine ...)
-	TODO: check
+	NOT-FOR-US: SmartBPM.NET
 CVE-2021-4406 (An administrator is able to execute commands as root via the alerts ma ...)
-	TODO: check
+	NOT-FOR-US: QuantaStor
 CVE-2023-3045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Tise Technology Parking Web Report
 CVE-2023-36935
@@ -7651,7 +7651,7 @@ CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Ev
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3)
 CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr
 CVE-2023-2233
 	RESERVED
 CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -9465,7 +9465,7 @@ CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is
 CVE-2023-30443
 	RESERVED
 CVE-2023-30442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-30441 (IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8 ...)
 	NOT-FOR-US: IBM
 CVE-2023-30440 (IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW9 ...)
@@ -9487,7 +9487,7 @@ CVE-2023-30433
 CVE-2023-30432
 	RESERVED
 CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-30430
 	RESERVED
 CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...)
@@ -12484,7 +12484,7 @@ CVE-2023-29258
 CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2023-29256 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-29255 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2023-29254
@@ -13475,17 +13475,17 @@ CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wro
 CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous p ...)
 	NOT-FOR-US: Treasure Data Fluent Bit
 CVE-2023-28958 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-28957
 	RESERVED
 CVE-2023-28956 (IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 ma ...)
 	NOT-FOR-US: IBM
 CVE-2023-28955 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-28954
 	RESERVED
 CVE-2023-28953 (IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-28952
 	RESERVED
 CVE-2023-28951
@@ -18371,7 +18371,7 @@ CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infini
 CVE-2023-27559 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2023-27558 (IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privile ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27557 (IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1 ...)
 	NOT-FOR-US: IBM
 CVE-2023-27556 (IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6. ...)
@@ -18407,7 +18407,7 @@ CVE-2023-27542
 CVE-2023-27541
 	RESERVED
 CVE-2023-27540 (IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been  ...)
 	NOT-FOR-US: Zhong Bang CRMEB Java
 CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation and classified ...)
@@ -30350,7 +30350,7 @@ CVE-2023-23489 (The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 &
 CVE-2023-23488 (The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affecte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23487 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-23486
 	RESERVED
 CVE-2023-23485



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad97d35c098a7be1c8df5c676e0bb8637a956d58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad97d35c098a7be1c8df5c676e0bb8637a956d58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230710/9b783a9f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list