[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 19 20:31:33 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9f340fc by Moritz Muehlenhoff at 2023-07-19T21:31:09+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,9 +69,9 @@ CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead t
 CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...)
 	NOT-FOR-US: D-LINK
 CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...)
 	NOT-FOR-US: 1Panel
 CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...)
@@ -79,7 +79,7 @@ CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme C
 CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...)
-	TODO: check
+	NOT-FOR-US: Node matrix-react-sdk
 CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...)
@@ -109,7 +109,7 @@ CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may cau
 CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause an auth ...)
 	NOT-FOR-US: AMI SPx
 CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
 CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...)
 	NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...)
@@ -131,9 +131,9 @@ CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored Cross-Site
 CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin up to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection Instrument up  ...)
-	TODO: check
+	NOT-FOR-US: ONS Digital RAS Collection Instrument
 CVE-2018-25088 (A vulnerability, which was classified as critical, was found in Blue Y ...)
-	TODO: check
+	NOT-FOR-US: Blue Yonder postgraas_server
 CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor  ...)
 	- wolfssl <unfixed>
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/6412
@@ -77752,7 +77752,7 @@ CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob0
 CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34155 (Improper Authentication vulnerability in miniOrange OAuth Single Sign  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -144272,7 +144272,7 @@ CVE-2021-37524 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 all
 CVE-2021-37523
 	RESERVED
 CVE-2021-37522 (SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: HKing2802 Locke-Bot
 CVE-2021-37521
 	RESERVED
 CVE-2021-37520
@@ -152378,7 +152378,7 @@ CVE-2021-34125 (An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.
 CVE-2021-34124
 	RESERVED
 CVE-2021-34123 (An issue was discovered on atasm, version 1.09. A stack-buffer-overflo ...)
-	TODO: check
+	NOT-FOR-US: atasm
 CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NU ...)
 	NOT-FOR-US: ffjpeg
 CVE-2021-34121 (An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function par ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f340fc6fa4d07f8a4dbf544a00260e44e192c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f340fc6fa4d07f8a4dbf544a00260e44e192c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230719/c3958361/attachment.htm>

More information about the debian-security-tracker-commits mailing list