[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 19 21:17:02 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
986a07a1 by Salvatore Bonaccorso at 2023-07-19T22:16:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,23 +49,23 @@ CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 al
 CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2023-35900 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-35898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-34034 (Using "**" as a pattern in Spring Security configuration  for WebFlux  ...)
 	TODO: check
 CVE-2023-33876 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2023-33866 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	TODO: check
 CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...)
 	TODO: check
 CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
 CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	TODO: check
 CVE-2023-3347 [SMB2 packet signing not enforced]
@@ -11360,7 +11360,7 @@ CVE-2023-30435
 CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...)
 	NOT-FOR-US: IBM
 CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-30432
 	RESERVED
 CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
@@ -14373,9 +14373,9 @@ CVE-2023-29262
 CVE-2023-29261
 	RESERVED
 CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-29258
 	RESERVED
 CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
@@ -16988,7 +16988,7 @@ CVE-2023-28515
 CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive  ...)
 	NOT-FOR-US: IBM
 CVE-2023-28513 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-28512
 	RESERVED
 CVE-2023-28511
@@ -19279,7 +19279,7 @@ CVE-2023-27890 (The Export User plugin through 2.0 for MyBB allows XSS during th
 CVE-2023-27878
 	RESERVED
 CVE-2023-27877 (IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE ...)
 	NOT-FOR-US: IBM
 CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
@@ -24431,13 +24431,13 @@ CVE-2023-26028
 CVE-2023-26027
 	RESERVED
 CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-26025
 	RESERVED
 CVE-2023-26024
 	RESERVED
 CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...)
 	NOT-FOR-US: IBM
 CVE-2023-26021 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
@@ -53028,11 +53028,11 @@ CVE-2022-43912
 CVE-2022-43911
 	RESERVED
 CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43909
 	RESERVED
 CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43907
 	RESERVED
 CVE-2022-43906
@@ -140547,7 +140547,7 @@ CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users
 CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2021-38933 (IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cry ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38932
 	RESERVED
 CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986a07a1e374697d0f4c3e29f04082ceee682e48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986a07a1e374697d0f4c3e29f04082ceee682e48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230719/d2331c09/attachment.htm>

More information about the debian-security-tracker-commits mailing list