[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 31 11:25:33 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e5e8a1d by Moritz Muehlenhoff at 2023-07-31T12:25:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2023-4007 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-4006 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-4005 (Insufficient Session Expiration in GitHub repository fossbilling/fossb ...)
-	TODO: check
+	NOT-FOR-US: fossbilling
 CVE-2023-35019 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-35016 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-34360 (A stored cross-site scripting (XSS) issue was discovered within the Cu ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition.  ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition.  ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2023-4004
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -68,13 +68,13 @@ CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code injectio
 CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code injection ...)
 	TODO: check
 CVE-2023-39016 (bboss-persistent v6.0.9 and below was discovered to contain a code inj ...)
-	TODO: check
+	NOT-FOR-US: bboss-persistent
 CVE-2023-39015 (webmagic-extension v0.9.0 and below was discovered to contain a code i ...)
-	TODO: check
+	NOT-FOR-US: webmagic-extension
 CVE-2023-39013 (Duke v1.2 and below was discovered to contain a code injection vulnera ...)
-	TODO: check
+	NOT-FOR-US: Duke
 CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: BoofCV
 CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerabil ...)
 	NOT-FOR-US: jeecg-boot
 CVE-2023-38685 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
@@ -28766,7 +28766,7 @@ CVE-2023-24973
 CVE-2023-24972
 	RESERVED
 CVE-2023-24971 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-24970
 	RESERVED
 CVE-2023-24969
@@ -36377,7 +36377,7 @@ CVE-2023-22597 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, an
 CVE-2023-22596
 	RESERVED
 CVE-2023-22595 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...)
 	NOT-FOR-US: IBM
 CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...)
@@ -54254,7 +54254,7 @@ CVE-2022-43833
 CVE-2022-43832
 	RESERVED
 CVE-2022-43831 (IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43830
 	REJECTED
 CVE-2022-43829
@@ -259723,7 +259723,7 @@ CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attac
 CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...)
 	NOT-FOR-US: IBM
 CVE-2020-4868 (IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4867
 	RESERVED
 CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e5e8a1d61fd31d5ca32de85d4b189bf2ba4c0e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e5e8a1d61fd31d5ca32de85d4b189bf2ba4c0e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230731/ac1ba560/attachment.htm>

More information about the debian-security-tracker-commits mailing list