[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 6 08:59:24 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8ba9d41 by Moritz Muehlenhoff at 2023-06-06T09:58:54+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,7 +14,7 @@ CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile applicat
 CVE-2023-3064 (Anonymous user may get the list of existing users managed by the appli ...)
 	NOT-FOR-US: Mobatime mobile application
 CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versions pr ...)
-	TODO: check
+	NOT-FOR-US: hoppscotch
 CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...)
 	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286
@@ -44,7 +44,7 @@ CVE-2023-33518 (emoncms v11 and later was discovered to contain an information d
 CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interf ...)
 	NOT-FOR-US: MarsCTF
 CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can occur for s ...)
-	TODO: check
+	NOT-FOR-US: Gitpod
 CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vul ...)
 	NOT-FOR-US: Telefnica Brasil Vivo Play (IPTV) Firmware
 CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not sanitise a ...)
@@ -72,7 +72,7 @@ CVE-2015-10114 (A vulnerability, which was classified as problematic, has been f
 CVE-2015-10113 (A vulnerability classified as problematic was found in WooFramework Tw ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...)
-	TODO: check
+	NOT-FOR-US: IBOS
 CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...)
 	NOT-FOR-US: KylinSoft
 CVE-2023-3098 (A vulnerability classified as critical has been found in KylinSoft you ...)
@@ -109,7 +109,7 @@ CVE-2013-10028 (A vulnerability was found in EELV Newsletter Plugin 2.x on WordP
 CVE-2013-10027 (A vulnerability was found in Blogger Importer Plugin up to 0.5 on Word ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3091 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura u ...)
-	TODO: check
+	NOT-FOR-US: Captura
 CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -19237,7 +19237,7 @@ CVE-2023-0838 (An issue has been discovered in GitLab affecting versions startin
 CVE-2023-0837
 	RESERVED
 CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
 	NOT-FOR-US: Intel
 CVE-2023-25773
@@ -19778,7 +19778,7 @@ CVE-2015-10078 (A vulnerability, which was classified as problematic, has been f
 CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-0779 (At the most basic level, an invalid pointer can be input that crashes  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr
 CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...)
 	- libpod 4.3.1+ds1-7 (bug #1032099)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
@@ -20222,7 +20222,7 @@ CVE-2023-25541
 CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...)
 	NOT-FOR-US: Dell
 CVE-2023-25539 (Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-25538
 	RESERVED
 CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...)
@@ -21161,7 +21161,7 @@ CVE-2023-25074
 CVE-2023-24590
 	RESERVED
 CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2023-23584
 	RESERVED
 CVE-2023-23576
@@ -21606,9 +21606,9 @@ CVE-2023-0638 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 an
 CVE-2023-0637 (A vulnerability, which was classified as critical, was found in TRENDn ...)
 	NOT-FOR-US: TRENDnet
 CVE-2023-0636 (Improper Input Validation vulnerability in ABB Ltd. ASPECT\xae-Enterpr ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2023-0635 (Improper Privilege Management vulnerability in ABB Ltd. ASPECT\xae-Ent ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...)
 	- openssh 1:9.2p1-1
 	[bullseye] - openssh <not-affected> (Vulnerable code not present)
@@ -24706,15 +24706,15 @@ CVE-2023-23958
 CVE-2023-23957
 	RESERVED
 CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23954 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23953 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23952 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...)
 	NOT-FOR-US: Symantec
 CVE-2023-23950 (User\u2019s supplied input (usually a CRLF sequence) can be used to sp ...)
@@ -26081,7 +26081,7 @@ CVE-2023-23564
 CVE-2023-23563
 	RESERVED
 CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Endpoint Security
 CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
 	NOT-FOR-US: Stormshield Endpoint Security
 CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
@@ -26758,7 +26758,7 @@ CVE-2023-23308
 CVE-2023-23307
 	RESERVED
 CVE-2023-23306 (The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0  ...)
-	TODO: check
+	NOT-FOR-US: CIQ API
 CVE-2023-23305 (The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is v ...)
 	NOT-FOR-US: GarminOS TVM component in CIQ API
 CVE-2023-23304 (The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allo ...)
@@ -29067,9 +29067,9 @@ CVE-2023-22650
 CVE-2023-22649
 	RESERVED
 CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2023-22647 (An Improper Privilege Management vulnerability in SUSE Rancher allowed ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2023-22646
 	RESERVED
 CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
@@ -32082,9 +32082,9 @@ CVE-2022-47619
 CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator cr ...)
 	NOT-FOR-US: Merit Lilin
 CVE-2022-47617 (Hitron CODA-5310 has hard-coded encryption/decryption keys in the prog ...)
-	TODO: check
+	NOT-FOR-US: Hitron
 CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific parameters in ...)
-	TODO: check
+	NOT-FOR-US: Hitron
 CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47614
@@ -32420,9 +32420,9 @@ CVE-2022-47528
 CVE-2022-47527
 	RESERVED
 CVE-2022-47526 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path travers ...)
-	TODO: check
+	NOT-FOR-US: Fox-IT DataDiode
 CVE-2022-47525 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Ze ...)
-	TODO: check
+	NOT-FOR-US: Fox-IT DataDiode
 CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...)
 	NOT-FOR-US: F-Secure SAFE Browser
 CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...)
@@ -35081,9 +35081,9 @@ CVE-2022-47031
 CVE-2022-47030
 	RESERVED
 CVE-2022-47029 (An issue was found in Action Launcher v50.5 allows an attacker to esca ...)
-	TODO: check
+	NOT-FOR-US: Action Launcher
 CVE-2022-47028 (An issue discovered in Action Launcher for Android v50.5 allows an att ...)
-	TODO: check
+	NOT-FOR-US: Action Launcher
 CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...)
 	NOT-FOR-US: Timmystudios Fast Typing Keyboard
 CVE-2022-47026



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8ba9d41e481885e26e8df0c63ba1ed84150784c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8ba9d41e481885e26e8df0c63ba1ed84150784c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230606/f4d74085/attachment.htm>

More information about the debian-security-tracker-commits mailing list