[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 6 21:27:08 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f3e0475 by Salvatore Bonaccorso at 2023-06-06T22:26:39+02:00
Process some NFUs

- - - - -
98611881 by Salvatore Bonaccorso at 2023-06-06T22:26:39+02:00
Add CVE-2023-33613/axtls

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-3123
 	REJECTED
 CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking Management up to ...)
-	TODO: check
+	NOT-FOR-US: Dahua Smart Parking Management
 CVE-2023-3120 (A vulnerability, which was classified as critical, was found in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Service Provider Management System
 CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Service Provider Management System
 CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...)
 	TODO: check
 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...)
@@ -13,7 +13,7 @@ CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/gra
 CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...)
 	TODO: check
 CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...)
-	TODO: check
+	NOT-FOR-US: Kiwi TCMS
 CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
 	TODO: check
 CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
@@ -21,35 +21,35 @@ CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and cont
 CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
 	TODO: check
 CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.)
-	TODO: check
+	NOT-FOR-US: CloudPanel
 CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...)
-	TODO: check
+	NOT-FOR-US: DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware
 CVE-2023-33659 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2023-33653 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...)
-	TODO: check
+	NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33652 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...)
-	TODO: check
+	NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33651 (An issue in the MVC Device Simulator of Sitecore Experience Platform ( ...)
-	TODO: check
+	NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33613 (axTLS v2.1.5 was discovered to contain a heap buffer overflow in the b ...)
-	TODO: check
+	- axtls <removed>
 CVE-2023-33569 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Faculty Evaluation System
 CVE-2023-33533 (Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Vers ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-33532 (There is a command injection vulnerability in the Netgear R6250 router ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-33530 (There is a command injection vulnerability in the Tenda G103 Gigabit G ...)
 	NOT-FOR-US: Tenda
 CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user can obta ...)
-	TODO: check
+	NOT-FOR-US: Harmonic NSG 9000-6G devices
 CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...)
 	TODO: check
 CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...)
-	TODO: check
+	NOT-FOR-US: Sogou Workflow
 CVE-2023-33381 (A command injection vulnerability was found in the ping functionality  ...)
-	TODO: check
+	NOT-FOR-US: MitraStar
 CVE-2023-32683 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...)
 	TODO: check
 CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae773d80f3bb6b434353d0a468275983ec9b19a6...986118814eb3d63c5cf93f98139409b56b4c02c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae773d80f3bb6b434353d0a468275983ec9b19a6...986118814eb3d63c5cf93f98139409b56b4c02c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230606/d8d5fb42/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list