[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 8 18:22:48 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
052e3688 by Moritz Muehlenhoff at 2023-06-08T19:22:26+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash
 	[bullseye] - dbus <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457
 CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine  ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby  ...)
 	- gatsby <itp> (bug #922188)
 CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
@@ -17,13 +17,13 @@ CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard,
 CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
 	NOT-FOR-US: IBM
 CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: xxl-rpc
 CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...)
 	NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress
 CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0  ...)
-	TODO: check
+	NOT-FOR-US: HID SAFE
 CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-3153 [service monitor MAC flow is not rate limited]
 	- ovn <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -57,7 +57,7 @@ CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A desi
 CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract development. By ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator written in typ ...)
-	TODO: check
+	NOT-FOR-US: zxcvbn-ts
 CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and other ope ...)
 	NOT-FOR-US: mailcow
 CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...)
@@ -69,13 +69,13 @@ CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows at
 CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary file ...)
 	NOT-FOR-US: Jeecg P3 Biz Chat
 CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privileg ...)
-	TODO: check
+	NOT-FOR-US: alist
 CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution  ...)
-	TODO: check
+	NOT-FOR-US: Marval MSM
 CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key for secr ...)
-	TODO: check
+	NOT-FOR-US: Marval MSM
 CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account with de ...)
-	TODO: check
+	NOT-FOR-US: Marval MSM
 CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...)
 	TODO: check
 CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -331,19 +331,19 @@ CVE-2023-3120 (A vulnerability, which was classified as critical, was found in S
 CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester Service Provider Management System
 CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...)
-	TODO: check
+	NOT-FOR-US: Percona Monitoring and Management (PMM)
 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...)
-	TODO: check
+	NOT-FOR-US: taosdata/grafanaplugin
 CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...)
 	TODO: check
 CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
-	TODO: check
+	NOT-FOR-US: notation
 CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
-	TODO: check
+	NOT-FOR-US: notation
 CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)
-	TODO: check
+	NOT-FOR-US: notation
 CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.)
 	NOT-FOR-US: CloudPanel
 CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230608/31269924/attachment.htm>

More information about the debian-security-tracker-commits mailing list