[Git][security-tracker-team/security-tracker][master] NFus

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
175dbee3 by Moritz Muehlenhoff at 2023-06-16T13:58:07+02:00
NFus

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -132,15 +132,15 @@ CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified
 CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...)
 	NOT-FOR-US: OTCMS
 CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...)
-	TODO: check
+	NOT-FOR-US: lua-resty-json
 CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...)
-	TODO: check
+	NOT-FOR-US: cfnts
 CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers  ...)
 	- jackson-databind <unfixed>
 	[buster] - jackson-databind <no-dsa> (Minor issue)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
 CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...)
-	TODO: check
+	NOT-FOR-US: jjson
 CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...)
 	NOT-FOR-US: Ujcms
 CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
@@ -196,7 +196,7 @@ CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to ca
 CVE-2023-34585
 	REJECTED
 CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
-	TODO: check
+	NOT-FOR-US: Langchain
 CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...)
@@ -9761,7 +9761,7 @@ CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
 CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29356 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
@@ -9775,7 +9775,7 @@ CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
 CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-29348
 	RESERVED
 CVE-2023-29347
@@ -11587,7 +11587,7 @@ CVE-2023-28812
 CVE-2023-28811
 	RESERVED
 CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...)
-	TODO: check
+	NOT-FOR-US: hikvison
 CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...)
 	NOT-FOR-US: hikvision
 CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175dbee3c33a605d6f28a9cc79b4755eb87d328d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175dbee3c33a605d6f28a9cc79b4755eb87d328d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/acdad1e7/attachment.htm>