[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Mar 1 09:46:44 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7323ee6 by Salvatore Bonaccorso at 2023-03-01T10:46:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,19 +57,19 @@ CVE-2023-1107
 CVE-2023-1106
 	RESERVED
 CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...)
-	TODO: check
+	NOT-FOR-US: flatpressblog
 CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
-	TODO: check
+	NOT-FOR-US: flatpressblog
 CVE-2023-1103 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
-	TODO: check
+	NOT-FOR-US: flatpressblog
 CVE-2023-1102
 	RESERVED
 CVE-2023-1101
 	RESERVED
 CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Catering Reservation System
 CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Student Management System
 CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service)  ...)
 	- libmicrohttpd <unfixed>
 	NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76)
@@ -1726,7 +1726,7 @@ CVE-2023-26610
 CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to execute arbit ...)
 	NOT-FOR-US: ABUS TVIP 20000-21150 devices
 CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection and Respo ...)
-	TODO: check
+	NOT-FOR-US: SOLDR (System of Orchestration, Lifecycle control, Detection and Response)
 CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr ...)
 	- linux 4.19.37-1
 	NOTE: https://lkml.org/lkml/2023/2/21/1353
@@ -27164,7 +27164,7 @@ CVE-2023-20935
 CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...)
 	NOT-FOR-US: Android
 CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a possible w ...)
 	NOT-FOR-US: Android
 CVE-2023-20931
@@ -27657,7 +27657,7 @@ CVE-2023-20859
 CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
 	NOT-FOR-US: VMware
 CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...)
 	NOT-FOR-US: VMware
 CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...)
@@ -46578,7 +46578,7 @@ CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located
 CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...)
 	NOT-FOR-US: The Isle Evrima
 CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems Management Appli ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Systems Management Appliance (SMA)
 CVE-2022-38219
 	RESERVED
 CVE-2022-38218



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7323ee6ab19c350913a5bac116f98cd41d15f79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7323ee6ab19c350913a5bac116f98cd41d15f79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230301/d3a2a4a4/attachment-0001.htm>
