[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 11 20:17:00 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0d74f05 by Salvatore Bonaccorso at 2023-03-11T21:16:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -827,13 +827,13 @@ CVE-2023-27855
 CVE-2023-27854
 	RESERVED
 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-25076
 	RESERVED
 CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior vers ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-1246 (Files or Directories Accessible to External Parties vulnerability in S ...)
-	TODO: check
+	NOT-FOR-US: Saysis Starcities
 CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
 	NOT-FOR-US: Answer
 CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
@@ -985,7 +985,7 @@ CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as
 CVE-2023-1199
 	RESERVED
 CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Saysis Starcities
 CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
 	NOT-FOR-US: UVdesk
 CVE-2023-1196
@@ -1628,7 +1628,7 @@ CVE-2023-27579
 CVE-2023-27578
 	RESERVED
 CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...)
-	TODO: check
+	NOT-FOR-US: Flarum
 CVE-2023-27576
 	RESERVED
 CVE-2023-27575
@@ -1810,7 +1810,7 @@ CVE-2023-27534
 CVE-2023-27533
 	RESERVED
 CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows encry ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2023-27531
 	RESERVED
 CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2. ...)
@@ -2424,7 +2424,7 @@ CVE-2023-1093
 CVE-2023-1092
 	RESERVED
 CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Alpata Licensed Warehousing Automation System
 CVE-2023-1090
 	RESERVED
 CVE-2023-1089
@@ -7087,7 +7087,7 @@ CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prio
 CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-0746 (The help page in GigaVUE-FM, when using GigaVUE-OS software version 5. ...)
-	TODO: check
+	NOT-FOR-US: GigaVUE-FM
 CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Manag ...)
 	- yugabyte-db <itp> (bug #989673)
 CVE-2022-48321 (Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe2 ...)
@@ -15655,9 +15655,9 @@ CVE-2023-22634
 CVE-2023-22633
 	RESERVED
 CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-22291
 	RESERVED
 CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...)
@@ -15673,7 +15673,7 @@ CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress i
 CVE-2023-0084 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
 	NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress
 CVE-2023-0083 (The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior vers ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...)
@@ -30116,7 +30116,7 @@ CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2022-44574 (An improper authentication vulnerability exists in Avalanche version 6 ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-44573
 	RESERVED
 CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d74f0525a1420c10ff5b12486428f18cb9cc29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0d74f0525a1420c10ff5b12486428f18cb9cc29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230311/318605b9/attachment.htm>


More information about the debian-security-tracker-commits mailing list