[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 15 11:53:23 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bf9428e by Moritz Muehlenhoff at 2023-03-15T12:53:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,11 +53,11 @@ CVE-2023-28345
 CVE-2023-28344
 	RESERVED
 CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...)
-	TODO: check
+	NOT-FOR-US: Altenergy Power Control Software
 CVE-2023-1408
 	RESERVED
 CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-1406
 	RESERVED
 CVE-2022-48420
@@ -1117,7 +1117,7 @@ CVE-2023-1329
 CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...)
 	NOT-FOR-US: Guizhou 115cms
 CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-1326
 	RESERVED
 CVE-2023-1325
@@ -1199,7 +1199,7 @@ CVE-2023-28007
 CVE-2023-28006
 	RESERVED
 CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-1306
@@ -2048,7 +2048,7 @@ CVE-2023-27759
 CVE-2023-27758
 	RESERVED
 CVE-2023-27757 (An arbitrary file upload vulnerability in the /admin/user/uploadImg co ...)
-	TODO: check
+	NOT-FOR-US: PerfreeBlog
 CVE-2023-27756
 	RESERVED
 CVE-2023-27755
@@ -2437,7 +2437,7 @@ CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-l
 CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...)
 	TODO: check
 CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or REST A ...)
-	TODO: check
+	NOT-FOR-US: Hasura
 CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to  ...)
 	NOT-FOR-US: ReadtoMyShoe
 CVE-2023-27586
@@ -3503,9 +3503,9 @@ CVE-2023-27242
 CVE-2023-27241
 	RESERVED
 CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injection v ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27238
 	RESERVED
 CVE-2023-27237
@@ -3513,9 +3513,9 @@ CVE-2023-27237
 CVE-2023-27236
 	RESERVED
 CVE-2023-27235 (An arbitrary file upload vulnerability in the \admin\c\CommonControlle ...)
-	TODO: check
+	NOT-FOR-US: Jizhicms
 CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2. ...)
-	TODO: check
+	NOT-FOR-US: Jizhicms
 CVE-2023-27233
 	RESERVED
 CVE-2023-27232
@@ -3856,9 +3856,9 @@ CVE-2023-27072
 CVE-2023-27071
 	RESERVED
 CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
-	TODO: check
+	NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
-	TODO: check
+	NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27068
 	RESERVED
 CVE-2023-27067
@@ -5125,7 +5125,7 @@ CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCo
 CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce System ...)
 	NOT-FOR-US: SourceCodester Moosikay E-Commerce System
 CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Prop ...)
-	TODO: check
+	NOT-FOR-US: Propius MachineSelector
 CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft  ...)
 	NOT-FOR-US: Ghost CMS
 CVE-2023-26509
@@ -7481,6 +7481,7 @@ CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hi
 	NOT-FOR-US: Apache Airflow Hive Provider
 CVE-2023-25695
 	RESERVED
+	- airflow <itp> (bug #819700)
 CVE-2023-25694
 	REJECTED
 CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow Sqoop Pr ...)
@@ -46694,11 +46695,11 @@ CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provid
 CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
 	NOT-FOR-US: GitHub Advanced Security to CSV
 CVE-2022-39216 (Combodo iTop is an open source, web-based IT service management platfo ...)
-	TODO: check
+	NOT-FOR-US: Combodo
 CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...)
 	NOT-FOR-US: Tauri
 CVE-2022-39214 (Combodo iTop is an open source, web-based IT service management platfo ...)
-	TODO: check
+	NOT-FOR-US: Combodo
 CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...)
 	NOT-FOR-US: go-cvss
 CVE-2022-39212 (Nextcloud Talk is an open source chat, video & audio calls client  ...)
@@ -91954,9 +91955,9 @@ CVE-2021-46402
 CVE-2022-23792
 	RESERVED
 CVE-2022-23791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-23789
 	RESERVED
 CVE-2022-23788
@@ -97718,7 +97719,7 @@ CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow
 CVE-2021-4196
 	RESERVED
 CVE-2021-4195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release  ...)
 	NOT-FOR-US: Samsung
 CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf9428ebd79ec0252f5ccddfc49fd2b2fedd63d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf9428ebd79ec0252f5ccddfc49fd2b2fedd63d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230315/ca8c4307/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list