[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 4 19:57:56 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d471b326 by Salvatore Bonaccorso at 2023-05-04T20:57:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9122,11 +9122,11 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili
 CVE-2023-1386
 	RESERVED
 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to  ...)
-	NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+	NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...)
-	NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+	NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...)
-	NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+	NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...)
 	- linux 6.0.12-1
 	[bullseye] - linux 5.10.158-1
@@ -12919,7 +12919,7 @@ CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote a
 CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...)
 	NOT-FOR-US: Tenda
 CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component microbin/s ...)
-	TODO: check
+	NOT-FOR-US: Microbin
 CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...)
 	NOT-FOR-US: BP Monitoring Management System
 CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...)
@@ -16179,9 +16179,9 @@ CVE-2023-25829
 CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...)
-	TODO: check
+	NOT-FOR-US: OpenTSDB
 CVE-2023-25826 (Due to insufficient validation of parameters passed to the legacy HTTP ...)
-	TODO: check
+	NOT-FOR-US: OpenTSDB
 CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...)
 	- zoneminder 1.36.33+dfsg1-1 (unimportant)
 	NOTE: Only supported for trusted users/behind auth
@@ -26072,7 +26072,7 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve
 CVE-2023-22652
 	RESERVED
 CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2023-22650
 	RESERVED
 CVE-2023-22649
@@ -48861,7 +48861,7 @@ CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1
 CVE-2022-3406
 	RESERVED
 CVE-2022-3405 (Code execution and sensitive information disclosure due to excessive p ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-3404
 	REJECTED
 CVE-2022-3403
@@ -79413,7 +79413,7 @@ CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file u
 CVE-2022-30996
 	REJECTED
 CVE-2022-30995 (Sensitive information disclosure due to improper authentication. The f ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...)
 	NOT-FOR-US: Acronis
 CVE-2022-30993 (Cleartext transmission of sensitive information. The following product ...)
@@ -391376,7 +391376,7 @@ CVE-2017-11199
 CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...)
 	NOT-FOR-US: FineCMS
 CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privi ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Viewfinity
 CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...)
 	{DLA-3058-1 DLA-1049-1}
 	- libsndfile 1.0.28-3 (bug #869166)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230504/25d4cf9e/attachment.htm>

More information about the debian-security-tracker-commits mailing list