[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 5 09:23:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
259e3bfc by Salvatore Bonaccorso at 2023-05-05T10:23:06+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution flaw. An att ...)
 	- kibana <itp> (bug #700337)
 CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...)
@@ -7,11 +7,11 @@ CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code ex
 CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...)
 	TODO: check
 CVE-2023-2535 (Sensitive information exposure in the Web Frontend of KNIME Business H ...)
-	TODO: check
+	NOT-FOR-US: KNIME
 CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
 	TODO: check
 CVE-2017-20183 (A vulnerability was found in External Media without Import Plugin up t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2524 (A vulnerability classified as critical has been found in Control iD RH ...)
 	NOT-FOR-US: Control iD RHiD
 CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been rated as ...)
@@ -3125,7 +3125,7 @@ CVE-2023-30401
 CVE-2023-30400
 	RESERVED
 CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC  ...)
-	TODO: check
+	NOT-FOR-US: GARO Wallbox GLB/GTB/GTC
 CVE-2023-30398
 	RESERVED
 CVE-2023-30397
@@ -3267,7 +3267,7 @@ CVE-2023-30330
 CVE-2023-30329
 	RESERVED
 CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for ma ...)
-	TODO: check
+	NOT-FOR-US: Mailbutler GmbH Shimo VPN Client
 CVE-2023-30327
 	RESERVED
 CVE-2023-30326
@@ -3362,7 +3362,7 @@ CVE-2023-30284
 CVE-2023-30283
 	RESERVED
 CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop scexportcustomers
 CVE-2023-30281
 	RESERVED
 CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...)
@@ -3683,7 +3683,7 @@ CVE-2023-30124
 CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...)
 	NOT-FOR-US: wuzhicms
 CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...)
-	TODO: check
+	NOT-FOR-US: Online Food Ordering System
 CVE-2023-30121
 	RESERVED
 CVE-2023-30120
@@ -3741,13 +3741,13 @@ CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS mes
 CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10  ...)
 	NOT-FOR-US: TotalJS
 CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking Foundation O ...)
-	TODO: check
+	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2023-30092
 	RESERVED
 CVE-2023-30091
 	RESERVED
 CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...)
-	TODO: check
+	NOT-FOR-US: Semcms Shop
 CVE-2023-30089
 	RESERVED
 CVE-2023-30088
@@ -9997,7 +9997,7 @@ CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prio
 CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
 	NOT-FOR-US: Dell
 CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an improper fo ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28067
 	RESERVED
 CVE-2023-28066
@@ -18016,7 +18016,7 @@ CVE-2023-25291
 CVE-2023-25290
 	RESERVED
 CVE-2023-25289 (Directory Traversal vulnerability in virtualreception Digital Receptie ...)
-	TODO: check
+	NOT-FOR-US: virtualreception Digital Receptie
 CVE-2023-25288
 	RESERVED
 CVE-2023-25287
@@ -30886,7 +30886,7 @@ CVE-2022-38469 (An unauthorized user with network access and the decryption key
 CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...)
 	NOT-FOR-US: rfc6902
 CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47448
 	RESERVED
 CVE-2022-47447
@@ -30916,7 +30916,7 @@ CVE-2022-47436
 CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47432
@@ -37026,61 +37026,61 @@ CVE-2023-21513
 CVE-2023-21512
 	RESERVED
 CVE-2023-21511 (Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_S ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21510 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SC ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21509 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_S ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21508 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21507 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESO ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21506 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21505 (Improper access control in Samsung Core Service prior to version 2.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21504 (Potential buffer overflow vulnerability in mm_Plmncoordination.c in Sh ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21503 (Potential buffer overflow vulnerability in mm_LteInterRatManagement.c  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21502 (Improper input validation vulnerability in FactoryTest application pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21501 (Improper input validation vulnerability in mPOS fiserve trustlet prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21500 (Double free validation vulnerability in setPinPadImages in mPOS TUI tr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21499 (Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21498 (Improper input validation vulnerability in setPartnerTAInfo in mPOS TU ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21497 (Use of externally-controlled format string vulnerability in mPOS TUI t ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21496 (Active Debug Code vulnerability in ActivityManagerService prior to SMR ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21495 (Improper access control vulnerability in Knox Enrollment Service prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21494 (Potential buffer overflow vulnerability in auth api in mm_Authenticati ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21493 (Improper access control vulnerability in SemShareFileProvider prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21492 (Kernel pointers are printed in the log file prior to SMR May-2023 Rele ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21491 (Improper access control vulnerability in ThemeManager prior to SMR May ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21490 (Improper access control in GearManagerStub prior to SMR May-2023 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21489 (Heap out-of-bounds write vulnerability in bootloader prior to SMR May- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21488 (Improper access control vulnerablility in Tips prior to SMR May-2023 R ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21487 (Improper access control vulnerability in Telephony framework prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21486 (Improper export of android application components vulnerability in Ima ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21485 (Improper export of android application components vulnerability in Vid ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR May-2023 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-21483
 	RESERVED
 CVE-2023-21482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259e3bfcda73f6bc4e6e27f82276042ab56858fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259e3bfcda73f6bc4e6e27f82276042ab56858fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230505/cc464c32/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list