[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 9 09:37:46 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cf8862e by Moritz Muehlenhoff at 2023-05-09T10:37:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-32111 (In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a cr ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-31407 (SAP Business Planning and Consolidation - versions 740, 750, allows an ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-31406 (Due to insufficient input validation, SAP BusinessObjects Business Int ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligence Pla ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...)
-	TODO: check
+	NOT-FOR-US: answerdev/answer
 CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.)
@@ -675,17 +675,17 @@ CVE-2023-31185
 CVE-2023-31184
 	RESERVED
 CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...)
-	TODO: check
+	NOT-FOR-US: Cybonet PineApp Mail SecureA
 CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...)
-	TODO: check
+	NOT-FOR-US: EasyTor
 CVE-2023-31181 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Trav ...)
-	TODO: check
+	NOT-FOR-US: WJJ Software
 CVE-2023-31180 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-s ...)
-	TODO: check
+	NOT-FOR-US: WJJ Software
 CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal -Vulnerability allow ...)
-	TODO: check
+	NOT-FOR-US: AgilePoint
 CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File DeleteVulnerabi ...)
-	TODO: check
+	NOT-FOR-US: AgilePoint
 CVE-2023-31177
 	RESERVED
 CVE-2023-31176
@@ -775,7 +775,7 @@ CVE-2023-31135
 CVE-2023-31134
 	RESERVED
 CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website,  ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2023-31132
 	RESERVED
 CVE-2023-31131
@@ -783,7 +783,7 @@ CVE-2023-31131
 CVE-2023-31130
 	RESERVED
 CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2023-31128
 	RESERVED
 CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
@@ -795,7 +795,7 @@ CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser
 CVE-2023-31124
 	RESERVED
 CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform  ...)
-	TODO: check
+	NOT-FOR-US: effectindex/tripreporter
 CVE-2023-30768
 	RESERVED
 CVE-2023-30763
@@ -1608,7 +1608,7 @@ CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all
 	NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5)
 	NOTE: https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d (2.3.2)
 CVE-2023-30860 (WWBN AVideo is an open source video platform. In AVideo prior to versi ...)
-	TODO: check
+	NOT-FOR-US: AVideo
 CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that helps you  ...)
 	NOT-FOR-US: Triton Minecraft plugin
 CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs. Starting in ...)
@@ -1659,7 +1659,7 @@ CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Version
 CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-30837 (Vyper is a pythonic smart contract language for the EVM. The storage a ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2023-30836
 	RESERVED
 CVE-2023-30835
@@ -1867,13 +1867,13 @@ CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render javasc
 CVE-2023-30791
 	RESERVED
 CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: MonicaHQ
 CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: MonicaHQ
 CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: MonicaHQ
 CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: MonicaHQ
 CVE-2023-30786
 	RESERVED
 CVE-2023-30785



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf8862e26f6bd6d3abf5a1bd1331187089385c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf8862e26f6bd6d3abf5a1bd1331187089385c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230509/62be7129/attachment.htm>

More information about the debian-security-tracker-commits mailing list