[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 22 13:09:44 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14bbbb1f by Moritz Muehlenhoff at 2023-11-22T14:06:58+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2023-48302 (Nextcloud Server provides data storage for Nextcloud, an open so
 CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
-	TODO: check
+	NOT-FOR-US: TorchServe
 CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based RPC syst ...)
@@ -147,11 +147,11 @@ CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 3D
 CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.)
 	NOT-FOR-US: zephyr-rtos
 CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...)
-	TODO: check
+	- firefox <not-affected> (Only affects Firefox for iOS)
 CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...)
-	TODO: check
+	- firefox <not-affected> (Only affects Firefox for iOS)
 CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...)
-	TODO: check
+	NOT-FOR-US: OpenReplay
 CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...)
 	NOT-FOR-US: SUP Online Shopping
 CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...)
@@ -265,7 +265,7 @@ CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff in
 CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to v ...)
 	TODO: check
 CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...)
-	TODO: check
+	NOT-FOR-US: wire-avs
 CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...)
 	NOT-FOR-US: Strapi Protected Populate Plugin
 CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...)
@@ -161776,7 +161776,7 @@ CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerab
 CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
 	NOT-FOR-US: Delta Electronic
 CVE-2021-38405 (The Datalogics APDFL library used in affected products is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
 	NOT-FOR-US: Delta Electronic
 CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to  ...)
@@ -163205,7 +163205,7 @@ CVE-2021-37944
 CVE-2021-37943
 	RESERVED
 CVE-2021-37942 (A local privilege escalation issue was found with the APM Java agent,  ...)
-	TODO: check
+	NOT-FOR-US: Elastic APM Java agent
 CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent,  ...)
 	NOT-FOR-US: Elastic APM Java agent
 CVE-2021-37940 (An information disclosure via GET request server-side request forgery  ...)
@@ -163215,7 +163215,7 @@ CVE-2021-37939 (It was discovered that Kibana\u2019s JIRA connector & IBM Resili
 CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
 	- kibana <itp> (bug #700337)
 CVE-2021-37937 (An issue was found with how API keys are created with the Fleet-Server ...)
-	TODO: check
+	- elasticsearch <removed>
 CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...)
 	- kibana <itp> (bug #700337)
 CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow  ...)
@@ -202921,9 +202921,9 @@ CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console
 CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in  ...)
 	NOT-FOR-US: BlackBerry UEM
 CVE-2021-22151 (It was discovered that Kibana was not validating a user supplied path, ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2021-22150 (It was discovered that a user with Fleet admin permissions could uploa ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...)
 	NOT-FOR-US: Elastic Enterprise Search
 CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...)
@@ -202937,7 +202937,7 @@ CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearc
 CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...)
 	- elasticsearch <removed>
 CVE-2021-22143 (The Elastic APM .NET Agent can leak sensitive HTTP header information  ...)
-	TODO: check
+	NOT-FOR-US: Elastic APM .NET Agent
 CVE-2021-22142 (Kibana contains an embedded version of the Chromium browser that the R ...)
 	- kibana <itp> (bug #700337)
 CVE-2021-22141 (An open redirect flaw was found in Kibana versions before 7.13.0 and 6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14bbbb1f0ce453fbe06ca44cccf4dabe38a15532

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14bbbb1f0ce453fbe06ca44cccf4dabe38a15532
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/26db48dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list