[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 19 21:48:50 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81d9013a by Salvatore Bonaccorso at 2023-10-19T22:47:53+02:00
Process some more NFUs

Not done yet the new Oracle MySQL CVEs as they need cross-checking with
the Oracle CPU advsory.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37450,7 +37450,7 @@ CVE-2023-26157
 CVE-2023-26156
 	RESERVED
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
-	TODO: check
+	NOT-FOR-US: node-qpdf
 CVE-2023-26154
 	RESERVED
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)
@@ -38672,7 +38672,7 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-D
 CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...)
 	- airflow <itp> (bug #819700)
 CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery) vulnerability locat ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu
 CVE-2023-25752 (When accessing throttled streams, the count of available bytes needed  ...)
 	{DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1}
 	- firefox 111.0-1
@@ -51728,7 +51728,7 @@ CVE-2022-47585
 CVE-2022-47584
 	RESERVED
 CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows code execut ...)
-	TODO: check
+	NOT-FOR-US: Mintty
 CVE-2022-47582
 	RESERVED
 CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDA ...)
@@ -61801,11 +61801,11 @@ CVE-2023-21417
 CVE-2023-21416
 	RESERVED
 CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21414 (NCC Group has found a flaw during the annual internal penetration test ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21413 (GoSecure on behalf of Genetec Inc. has found a flaw that allows for a  ...)
-	TODO: check
+	NOT-FOR-US: AXIS OS
 CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate Verifie ...)
 	NOT-FOR-US: AXIS License Plate Verifier
 CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > Access Co ...)
@@ -63810,7 +63810,7 @@ CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booste
 CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Connect
 CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
 	NOT-FOR-US: aEnrich Technology a+HRD
 CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
@@ -71964,7 +71964,7 @@ CVE-2022-42152
 CVE-2022-42151
 	RESERVED
 CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnera ...)
-	TODO: check
+	NOT-FOR-US: TinyLab linux-lab
 CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...)
 	NOT-FOR-US: kkFileView
 CVE-2022-42148
@@ -83692,7 +83692,7 @@ CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password.)
 CVE-2022-37831
 	RESERVED
 CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Interway a.s WebJET CMS
 CVE-2022-37829
 	RESERVED
 CVE-2022-37828
@@ -112229,7 +112229,7 @@ CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can
 CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.)
 	NOT-FOR-US: SWHKD
 CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured memory prot ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2 ...)
 	NOT-FOR-US: Flooding SNS firewall
 CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...)
@@ -114775,11 +114775,11 @@ CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command lin
 	- percona-xtrabackup <removed>
 	NOTE: https://jira.percona.com/browse/PXB-2722
 CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA authentication ch ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation on argum ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000 series firmwa ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure Vulnerability.)
 	NOT-FOR-US: Microsoft
 CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
@@ -119192,11 +119192,11 @@ CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3
 CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
 	NOT-FOR-US: RigoBlock Dragos
 CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138 (secure vari ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro ServerProtect ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProtect 6. ...)
@@ -122286,15 +122286,15 @@ CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because multipart/form-d
 CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a serializ ...)
 	NOT-FOR-US: OX App Suite
 CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface encrypted ...)
-	TODO: check
+	NOT-FOR-US: TETRA
 CVE-2022-24403
 	RESERVED
 CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register initializ ...)
-	TODO: check
+	NOT-FOR-US: TETRA
 CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface encrypted tr ...)
-	TODO: check
+	NOT-FOR-US: TETRA
 CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adversary t ...)
-	TODO: check
+	NOT-FOR-US: TETRA
 CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...)
 	NOT-FOR-US: Intel
 CVE-2022-24379



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d9013a5d0d4147f813323394d2524c19ad55ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d9013a5d0d4147f813323394d2524c19ad55ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231019/bfe79fbb/attachment.htm>


More information about the debian-security-tracker-commits mailing list