[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 24 12:16:55 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d22978d by Moritz Muehlenhoff at 2024-01-24T13:16:31+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
 CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired pointer refere ...)
 	TODO: check
 CVE-2024-23633 (Label Studio, an open source data labeling tool had a remote import fe ...)
-	TODO: check
+	- label-studio <itp> (bug #1026232)
 CVE-2024-23453 (Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded cred ...)
-	TODO: check
+	NOT-FOR-US: Android Spoon
 CVE-2024-22380 (Electronic Delivery Check System (Ministry of Agriculture, Forestry an ...)
-	TODO: check
+	NOT-FOR-US: Electronic Delivery Check System
 CVE-2024-22372 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-22366 (Active debug code exists in Yamaha wireless LAN access point devices.  ...)
-	TODO: check
+	NOT-FOR-US: Yamaha
 CVE-2024-21796 (Electronic Deliverables Creation Support Tool (Construction Edition) p ...)
-	TODO: check
+	NOT-FOR-US: Electronic Deliverables Creation Support Tool
 CVE-2024-21765 (Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Elec ...)
-	TODO: check
+	NOT-FOR-US: Electronic Delivery Check System
 CVE-2024-0665 (The WP Customer Area plugin for WordPress is vulnerable to Reflected C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7237 (Lantronix XPort sends weakly encoded credentials within web request he ...)
-	TODO: check
+	NOT-FOR-US: Lantronix
 CVE-2023-52338 (A link following vulnerability in the Trend Micro Deep Security 20.0 a ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52337 (An improper access control vulnerability in Trend Micro Deep Security  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52331 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52330 (A cross-site scripting vulnerability in Trend Micro Apex Central could ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52329 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52328 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52327 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52326 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52325 (A local file inclusion vulnerability in one of Trend Micro Apex Centra ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52324 (An unrestricted file upload vulnerability in Trend Micro Apex Central  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52094 (An updater link following vulnerability in the Trend Micro Apex One ag ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52093 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52092 (A security agent link following vulnerability in Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52091 (An anti-spyware engine link following vulnerability in Trend Micro Ape ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-52090 (A security agent link following vulnerability in Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows version 4 ...)
-	TODO: check
+	NOT-FOR-US: Regify Regipay Client
 CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSIO ...)
 	TODO: check
 CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy F ...)
@@ -59,63 +59,63 @@ CVE-2023-51200 (An issue in the default configurations of ROS2 Foxy Fitzroy ROS_
 CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and R ...)
 	TODO: check
 CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex One manag ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47201 (A plug-in manager origin validation vulnerability in the Trend Micro A ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47200 (A plug-in manager origin validation vulnerability in the Trend Micro A ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47199 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47198 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47197 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47196 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47195 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47194 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47193 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47192 (An agent link vulnerability in the Trend Micro Apex One security agent ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-47115 (Label Studio is an a popular open source data labeling tool. Versions  ...)
-	TODO: check
+	- label-studio <itp> (bug #1026232)
 CVE-2023-46892 (The radio frequency communication protocol being used by Meross MSH30Q ...)
-	TODO: check
+	NOT-FOR-US: Meross
 CVE-2023-46889 (Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensit ...)
-	TODO: check
+	NOT-FOR-US: Meross
 CVE-2023-43317 (An issue in Coign CRM Portal v.06.06 allows a remote attacker to escal ...)
-	TODO: check
+	NOT-FOR-US: Coign CRM Portal
 CVE-2023-42144 (Cleartext Transmission during initial setup in Shelly TRV 20220811-152 ...)
-	TODO: check
+	NOT-FOR-US: Shelly TRV
 CVE-2023-41178 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-41177 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-41176 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-38627 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-38626 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, allows remo ...)
-	TODO: check
+	NOT-FOR-US: badaix Snapcast
 CVE-2023-35837 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authe ...)
-	TODO: check
+	NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-35836 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An at ...)
-	TODO: check
+	NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-35835 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The d ...)
-	TODO: check
+	NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to contain  ...)
 	TODO: check
 CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even when the ...)
-	TODO: check
+	NOT-FOR-US: Ubuntu snap pipewire-pulse
 CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 121.0.6167 ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d22978dbd8213fe7e16cfd5e700c6fd7f740805

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d22978dbd8213fe7e16cfd5e700c6fd7f740805
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240124/040f84d9/attachment.htm>


More information about the debian-security-tracker-commits mailing list