[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 15 Mar 2023 04:53:38 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4bf9428e by Moritz Muehlenhoff at 2023-03-15T12:53:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,11 +53,11 @@ CVE-2023-28345
 CVE-2023-28344
        RESERVED
 CVE-2023-28343 (OS command injection affects Altenergy Power Control Software 
C1.2.5 v ...)
-       TODO: check
+       NOT-FOR-US: Altenergy Power Control Software
 CVE-2023-1408
        RESERVED
 CVE-2023-1407 (A vulnerability classified as critical was found in 
SourceCodester Stu ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-1406
        RESERVED
 CVE-2022-48420
@@ -1117,7 +1117,7 @@ CVE-2023-1329
 CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been 
classifie ...)
        NOT-FOR-US: Guizhou 115cms
 CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected 
by an  ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2023-1326
        RESERVED
 CVE-2023-1325
@@ -1199,7 +1199,7 @@ CVE-2023-28007
 CVE-2023-28006
        RESERVED
 CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk 
Encryptio ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository 
froxlor ...)
        - froxlor <itp> (bug #581792)
 CVE-2023-1306
@@ -2048,7 +2048,7 @@ CVE-2023-27759
 CVE-2023-27758
        RESERVED
 CVE-2023-27757 (An arbitrary file upload vulnerability in the 
/admin/user/uploadImg co ...)
-       TODO: check
+       NOT-FOR-US: PerfreeBlog
 CVE-2023-27756
        RESERVED
 CVE-2023-27755
@@ -2437,7 +2437,7 @@ CVE-2023-27590 (Rizin is a UNIX-like reverse engineering 
framework and command-l
 CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with 
RELEASE ...)
        TODO: check
 CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL 
or REST A ...)
-       TODO: check
+       NOT-FOR-US: Hasura
 CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and 
listen to  ...)
        NOT-FOR-US: ReadtoMyShoe
 CVE-2023-27586
@@ -3503,9 +3503,9 @@ CVE-2023-27242
 CVE-2023-27241
        RESERVED
 CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack 
overflow via  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-27238
        RESERVED
 CVE-2023-27237
@@ -3513,9 +3513,9 @@ CVE-2023-27237
 CVE-2023-27236
        RESERVED
 CVE-2023-27235 (An arbitrary file upload vulnerability in the 
\admin\c\CommonControlle ...)
-       TODO: check
+       NOT-FOR-US: Jizhicms
 CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of 
Jizhicms v2. ...)
-       TODO: check
+       NOT-FOR-US: Jizhicms
 CVE-2023-27233
        RESERVED
 CVE-2023-27232
@@ -3856,9 +3856,9 @@ CVE-2023-27072
 CVE-2023-27071
        RESERVED
 CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS 
OpenPlatf ...)
-       TODO: check
+       NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS 
OpenPlatf ...)
-       TODO: check
+       NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27068
        RESERVED
 CVE-2023-27067
@@ -5125,7 +5125,7 @@ CVE-2023-0998 (A vulnerability classified as critical has 
been found in SourceCo
 CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce 
System ...)
        NOT-FOR-US: SourceCodester Moosikay E-Commerce System
 CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel 
in Prop ...)
-       TODO: check
+       NOT-FOR-US: Propius MachineSelector
 CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can 
view draft  ...)
        NOT-FOR-US: Ghost CMS
 CVE-2023-26509
@@ -7481,6 +7481,7 @@ CVE-2023-25696 (Improper Input Validation vulnerability 
in the Apache Airflow Hi
        NOT-FOR-US: Apache Airflow Hive Provider
 CVE-2023-25695
        RESERVED
+       - airflow <itp> (bug #819700)
 CVE-2023-25694
        REJECTED
 CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow 
Sqoop Pr ...)
@@ -46694,11 +46695,11 @@ CVE-2022-39218 (The JS Compute Runtime for Fastly's 
Compute@Edge platform provid
 CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is 
a GitHub ...)
        NOT-FOR-US: GitHub Advanced Security to CSV
 CVE-2022-39216 (Combodo iTop is an open source, web-based IT service 
management platfo ...)
-       TODO: check
+       NOT-FOR-US: Combodo
 CVE-2022-39215 (Tauri is a framework for building binaries for all major 
desktop platf ...)
        NOT-FOR-US: Tauri
 CVE-2022-39214 (Combodo iTop is an open source, web-based IT service 
management platfo ...)
-       TODO: check
+       NOT-FOR-US: Combodo
 CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability 
Scoring Syst ...)
        NOT-FOR-US: go-cvss
 CVE-2022-39212 (Nextcloud Talk is an open source chat, video &amp; audio calls 
client  ...)
@@ -91954,9 +91955,9 @@ CVE-2021-46402
 CVE-2022-23792
        RESERVED
 CVE-2022-23791 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-23790 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-23789
        RESERVED
 CVE-2022-23788
@@ -97718,7 +97719,7 @@ CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a 
stack-based buffer overflow
 CVE-2021-4196
        RESERVED
 CVE-2021-4195 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager
 CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 
Release  ...)
        NOT-FOR-US: Samsung
 CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to 
SMR Feb- ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf9428ebd79ec0252f5ccddfc49fd2b2fedd63d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf9428ebd79ec0252f5ccddfc49fd2b2fedd63d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to