[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 11 Apr 2023 03:28:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e180492a by Salvatore Bonaccorso at 2023-04-11T12:28:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2339,7 +2339,7 @@ CVE-2023-29400
 CVE-2023-1904
        RESERVED
 CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not 
perform ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-1902
        RESERVED
 CVE-2023-1901
@@ -2998,15 +2998,15 @@ CVE-2023-29191
 CVE-2023-29190
        RESERVED
 CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 
106, 107,  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29188
        RESERVED
 CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL 
hijacki ...)
        TODO: check
 CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 
757, an att ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 
700, 701, ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29184
        RESERVED
 CVE-2023-29183
@@ -3198,15 +3198,15 @@ CVE-2023-29114
 CVE-2023-29113
        RESERVED
 CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 
600, 700 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29111 (The SAP AIF (ODATA service) - versions 755, 756, discloses 
more detail ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29110 (The SAP Application Interface (Message Dashboard) - versions 
AIF 703,  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - 
versions ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - 
versions WEBDI ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-29107
        RESERVED
 CVE-2023-29106
@@ -4412,15 +4412,15 @@ CVE-2023-XXXX [RUSTSEC-2022-0092]
        - rust-rmp-serde 1.1.1-1
        NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html
 CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects 
Business Inte ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-28764
        RESERVED
 CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 
750, 751,  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-28762
        RESERVED
 CVE-2023-28761 (In SAP NetWeaver Enterprise Portal - version 7.50, an 
unauthenticated  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-28760
        RESERVED
 CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A 
vulnerabil ...)
@@ -7331,7 +7331,7 @@ CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 
and earlier creates a tem
 CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 
through 2.37 ...)
        - jenkins <removed>
 CVE-2023-27897 (In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who 
is auth ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - 
version 420, 4 ...)
        NOT-FOR-US: SAP
 CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the 
screen to be ...)
@@ -8546,11 +8546,11 @@ CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP 
Platform - versions 700, 701,
 CVE-2023-27500 (An attacker with non-administrative authorizations can exploit 
a direc ...)
        NOT-FOR-US: SAP
 CVE-2023-27499 (SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 
7.85, 7 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-27498 (SAP Host Agent (SAPOSCOL) - version 7.22, allows an 
unauthenticated at ...)
        NOT-FOR-US: SAP
 CVE-2023-27497 (Due to missing authentication and input sanitization of code 
the Event ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-27393
        RESERVED
 CVE-2023-27386
@@ -9216,7 +9216,7 @@ CVE-2023-27269 (SAP NetWeaver Application Server for ABAP 
and ABAP Platform - ve
 CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 
7.50, does  ...)
        NOT-FOR-US: SAP
 CVE-2023-27267 (Due to missing authentication and insufficient input 
validation, the O ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when 
constructi ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when 
constructi ...)
@@ -9705,7 +9705,7 @@ CVE-2023-27078 (A command injection issue was found in 
TP-Link MR3020 v.1_150921
 CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote 
attacke ...)
        NOT-FOR-US: 360 D901
 CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-27075
        RESERVED
 CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain 
a SQL i ...)
@@ -11209,7 +11209,7 @@ CVE-2023-26460 (Cache Management Service in SAP 
NetWeaver Application Server for
 CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP 
and ABAP P ...)
        NOT-FOR-US: SAP
 CVE-2023-26458 (An information disclosure vulnerability exists in SAP 
Landscape Manage ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently 
encode user-c ...)
        NOT-FOR-US: SAP
 CVE-2023-26456
@@ -16893,7 +16893,7 @@ CVE-2023-24529 (Due to lack of proper input validation, 
BSP application (CRM_BSP
 CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel 
Requests) - ...)
        NOT-FOR-US: SAP
 CVE-2023-24527 (SAP NetWeaver AS Java for Deploy Service - version 7.5, does 
not perfo ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - 
version  ...)
        NOT-FOR-US: SAP
 CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 
102, 103, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e180492a9fde7d3b7ac6c511a2820e9d00702975

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e180492a9fde7d3b7ac6c511a2820e9d00702975
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to