[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 12 Apr 2023 04:02:23 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
14973751 by Moritz Muehlenhoff at 2023-04-12T13:01:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3939,9 +3939,9 @@ CVE-2022-48431 (In JetBrains IntelliJ IDEA before 2023.1 
in some cases, Gradle a
 CVE-2022-48430 (In JetBrains IntelliJ IDEA before 2023.1 file content could be 
disclos ...)
        - intellij-idea <itp> (bug #747616)
 CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a 
wrong var ...)
-       TODO: check
+       NOT-FOR-US: Treasure Data Fluent Bit
 CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, 
erroneous p ...)
-       TODO: check
+       NOT-FOR-US: Treasure Data Fluent Bit
 CVE-2023-28958
        RESERVED
 CVE-2023-28957
@@ -4837,7 +4837,7 @@ CVE-2023-1554
 CVE-2023-1553
        RESERVED
 CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a 
deserialization vulne ...)
-       TODO: check
+       NOT-FOR-US: ToolboxST
 CVE-2023-28709
        RESERVED
 CVE-2023-28708 (When using the RemoteIpFilter with requests received from a 
reverse pr ...)
@@ -5928,7 +5928,7 @@ CVE-2023-22441
 CVE-2023-22361
        RESERVED
 CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an 
unquote ...)
-       TODO: check
+       NOT-FOR-US: WAB-MAT
 CVE-2023-1420
        RESERVED
 CVE-2023-1419
@@ -10257,7 +10257,7 @@ CVE-2023-26921 (OS Command Injection vulnerability in 
quectel AG550QCN allows at
 CVE-2023-26920
        RESERVED
 CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to 
sandbox escap ...)
-       TODO: check
+       NOT-FOR-US: delight-nashorn-sandbox
 CVE-2023-26918
        RESERVED
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a 
NULL poin ...)
@@ -10402,11 +10402,11 @@ CVE-2023-26849
 CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to 
contain a co ...)
        NOT-FOR-US: TOTOLINK
 CVE-2023-26847 (A stored cross-site scripting (XSS) vulnerability in OpenCATS 
v0.9.7 a ...)
-       TODO: check
+       NOT-FOR-US: OpenCATS
 CVE-2023-26846 (A stored cross-site scripting (XSS) vulnerability in OpenCATS 
v0.9.7 a ...)
-       TODO: check
+       NOT-FOR-US: OpenCATS
 CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: OpenCATS
 CVE-2023-26844
        RESERVED
 CVE-2023-26843
@@ -11277,7 +11277,7 @@ CVE-2023-26497 (An issue was discovered in Samsung 
Baseband Modem Chipset for Ex
 CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for 
Exynos M ...)
        NOT-FOR-US: Samsung
 CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK 
before 20 ...)
-       TODO: check
+       NOT-FOR-US: Open Design Alliance Drawings SDK
 CVE-2023-26494
        RESERVED
 CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D &amp; 
3D real ...)
@@ -11346,9 +11346,9 @@ CVE-2023-26469
 CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id 
during creat ...)
        NOT-FOR-US: Cerebrate
 CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server 
in a co ...)
-       TODO: check
+       NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26466 (A user with non-Admin access can change a configuration file 
on the cl ...)
-       TODO: check
+       NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26465
        RESERVED
 CVE-2023-25944
@@ -11858,7 +11858,7 @@ CVE-2023-26314 (The mono package before 
6.8.0.105+dfsg-3.3 for Debian allows arb
        [bullseye] - mono <no-dsa> (Minor issue; will be fixed via point 
release)
        NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
 CVE-2023-26293 (A vulnerability has been identified in TIA Portal V15 (All 
versions),  ...)
-       TODO: check
+       NOT-FOR-US: TIA Portal V15
 CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: Forcepoint
 CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149737510088229d863ce86501a1957b9fe7f384

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/149737510088229d863ce86501a1957b9fe7f384
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to