[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed, 19 Apr 2023 13:27:16 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
755399ce by Salvatore Bonaccorso at 2023-04-19T22:26:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -847,7 +847,7 @@ CVE-2023-30613
 CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud 
workloads. Thi ...)
        TODO: check
 CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their 
reaction ...)
-       TODO: check
+       NOT-FOR-US: Discourse-reactions plugin
 CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in 
the aws c ...)
        TODO: check
 CVE-2023-30609
@@ -2597,11 +2597,11 @@ CVE-2023-29925
 CVE-2023-29924
        RESERVED
 CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the 
list jo ...)
-       TODO: check
+       NOT-FOR-US: PowerJob
 CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via 
the crea ...)
-       TODO: check
+       NOT-FOR-US: PowerJob
 CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via 
the crea ...)
-       TODO: check
+       NOT-FOR-US: PowerJob
 CVE-2023-29920
        RESERVED
 CVE-2023-29919
@@ -3271,7 +3271,7 @@ CVE-2023-29588
 CVE-2023-29587
        RESERVED
 CVE-2023-29586 (Code Sector TeraCopy 3.9.7 does not perform proper access 
validation o ...)
-       TODO: check
+       NOT-FOR-US: Code Sector TeraCopy
 CVE-2023-29585
        RESERVED
 CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow 
via the  ...)
@@ -3937,7 +3937,7 @@ CVE-2023-1902
 CVE-2023-1901
        RESERVED
 CVE-2023-1900 (A vulnerability within the Avira network protection feature 
allowed an ...)
-       TODO: check
+       NOT-FOR-US: Norton
 CVE-2023-1899
        RESERVED
 CVE-2023-1898
@@ -6088,11 +6088,11 @@ CVE-2023-28752
 CVE-2023-1588
        RESERVED
 CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL 
pointer ...)
-       TODO: check
+       NOT-FOR-US: Norton
 CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a 
Time-of-chec ...)
-       TODO: check
+       NOT-FOR-US: Norton
 CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a 
Time-of-chec ...)
-       TODO: check
+       NOT-FOR-US: Norton
 CVE-2023-1584
        RESERVED
        NOT-FOR-US: Quarkus
@@ -9474,9 +9474,9 @@ CVE-2023-27779 (AM Presencia v3.7.3 was discovered to 
contain a SQL injection vu
 CVE-2023-27778
        RESERVED
 CVE-2023-27777 (Cross-site scripting (XSS) vulnerability was discovered in 
Online Jewe ...)
-       TODO: check
+       NOT-FOR-US: Online Jewelry Shop
 CVE-2023-27776 (A stored cross-site scripting (XSS) vulnerability in 
/index.php?page=c ...)
-       TODO: check
+       NOT-FOR-US: Online Jewelry Shop
 CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP 
v21.1.2 all ...)
        NOT-FOR-US: LiveAction LiveSP
 CVE-2023-27774
@@ -12365,7 +12365,7 @@ CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus 
through 14104, Asset Explorer
 CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus 
MSP thro ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-26599 (XSS vulnerability in TripleSign in Tripleplay Platform 
releases prior  ...)
-       TODO: check
+       NOT-FOR-US: Tripleplay
 CVE-2023-26598
        RESERVED
 CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network 
devices ...)
@@ -14805,9 +14805,9 @@ CVE-2023-0824
 CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress 
plugin be ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior 
to Cave ...)
-       TODO: check
+       NOT-FOR-US: Tripleplay
 CVE-2023-25759 (OS Command Injection in TripleData Reporting Engine in 
Tripleplay Plat ...)
-       TODO: check
+       NOT-FOR-US: Tripleplay
 CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices 
through 2.1 ...)
        NOT-FOR-US: Onekey
 CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) 
contai ...)
@@ -15441,9 +15441,9 @@ CVE-2023-25622
 CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software 
Foundation Apach ...)
        NOT-FOR-US: Apache Sling
 CVE-2023-25620 (A CWE-754: Improper Check for Unusual or Exceptional 
Conditions vulner ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2023-25619 (A CWE-754: Improper Check for Unusual or Exceptional 
Conditions vulner ...)
-       TODO: check
+       NOT-FOR-US: Schneider Electric
 CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - 
versions ...)
        NOT-FOR-US: SAP
 CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, 
allows  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755399ceefba0d522543b93daae11a2fb69cf857

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/755399ceefba0d522543b93daae11a2fb69cf857
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to