[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 27 Apr 2023 01:44:34 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
da35af90 by Moritz Muehlenhoff at 2023-04-27T10:43:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet 
browser ex ...)
-       TODO: check
+       NOT-FOR-US: Trust Wallet Core
 CVE-2023-31289
        RESERVED
 CVE-2023-31288
@@ -136,7 +136,7 @@ CVE-2023-2309
 CVE-2023-2308
        RESERVED
 CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository 
builderio/qwik  ...)
-       TODO: check
+       NOT-FOR-US: builderio/qwik
 CVE-2023-2306
        RESERVED
 CVE-2023-2305
@@ -194,7 +194,7 @@ CVE-2023-2293 (A vulnerability was found in SourceCodester 
Purchase Order Manage
 CVE-2023-2292
        RESERVED
 CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in 
ManageEngine A ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2023-2290
        RESERVED
 CVE-2023-2289
@@ -1229,17 +1229,17 @@ CVE-2023-30848
 CVE-2023-30847
        RESERVED
 CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients 
with typ ...)
-       TODO: check
+       NOT-FOR-US: typed-rest-client
 CVE-2023-30845 (ESPv2 is a service proxy that provides API management 
capabilities usi ...)
-       TODO: check
+       NOT-FOR-US: ESPv2
 CVE-2023-30844
        RESERVED
 CVE-2023-30843 (Payload is a free and open source headless content management 
system.  ...)
-       TODO: check
+       NOT-FOR-US: Payload
 CVE-2023-30842 (AVideo is an open-source video platform. Prior to version 
12.4, AVideo ...)
        NOT-FOR-US: AVideo
 CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning 
integration ...)
-       TODO: check
+       NOT-FOR-US: Baremetal Operator (BMO)
 CVE-2023-30840
        RESERVED
 CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. 
Versions prio ...)
@@ -2833,7 +2833,7 @@ CVE-2023-30365
 CVE-2023-30364
        RESERVED
 CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype 
pollution due t ...)
-       TODO: check
+       NOT-FOR-US: Tencent vConsole
 CVE-2023-30362
        RESERVED
 CVE-2023-30361
@@ -13575,7 +13575,7 @@ CVE-2023-26569
 CVE-2023-26568
        RESERVED
 CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO 
file) plac ...)
-       TODO: check
+       NOT-FOR-US: Sangoma
 CVE-2023-26566
        RESERVED
 CVE-2023-26565
@@ -14604,13 +14604,13 @@ CVE-2023-26248
 CVE-2023-26247
        RESERVED
 CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle 
infotainment ...)
-       TODO: check
+       NOT-FOR-US: Hyundai
 CVE-2023-26245 (An issue was discovered in the Hyundai Gen5W_L in-vehicle 
infotainment ...)
-       TODO: check
+       NOT-FOR-US: Hyundai
 CVE-2023-26244 (An issue was discovered in the Hyundai Gen5W_L in-vehicle 
infotainment ...)
-       TODO: check
+       NOT-FOR-US: Hyundai
 CVE-2023-26243 (An issue was discovered in the Hyundai Gen5W_L in-vehicle 
infotainment ...)
-       TODO: check
+       NOT-FOR-US: Hyundai
 CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c 
in the  ...)
        - linux <unfixed> (unimportant)
        NOTE: 
https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4....@gmail.com/
@@ -17546,7 +17546,7 @@ CVE-2023-25294
 CVE-2023-25293
        RESERVED
 CVE-2023-25292 (Reflected Cross Site Scripting (XSS) in Intermesh BV 
Group-Office vers ...)
-       TODO: check
+       NOT-FOR-US: Intermesh BV Group-Office
 CVE-2023-25291
        RESERVED
 CVE-2023-25290
@@ -18744,7 +18744,7 @@ CVE-2023-24838 (HGiga PowerStation has a vulnerability 
of Information Leakage. A
 CVE-2023-24837 (HGiga PowerStation remote management function has insufficient 
filteri ...)
        NOT-FOR-US: HGiga
 CVE-2023-24836 (SUNNET CTMS has vulnerability of path traversal within its 
file upload ...)
-       TODO: check
+       NOT-FOR-US: SUNNET
 CVE-2023-24835 (Softnext Technologies Corp.&#8217;s SPAM SQR has a 
vulnerability of Co ...)
        NOT-FOR-US: Softnext
 CVE-2023-24834 (WisdomGarden Tronclass has improper access control when 
uploading file ...)
@@ -24691,7 +24691,7 @@ CVE-2023-22903 (api/views/user.py in LibrePhotos before 
e19e539 has incorrect ac
 CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient 
filtering f ...)
        NOT-FOR-US: Openfind Mail2000
 CVE-2023-22901 (ChangingTec MOTP system has a path traversal vulnerability. A 
remote a ...)
-       TODO: check
+       NOT-FOR-US: ChangingTec MOTP
 CVE-2023-22900 (Efence login function has insufficient validation for user 
input. An u ...)
        NOT-FOR-US: Efence
 CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, 
does not  ...)
@@ -27978,7 +27978,7 @@ CVE-2022-4624 (The GS Logo Slider WordPress plugin 
before 3.3.8 does not validat
 CVE-2022-4623
        RESERVED
 CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may 
disclose i ...)
-       TODO: check
+       NOT-FOR-US: VISAM VBASE Automation Base
 CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may 
disclose i ...)
        NOT-FOR-US: VISAM VBASE Automation Base
 CVE-2022-45444 (Sewio&#8217;s Real-Time Location System (RTLS) Studio version 
2.0.0 up ...)
@@ -28316,7 +28316,7 @@ CVE-2022-47760
 CVE-2022-47759
        RESERVED
 CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL 
certificate, allo ...)
-       TODO: check
+       NOT-FOR-US: Nanoleaf
 CVE-2022-47757
        RESERVED
 CVE-2022-47756
@@ -36339,7 +36339,7 @@ CVE-2022-45458
 CVE-2022-45457
        RESERVED
 CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The 
following p ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation 
cleanup. T ...)
        NOT-FOR-US: Acronis
 CVE-2022-45454 (Sensitive information disclosure due to insecure folder 
permissions. T ...)
@@ -40569,9 +40569,9 @@ CVE-2022-3762 (The Booster for WooCommerce WordPress 
plugin before 5.6.7, Booste
 CVE-2022-3761
        RESERVED
 CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of 
Deserialization of Unt ...)
-       TODO: check
+       NOT-FOR-US: aEnrich Technology a+HRD
 CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of 
Deserialization of Unt ...)
-       TODO: check
+       NOT-FOR-US: aEnrich Technology a+HRD
 CVE-2022-44448 (In wlan driver, there is a possible missing params check. This 
could l ...)
        NOT-FOR-US: Unisoc
 CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference 
issue due ...)
@@ -174870,7 +174870,7 @@ CVE-2020-36072 (SQL injection vulnerability found in 
Tailor Management System v.
 CVE-2020-36071 (SQL injection vulnerability found in Tailor Management System 
v.1 allo ...)
        NOT-FOR-US: Tailor Management System
 CVE-2020-36070 (Insecure Permission vulnerability found in Yoyager v.1.4 and 
before al ...)
-       TODO: check
+       NOT-FOR-US: Voyager
 CVE-2020-36069
        RESERVED
 CVE-2020-36068



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da35af906a23f4df36a626e0890e03df0b3bbd86

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da35af906a23f4df36a626e0890e03df0b3bbd86
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to