[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 04 May 2023 11:58:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d471b326 by Salvatore Bonaccorso at 2023-05-04T20:57:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9122,11 +9122,11 @@ CVE-2023-1387 (Grafana is an open-source platform for 
monitoring and observabili
 CVE-2023-1386
        RESERVED
 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing 
due to  ...)
-       NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+       NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does 
not sanit ...)
-       NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+       NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in 
the ex ...)
-       NOT-FOR-US: Amazon Fire TV Stick 3rd gen
+       NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS
 CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where 
con is a ...)
        - linux 6.0.12-1
        [bullseye] - linux 5.10.158-1
@@ -12919,7 +12919,7 @@ CVE-2023-27077 (Stack Overflow vulnerability found in 
360 D901 allows a remote a
 CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 
allows a ...)
        NOT-FOR-US: Tenda
 CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component 
microbin/s ...)
-       TODO: check
+       NOT-FOR-US: Microbin
 CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain 
a SQL i ...)
        NOT-FOR-US: BP Monitoring Management System
 CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering 
System v1. ...)
@@ -16179,9 +16179,9 @@ CVE-2023-25829
 CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code 
execution (RCE ...)
        NOT-FOR-US: Pluck CMS
 CVE-2023-25827 (Due to insufficient validation of parameters reflected in 
error messag ...)
-       TODO: check
+       NOT-FOR-US: OpenTSDB
 CVE-2023-25826 (Due to insufficient validation of parameters passed to the 
legacy HTTP ...)
-       TODO: check
+       NOT-FOR-US: OpenTSDB
 CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television 
software a ...)
        - zoneminder 1.36.33+dfsg1-1 (unimportant)
        NOTE: Only supported for trusted users/behind auth
@@ -26072,7 +26072,7 @@ CVE-2023-22665 (There is insufficient checking of user 
queries in Apache Jena ve
 CVE-2023-22652
        RESERVED
 CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher 
allows Pri ...)
-       TODO: check
+       NOT-FOR-US: Rancher
 CVE-2023-22650
        RESERVED
 CVE-2023-22649
@@ -48861,7 +48861,7 @@ CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 
9.0.0-M1 to 9.0.67, 10.0.0-M1
 CVE-2022-3406
        RESERVED
 CVE-2022-3405 (Code execution and sensitive information disclosure due to 
excessive p ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2022-3404
        REJECTED
 CVE-2022-3403
@@ -79413,7 +79413,7 @@ CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an 
extension that handles file u
 CVE-2022-30996
        REJECTED
 CVE-2022-30995 (Sensitive information disclosure due to improper 
authentication. The f ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2022-30994 (Cleartext transmission of sensitive information. The following 
product ...)
        NOT-FOR-US: Acronis
 CVE-2022-30993 (Cleartext transmission of sensitive information. The following 
product ...)
@@ -391376,7 +391376,7 @@ CVE-2017-11199
 CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in 
/application/lib/ajax/get_ ...)
        NOT-FOR-US: FineCMS
 CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a 
low privi ...)
-       TODO: check
+       NOT-FOR-US: CyberArk Viewfinity
 CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef 
function in com ...)
        {DLA-3058-1 DLA-1049-1}
        - libsndfile 1.0.28-3 (bug #869166)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d471b3264688cc35d56357347774d00324ad9d9c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to