[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 28 Aug 2023 01:31:31 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ad2aa325 by Moritz Muehlenhoff at 2023-08-28T10:31:00+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository 
omeka/omeka-s ...)
-       TODO: check
+       NOT-FOR-US: Omeka S
 CVE-2023-4560 (Improper Authorization of Index Containing Sensitive 
Information in Gi ...)
-       TODO: check
+       NOT-FOR-US: Omeka S
 CVE-2023-4559 (A vulnerability, which was classified as critical, has been 
found in B ...)
-       TODO: check
+       NOT-FOR-US: Bettershop LaikeTui
 CVE-2023-4558 (A vulnerability classified as critical was found in 
SourceCodester Inv ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-4557 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-40195 (Deserialization of Untrusted Data, Inclusion of Functionality 
from Unt ...)
-       TODO: check
+       NOT-FOR-US: Apache Airflow Spark Provider
 CVE-2023-38730 (IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses 
weaker  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-38030 (Saho\u2019s attendance devices ADM100 and ADM-100FP have a 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Saho
 CVE-2023-38029 (Saho\u2019s attendance devices ADM100 and ADM-100FP has 
insufficient f ...)
-       TODO: check
+       NOT-FOR-US: Saho
 CVE-2023-38028 (Saho\u2019s attendance devices ADM100 and ADM-100FP have 
insufficient  ...)
-       TODO: check
+       NOT-FOR-US: Saho
 CVE-2023-38027 (SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function 
has a vu ...)
-       TODO: check
+       NOT-FOR-US: SpotCam
 CVE-2023-38026 (SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using 
hard-code ...)
-       TODO: check
+       NOT-FOR-US: SpotCam
 CVE-2023-38025 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function 
has a vu ...)
-       TODO: check
+       NOT-FOR-US: SpotCam
 CVE-2023-38024 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function 
has a vu ...)
-       TODO: check
+       NOT-FOR-US: SpotCam
 CVE-2023-33852 (IBM Security Guardium 11.4 is vulnerable to SQL injection. A 
remote at ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2016-15035 (A vulnerability was found in Doc2k RE-Chat 1.0. It has been 
classified ...)
-       TODO: check
+       NOT-FOR-US: Doc2k RE-Chat
 CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate 
Tracer Sys ...)
        NOT-FOR-US: SourceCodester Online Graduate Tracer System
 CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory 
Management  ...)
@@ -69,11 +69,11 @@ CVE-2023-40587 (Pyramid is an open source Python web 
framework. A path traversal
 CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web 
application fi ...)
        NOT-FOR-US: OWASP Coraza WAF
 CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as 
part of M ...)
-       TODO: check
+       NOT-FOR-US: ironic-image container image
 CVE-2023-40583 (libp2p is a networking stack and library modularized out of 
The IPFS P ...)
        NOT-FOR-US: go-libp2p
 CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic 
vulnerabilities. V ...)
-       TODO: check
+       NOT-FOR-US: weblogic-framework
 CVE-2023-40166 (Notepad++ is a free and open-source source code editor. 
Versions 8.5.6 ...)
        NOT-FOR-US: Notepad++
 CVE-2023-40164 (Notepad++ is a free and open-source source code editor. 
Versions 8.5.6 ...)
@@ -119,7 +119,7 @@ CVE-2023-41249 (In JetBrains TeamCity before 2023.05.3 
reflected XSS was possibl
 CVE-2023-41248 (In JetBrains TeamCity before 2023.05.3 stored XSS was possible 
during  ...)
        NOT-FOR-US: JetBrains TeamCity
 CVE-2023-41173 (AdGuard DNS before 2.2 allows remote attackers to cause a 
denial of se ...)
-       TODO: check
+       NOT-FOR-US: AdGuard
 CVE-2023-41167 (@webiny/react-rich-text-renderer before 5.37.2 allows XSS 
attacks by c ...)
        NOT-FOR-US: Webiny
 CVE-2023-40915 (Tenda AX3 v16.03.12.11 has a stack buffer overflow 
vulnerability detec ...)
@@ -484,7 +484,7 @@ CVE-2023-41105 (An issue was discovered in Python 3.11 
through 3.11.4. If a path
        NOTE: Backport for 3.12: https://github.com/python/cpython/pull/107981
        NOTE: Backport for 3.11: https://github.com/python/cpython/pull/107982
 CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise 
6.0.x befor ...)
-       TODO: check
+       NOT-FOR-US: libvmod-digest
 CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for 
EXT:form) ex ...)
        NOT-FOR-US: TYPO3 extension
 CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In 
app/Controller/DashboardsC ...)
@@ -16288,11 +16288,11 @@ CVE-2023-30439
 CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM 
Power9 and Po ...)
        NOT-FOR-US: IBM
 CVE-2023-30437 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow an 
unauthorized ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-30436 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to 
cross-site ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-30435 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to 
stored cro ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 
5.1.3.0 ...)
        NOT-FOR-US: IBM
 CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker 
to condu ...)
@@ -28660,11 +28660,11 @@ CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable 
to cross-site scripting. Thi
 CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to 
perform una ...)
        NOT-FOR-US: IBM
 CVE-2023-26272 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-26271 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-26270 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX 
managemen ...)
        NOT-FOR-US: Apache James
 CVE-2023-26268 (Design documents with matching document IDs, from databases on 
the sam ...)
@@ -32828,7 +32828,7 @@ CVE-2023-24961
 CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote 
attacker t ...)
        NOT-FOR-US: IBM
 CVE-2023-24959 (IBM InfoSphere Information Systems 11.7 could expose 
information about ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 
8.51.2.12, 8.52 ...)
        NOT-FOR-US: IBM
 CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 
19.0.0. ...)
@@ -37374,7 +37374,7 @@ CVE-2023-23475 (IBM Infosphere Information Server 11.7 
is vulnerable to cross-si
 CVE-2023-23474
        RESERVED
 CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site req ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-23472
        RESERVED
 CVE-2023-23471
@@ -39302,7 +39302,7 @@ CVE-2023-22879
 CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials 
in plai ...)
        NOT-FOR-US: IBM
 CVE-2023-22877 (IBM InfoSphere Information Server 11.7 is potentially 
vulnerable to CS ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.0.3.7 a ...)
        NOT-FOR-US: IBM
 CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used 
for SSL/T ...)
@@ -58303,17 +58303,17 @@ CVE-2022-43911
 CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to 
escalate their  ...)
        NOT-FOR-US: IBM
 CVE-2022-43909 (IBM Security Guardium 11.4 is vulnerable to cross-site 
scripting. This ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user 
to cause  ...)
        NOT-FOR-US: IBM
 CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated 
attacker ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-43906
        RESERVED
 CVE-2022-43905
        RESERVED
 CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive 
informati ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-43903
        RESERVED
 CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a 
denial  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2aa3250959efd4cb1e63e15a81d7172ee48c09

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2aa3250959efd4cb1e63e15a81d7172ee48c09
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to