[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 26 Jan 2023 02:14:29 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c3da90e6 by Moritz Muehlenhoff at 2023-01-26T11:13:56+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -168,11 +168,11 @@ CVE-2023-XXXX [SQL injection, sanitization, and login 
bypass]
        NOTE: 
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
        NOTE: 
https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92
 CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in 
Tenable.s ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in 
Tenable.sc ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to 
improper ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2023-24492
        RESERVED
 CVE-2023-24491
@@ -216,7 +216,7 @@ CVE-2023-0478
 CVE-2023-0477
        RESERVED
 CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to 
improper va ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2023-0475
        RESERVED
 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 
109.0.5414.119 a ...)
@@ -1277,7 +1277,7 @@ CVE-2023-24024
 CVE-2023-24023
        RESERVED
 CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB 
devices with  ...)
-       TODO: check
+       NOT-FOR-US: Baicells
 CVE-2023-0432
        RESERVED
 CVE-2023-0431
@@ -1471,11 +1471,11 @@ CVE-2023-23953
 CVE-2023-23952
        RESERVED
 CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the 
current user b ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2023-23950 (User&#8217;s supplied input (usually a CRLF sequence) can be 
used to s ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript 
code th ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2023-23948
        RESERVED
 CVE-2023-23947
@@ -2421,13 +2421,13 @@ CVE-2023-23613 (OpenSearch is an open source 
distributed and RESTful search engi
 CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search 
engine. Op ...)
        TODO: check
 CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI 
specificat ...)
-       TODO: check
+       NOT-FOR-US: LTI
 CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. 
Versions prio ...)
        TODO: check
 CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system 
for Next ...)
-       TODO: check
+       NOT-FOR-US: Contiki-NG
 CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web 
API. In v ...)
-       TODO: check
+       NOT-FOR-US: Spotipy
 CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In 
affected v ...)
        NOT-FOR-US: Dasherr
 CVE-2023-23606
@@ -2514,7 +2514,7 @@ CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in 
GitHub repository pimcore/
 CVE-2023-0322
        RESERVED
 CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and 
CR3000 m ...)
-       TODO: check
+       NOT-FOR-US: Campbell
 CVE-2023-0320
        RESERVED
 CVE-2023-0319
@@ -3733,7 +3733,7 @@ CVE-2023-23153
 CVE-2023-23152
        RESERVED
 CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary 
file deleti ...)
-       TODO: check
+       NOT-FOR-US: bloofoxCMS
 CVE-2023-23150
        RESERVED
 CVE-2023-23149
@@ -5902,7 +5902,7 @@ CVE-2023-0029 (A vulnerability was found in Multilaser 
RE708 RE1200R4GC-2T2R-V3_
 CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It 
has been  ...)
        NOT-FOR-US: Evolution Events Artaxerxes
 CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to 
execute a m ...)
-       TODO: check
+       NOT-FOR-US: SoftPerfect
 CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 
and class ...)
        NOT-FOR-US: trampgeek jobe
 CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss 
Dashboar ...)
@@ -7962,7 +7962,7 @@ CVE-2022-47769
 CVE-2022-47768
        RESERVED
 CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access 
via web  ...)
-       TODO: check
+       NOT-FOR-US: Solar-Log
 CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload 
vulnerabili ...)
        NOT-FOR-US: PopojiCMS
 CVE-2022-47765
@@ -8032,7 +8032,7 @@ CVE-2022-47734
 CVE-2022-47733
        RESERVED
 CVE-2022-47732 (In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Yeastar
 CVE-2022-47731
        RESERVED
 CVE-2022-47730
@@ -8311,7 +8311,7 @@ CVE-2022-47617
 CVE-2022-47616
        RESERVED
 CVE-2022-47615 (Local File Inclusion vulnerability in LearnPress &#8211; 
WordPress LMS ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47614
        RESERVED
 CVE-2022-47613
@@ -9631,9 +9631,9 @@ CVE-2023-21798
 CVE-2023-21797
        RESERVED
 CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability.  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability.  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-21794
        RESERVED
 CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability. This CVE ID is 
unique  ...)
@@ -9673,7 +9673,7 @@ CVE-2023-21777
 CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability. ...)
        NOT-FOR-US: Microsoft
 CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
        NOT-FOR-US: Microsoft
 CVE-2022-4580
@@ -9775,7 +9775,7 @@ CVE-2022-4556 (A vulnerability was found in Alinto SOGo 
up to 5.7.1 and classifi
 CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to 
authorization bypa ...)
        NOT-FOR-US: WP Shamsi plugin for WordPress
 CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project 
and Cons ...)
-       TODO: check
+       NOT-FOR-US: B2B Customer Ordering System
 CVE-2022-4553
        RESERVED
 CVE-2022-4552
@@ -10012,7 +10012,7 @@ CVE-2022-4512
 CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and 
classified as cr ...)
        NOT-FOR-US: RainyGao DocSys
 CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs 
binwalk f ...)
-       TODO: check
+       NOT-FOR-US: ReFirm Labs binwalk
 CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not 
validate a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-43494 (An unauthorized user could be able to read any file on the 
system, pot ...)
@@ -10380,7 +10380,7 @@ CVE-2023-21721
 CVE-2023-21720
        RESERVED
 CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-21718
        RESERVED
 CVE-2023-21717
@@ -11096,7 +11096,7 @@ CVE-2022-47102 (A cross-site scripting (XSS) 
vulnerability in Student Study Cent
 CVE-2022-47101
        RESERVED
 CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows 
attackers to ar ...)
-       TODO: check
+       NOT-FOR-US: Sengled Smart bulb
 CVE-2022-47099
        RESERVED
 CVE-2022-47098
@@ -11186,7 +11186,7 @@ CVE-2022-47075
 CVE-2022-47074
        RESERVED
 CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create 
Ticket page o ...)
-       TODO: check
+       NOT-FOR-US: Small CRM
 CVE-2022-47072
        RESERVED
 CVE-2022-47071
@@ -11202,7 +11202,7 @@ CVE-2022-47067
 CVE-2022-47066
        RESERVED
 CVE-2022-47065 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC 
Easy-Upgrader TEW ...)
-       TODO: check
+       NOT-FOR-US: TrendNet
 CVE-2022-47064
        RESERVED
 CVE-2022-47063
@@ -11228,7 +11228,7 @@ CVE-2022-47054
 CVE-2022-47053
        RESERVED
 CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to 
contain a c ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2022-47051
        RESERVED
 CVE-2022-47050
@@ -11248,11 +11248,11 @@ CVE-2022-47044
 CVE-2022-47043
        RESERVED
 CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary 
file wri ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2022-47041
        RESERVED
 CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1 
BR_SV_g000_R3505VMN1001_s32_7 al ...)
-       TODO: check
+       NOT-FOR-US: ASKEY
 CVE-2022-47039
        RESERVED
 CVE-2022-47038
@@ -11311,7 +11311,7 @@ CVE-2022-47014
 CVE-2022-47013
        RESERVED
 CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 
dynamip ...)
-       TODO: check
+       NOT-FOR-US: GNS3
 CVE-2022-47011
        RESERVED
 CVE-2022-47010



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3da90e653bdf3224c15ca034b24e823793056d4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3da90e653bdf3224c15ca034b24e823793056d4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to