[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 08 Feb 2023 05:56:03 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31898798 by Moritz Muehlenhoff at 2023-02-08T14:55:26+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,21 +33,21 @@ CVE-2023-0741
 CVE-2023-0740
        RESERVED
 CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Answer
 CVE-2023-0738
        RESERVED
 CVE-2023-0737
        RESERVED
 CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository 
wallabag/wall ...)
-       TODO: check
+       NOT-FOR-US: Wallabag
 CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository 
wallabag/wallab ...)
-       TODO: check
+       NOT-FOR-US: Wallabag
 CVE-2023-0734
        RESERVED
 CVE-2023-0733
        RESERVED
 CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear 
Shop 1 ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-25588
        RESERVED
 CVE-2023-25587
@@ -203,9 +203,9 @@ CVE-2023-0709
 CVE-2023-0708
        RESERVED
 CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate 
Genera ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-0706 (A vulnerability, which was classified as critical, has been 
found in S ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-XXXX [RUSTSEC-2023-0004]
        - rust-bzip2 0.4.4-1
        [bullseye] - rust-bzip2 <no-dsa> (Minor issue)
@@ -337,7 +337,7 @@ CVE-2023-0689
 CVE-2023-0688
        RESERVED
 CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has 
been rat ...)
-       TODO: check
+       NOT-FOR-US: XpressEngine
 CVE-2023-25498
        RESERVED
 CVE-2023-25497
@@ -964,11 +964,11 @@ CVE-2022-48316
 CVE-2022-48315
        RESERVED
 CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has 
been dec ...)
-       TODO: check
+       NOT-FOR-US: Custom-Content-Width
 CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It 
has been  ...)
-       TODO: check
+       NOT-FOR-US: OpenSeaMap
 CVE-2011-10002 (A vulnerability classified as critical has been found in 
weblabyrinth  ...)
-       TODO: check
+       NOT-FOR-US: weblabyrinth
 CVE-2023-25198
        RESERVED
 CVE-2023-25197
@@ -986,13 +986,13 @@ CVE-2022-48312
 CVE-2023-25194 (A possible security vulnerability has been identified in 
Apache Kafka  ...)
        - kafka <itp> (bug #786460)
 CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo 
Chat A ...)
-       TODO: check
+       NOT-FOR-US: eXo Chat
 CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement 
Program 0.1 ...)
        NOT-FOR-US: paxswill EVE Ship Replacement Program
 CVE-2017-20177 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: WangGuard
 CVE-2015-10073 (A vulnerability, which was classified as problematic, was 
found in tin ...)
-       TODO: check
+       NOT-FOR-US: WikiSEO
 CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows 
attackers to ...)
        - harfbuzz <unfixed> (bug #1030612)
        [bullseye] - harfbuzz <no-dsa> (Minor issue)
@@ -1062,7 +1062,7 @@ CVE-2023-0671 (Code Injection in GitHub repository 
froxlor/froxlor prior to 2.0.
 CVE-2023-0670
        RESERVED
 CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a 
pre-authe ...)
-       TODO: check
+       NOT-FOR-US: Fortra GoAnywhere MFT 
 CVE-2023-0668
        RESERVED
 CVE-2023-0667
@@ -1076,7 +1076,7 @@ CVE-2023-0664
 CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 
2.3.0. I ...)
        NOT-FOR-US: Calendar Event Management System
 CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP 
Deskjet ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2023-25173
        RESERVED
 CVE-2023-25172
@@ -1464,7 +1464,7 @@ CVE-2023-25018
 CVE-2023-25017
        RESERVED
 CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x 
before 7.1. ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Server
 CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, 
allows CSRF ...)
        NOT-FOR-US: Clockwork Web
 CVE-2023-25014 (An issue was discovered in the femanager extension before 
5.5.3, 6.x b ...)
@@ -1973,9 +1973,9 @@ CVE-2016-15023 (A vulnerability, which was classified as 
problematic, was found
 CVE-2023-24831
        RESERVED
 CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Onedev
 CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software 
Bill of  ...)
-       TODO: check
+       NOT-FOR-US: syft
 CVE-2023-24826
        RESERVED
 CVE-2023-24825
@@ -2001,7 +2001,7 @@ CVE-2023-24816
 CVE-2023-24815
        RESERVED
 CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework 
released  ...)
-       TODO: check
+       NOT-FOR-US: Typo3
 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the 
differen ...)
        - php-dompdf <unfixed>
        NOTE: 
https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75
@@ -2014,7 +2014,7 @@ CVE-2023-24810
 CVE-2023-24809
        RESERVED
 CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In 
versions pr ...)
-       TODO: check
+       TODO: check, might affect src:ippsample
 CVE-2023-24807
        RESERVED
 CVE-2023-24806
@@ -4283,9 +4283,9 @@ CVE-2023-23946
 CVE-2023-23945
        RESERVED
 CVE-2023-23944 (Nextcloud mail is an email app for the nextcloud home server 
platform. ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud mail
 CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server 
platform. ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud mail
 CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files 
from a Nex ...)
        TODO: check
 CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If 
JavaScrip ...)
@@ -28730,9 +28730,9 @@ CVE-2022-42953 (Certain ZKTeco products 
(ZEM500-510-560-760, ZEM600-800, ZEM720,
 CVE-2022-42952
        RESERVED
 CVE-2022-42951 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x 
before 6.6 ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Server
 CVE-2022-42950 (An issue was discovered in Couchbase Server 7.x before 7.0.5 
and 7.1.x ...)
-       TODO: check
+       NOT-FOR-US: Couchbase Server
 CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure 
Permissi ...)
        NOT-FOR-US: Silverstripe
 CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in 
releases  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31898798e0399b4d1c9d192f742eb6ebd9be0db7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31898798e0399b4d1c9d192f742eb6ebd9be0db7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to