[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 06 Jun 2023 13:27:17 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1f3e0475 by Salvatore Bonaccorso at 2023-06-06T22:26:39+02:00
Process some NFUs

- - - - -
98611881 by Salvatore Bonaccorso at 2023-06-06T22:26:39+02:00
Add CVE-2023-33613/axtls

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-3123
        REJECTED
 CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking 
Management up to ...)
-       TODO: check
+       NOT-FOR-US: Dahua Smart Parking Management
 CVE-2023-3120 (A vulnerability, which was classified as critical, was found in 
Source ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Service Provider Management System
 CVE-2023-3119 (A vulnerability, which was classified as critical, has been 
found in S ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Service Provider Management System
 CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 
2.37.1, t ...)
        TODO: check
 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo 
taosdata/grafanapl ...)
@@ -13,7 +13,7 @@ CVE-2023-34111 (The `Release PR Merged` workflow in the 
github repo taosdata/gra
 CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. 
fast-xm ...)
        TODO: check
 CVE-2023-33977 (Kiwi TCMS is an open source test management system for both 
manual and ...)
-       TODO: check
+       NOT-FOR-US: Kiwi TCMS
 CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and 
container  ...)
        TODO: check
 CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and 
container  ...)
@@ -21,35 +21,35 @@ CVE-2023-33958 (notation is a CLI tool to sign and verify 
OCI artifacts and cont
 CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and 
container  ...)
        TODO: check
 CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path 
traversal.)
-       TODO: check
+       NOT-FOR-US: CloudPanel
 CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni 
SpA SFT DA ...)
-       TODO: check
+       NOT-FOR-US: DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware
 CVE-2023-33659 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. 
The vuln ...)
-       TODO: check
+       NOT-FOR-US: NanoMQ
 CVE-2023-33653 (Sitecore Experience Platform (XP) v9.3 was discovered to 
contain an au ...)
-       TODO: check
+       NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33652 (Sitecore Experience Platform (XP) v9.3 was discovered to 
contain an au ...)
-       TODO: check
+       NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33651 (An issue in the MVC Device Simulator of Sitecore Experience 
Platform ( ...)
-       TODO: check
+       NOT-FOR-US: Sitecore Experience Platform (XP)
 CVE-2023-33613 (axTLS v2.1.5 was discovered to contain a heap buffer overflow 
in the b ...)
-       TODO: check
+       - axtls <removed>
 CVE-2023-33569 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to 
arbitra ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester Faculty Evaluation System
 CVE-2023-33533 (Netgear D6220 with Firmware Version 1.0.0.80, D8500 with 
Firmware Vers ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2023-33532 (There is a command injection vulnerability in the Netgear 
R6250 router ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2023-33530 (There is a command injection vulnerability in the Tenda G103 
Gigabit G ...)
        NOT-FOR-US: Tenda
 CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user 
can obta ...)
-       TODO: check
+       NOT-FOR-US: Harmonic NSG 9000-6G devices
 CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of 
yajl_tree_parse functi ...)
        TODO: check
 CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in 
URIParser::parse , ...)
-       TODO: check
+       NOT-FOR-US: Sogou Workflow
 CVE-2023-33381 (A command injection vulnerability was found in the ping 
functionality  ...)
-       TODO: check
+       NOT-FOR-US: MitraStar
 CVE-2023-32683 (Synapse is a Matrix protocol homeserver written in Python with 
the Twi ...)
        TODO: check
 CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with 
the Twi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae773d80f3bb6b434353d0a468275983ec9b19a6...986118814eb3d63c5cf93f98139409b56b4c02c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ae773d80f3bb6b434353d0a468275983ec9b19a6...986118814eb3d63c5cf93f98139409b56b4c02c4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to