[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 24 Jan 2024 04:19:25 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0d22978d by Moritz Muehlenhoff at 2024-01-24T13:16:31+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
 CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired 
pointer refere ...)
        TODO: check
 CVE-2024-23633 (Label Studio, an open source data labeling tool had a remote 
import fe ...)
-       TODO: check
+       - label-studio <itp> (bug #1026232)
 CVE-2024-23453 (Android Spoon application version 7.11.1 to 8.6.0 uses 
hard-coded cred ...)
-       TODO: check
+       NOT-FOR-US: Android Spoon
 CVE-2024-22380 (Electronic Delivery Check System (Ministry of Agriculture, 
Forestry an ...)
-       TODO: check
+       NOT-FOR-US: Electronic Delivery Check System
 CVE-2024-22372 (OS command injection vulnerability in ELECOM wireless LAN 
routers allo ...)
-       TODO: check
+       NOT-FOR-US: ELECOM
 CVE-2024-22366 (Active debug code exists in Yamaha wireless LAN access point 
devices.  ...)
-       TODO: check
+       NOT-FOR-US: Yamaha
 CVE-2024-21796 (Electronic Deliverables Creation Support Tool (Construction 
Edition) p ...)
-       TODO: check
+       NOT-FOR-US: Electronic Deliverables Creation Support Tool
 CVE-2024-21765 (Electronic Delivery Check System (Doboku) Ver.18.1.0 and 
earlier, Elec ...)
-       TODO: check
+       NOT-FOR-US: Electronic Delivery Check System
 CVE-2024-0665 (The WP Customer Area plugin for WordPress is vulnerable to 
Reflected C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-7237 (Lantronix XPort sends weakly encoded credentials within web 
request he ...)
-       TODO: check
+       NOT-FOR-US: Lantronix
 CVE-2023-52338 (A link following vulnerability in the Trend Micro Deep 
Security 20.0 a ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52337 (An improper access control vulnerability in Trend Micro Deep 
Security  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52331 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52330 (A cross-site scripting vulnerability in Trend Micro Apex 
Central could ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52329 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52328 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52327 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52326 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52325 (A local file inclusion vulnerability in one of Trend Micro 
Apex Centra ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52324 (An unrestricted file upload vulnerability in Trend Micro Apex 
Central  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52094 (An updater link following vulnerability in the Trend Micro 
Apex One ag ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52093 (An exposed dangerous function vulnerability in the Trend Micro 
Apex On ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52092 (A security agent link following vulnerability in Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52091 (An anti-spyware engine link following vulnerability in Trend 
Micro Ape ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-52090 (A security agent link following vulnerability in Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows 
version 4 ...)
-       TODO: check
+       NOT-FOR-US: Regify Regipay Client
 CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy 
ROS_VERSIO ...)
        TODO: check
 CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 
2) Foxy F ...)
@@ -59,63 +59,63 @@ CVE-2023-51200 (An issue in the default configurations of 
ROS2 Foxy Fitzroy ROS_
 CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy 
ROS_VERSION=2 and R ...)
        TODO: check
 CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex 
One manag ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47201 (A plug-in manager origin validation vulnerability in the Trend 
Micro A ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47200 (A plug-in manager origin validation vulnerability in the Trend 
Micro A ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47199 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47198 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47197 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47196 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47195 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47194 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47193 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47192 (An agent link vulnerability in the Trend Micro Apex One 
security agent ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-47115 (Label Studio is an a popular open source data labeling tool. 
Versions  ...)
-       TODO: check
+       - label-studio <itp> (bug #1026232)
 CVE-2023-46892 (The radio frequency communication protocol being used by 
Meross MSH30Q ...)
-       TODO: check
+       NOT-FOR-US: Meross
 CVE-2023-46889 (Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission 
of Sensit ...)
-       TODO: check
+       NOT-FOR-US: Meross
 CVE-2023-43317 (An issue in Coign CRM Portal v.06.06 allows a remote attacker 
to escal ...)
-       TODO: check
+       NOT-FOR-US: Coign CRM Portal
 CVE-2023-42144 (Cleartext Transmission during initial setup in Shelly TRV 
20220811-152 ...)
-       TODO: check
+       NOT-FOR-US: Shelly TRV
 CVE-2023-41178 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-41177 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-41176 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-38627 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-38626 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, 
allows remo ...)
-       TODO: check
+       NOT-FOR-US: badaix Snapcast
 CVE-2023-35837 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. Authe ...)
-       TODO: check
+       NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-35836 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. An at ...)
-       TODO: check
+       NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-35835 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. The d ...)
-       TODO: check
+       NOT-FOR-US: SolaX Pocket WiFi
 CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to 
contain  ...)
        TODO: check
 CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even 
when the ...)
-       TODO: check
+       NOT-FOR-US: Ubuntu snap pipewire-pulse
 CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 
121.0.6167 ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d22978dbd8213fe7e16cfd5e700c6fd7f740805

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d22978dbd8213fe7e16cfd5e700c6fd7f740805
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to