[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 24 Jan 2023 10:49:02 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b0377fa7 by Moritz Muehlenhoff at 2023-01-24T19:48:23+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -968,7 +968,7 @@ CVE-2023-24056 (In pkgconf through 1.9.3, variable 
duplication can cause unbound
        NOTE: 
https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023
 (pkgconf-1.9.4, pkgconf-1.8.1)
        NOTE: https://nullprogram.com/blog/2023/01/18/
 CVE-2023-24055 (** DISPUTED ** KeePass through 2.53 (in a default 
installation) allows ...)
-       TODO: check
+       NOT-FOR-US: Disputed KeePass issue
 CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload 
prior to  ...)
        - pyload <itp> (bug #1001980)
 CVE-2023-24054
@@ -1001,13 +1001,13 @@ CVE-2023-24044 (A Host Header Injection issue on the 
Login page of Plesk Obsidia
 CVE-2023-24043
        RESERVED
 CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to 
achieve ...)
-       TODO: check
+       NOT-FOR-US: LightFTP
 CVE-2023-24041
        RESERVED
 CVE-2023-24040 (** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop 
Environm ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-24039 (** UNSUPPORTED WHEN ASSIGNED ** A stack-based buffer overflow 
in Parse ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows 
_hss_attval_ ...)
        - libhtml-stripscripts-perl <unfixed> (bug #1029400)
        NOTE: https://github.com/clintongormley/perl-html-stripscripts/issues/3
@@ -1036,7 +1036,7 @@ CVE-2023-24027 (In MISP 2.4.167, 
app/webroot/js/action_table.js allows XSS via a
 CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS 
vulnerabilit ...)
        NOT-FOR-US: MISP
 CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected 
Algorithms 2 ...)
-       TODO: check
+       NOT-FOR-US: CRYSTALS-DILITHIUM
 CVE-2023-24024
        RESERVED
 CVE-2023-24023
@@ -1048,7 +1048,7 @@ CVE-2023-0432
 CVE-2023-0431
        RESERVED
 CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute 
arbitrary ...)
-       TODO: check
+       - yii <itp> (bug #597899)
 CVE-2023-24021 (In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes 
lacked the co ...)
        - modsecurity-apache 2.9.7-1 (bug #1029329)
        [bullseye] - modsecurity-apache <no-dsa> (Minor issue)
@@ -1546,7 +1546,7 @@ CVE-2023-23826
 CVE-2023-23825
        RESERVED
 CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability in WP-TopBar &lt;= 
5.36 versi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23823
        RESERVED
 CVE-2023-23822
@@ -2015,7 +2015,7 @@ CVE-2023-23689
 CVE-2023-23688
        RESERVED
 CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in 
Youtube short ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23686
        RESERVED
 CVE-2023-23685
@@ -2547,7 +2547,7 @@ CVE-2023-23562
 CVE-2023-23561
        RESERVED
 CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur 
because ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the 
Linux k ...)
        - linux <unfixed>
        NOTE: 
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
@@ -3154,7 +3154,7 @@ CVE-2023-23333
 CVE-2023-23332
        RESERVED
 CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: Amano Xoffice
 CVE-2023-23330
        RESERVED
 CVE-2023-23329
@@ -3188,7 +3188,7 @@ CVE-2023-23316
 CVE-2023-23315
        RESERVED
 CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload 
component of ...)
-       TODO: check
+       NOT-FOR-US: Zdir
 CVE-2023-23313
        RESERVED
 CVE-2023-23312
@@ -3950,7 +3950,7 @@ CVE-2023-22962
 CVE-2023-22961
        RESERVED
 CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of 
Interacti ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: 
mainmenu.ph ...)
        NOT-FOR-US: WebChess
 CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may 
allow spoo ...)
@@ -4952,7 +4952,7 @@ CVE-2023-22728
 CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In 
affected versi ...)
        NOT-FOR-US: CakePHP
 CVE-2023-22726 (act is a project which allows for local running of github 
actions. The ...)
-       TODO: check
+       NOT-FOR-US: act
 CVE-2023-22725
        RESERVED
 CVE-2023-22724
@@ -4962,7 +4962,7 @@ CVE-2023-22723
 CVE-2023-22722
        RESERVED
 CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-22720
        RESERVED
 CVE-2023-22719
@@ -5068,7 +5068,7 @@ CVE-2023-0103
 CVE-2023-0102
        RESERVED
 CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus 
versions ...)
-       TODO: check
+       NOT-FOR-US: Nessus
 CVE-2023-0100
        RESERVED
 CVE-2023-0099
@@ -5290,7 +5290,7 @@ CVE-2023-22632
 CVE-2023-22631
        RESERVED
 CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection 
via a get ...)
-       TODO: check
+       NOT-FOR-US: IzyBat Orange casiers
 CVE-2023-22629
        RESERVED
 CVE-2023-22628
@@ -5413,7 +5413,7 @@ CVE-2023-0054 (Out-of-bounds Write in GitHub repository 
vim/vim prior to 9.0.114
 CVE-2023-0053
        RESERVED
 CVE-2023-0052 (SAUTER Controls Nova 200&#8211;220 Series with firmware version 
3.3-00 ...)
-       TODO: check
+       NOT-FOR-US: SAUTER
 CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
        - vim <unfixed> (unimportant)
        NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
@@ -6501,7 +6501,7 @@ CVE-2018-25057 (A vulnerability was found in 
simple_php_link_shortener. It has b
 CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been 
declar ...)
        NOT-FOR-US: centic9 jgit-cookbook
 CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo 
Safece ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2022-4815
        RESERVED
 CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos 
prior to 0 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0377fa79b098b52216173e26cebb547c3bc53b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0377fa79b098b52216173e26cebb547c3bc53b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to