[Git][security-tracker-team/security-tracker][master] NFUs

Tue, 04 Apr 2023 03:49:25 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05a875a8 by Moritz Muehlenhoff at 2023-04-04T12:48:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2023-29220
 CVE-2023-29219
        RESERVED
 CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: Twitter Recommendation Algorithm
 CVE-2023-29217
        RESERVED
 CVE-2023-29169
@@ -259,13 +259,13 @@ CVE-2023-29141 (An issue was discovered in MediaWiki 
before 1.35.10, 1.36.x thro
        NOTE: 
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
        NOTE: https://phabricator.wikimedia.org/T285159
 CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for 
MediaWi ...)
-       TODO: check
+       NOT-FOR-US: GrowthExperiments MediaWiki extension
 CVE-2023-29139 (An issue was discovered in the CheckUser extension for 
MediaWiki throu ...)
-       TODO: check
+       NOT-FOR-US: CheckUser MediaWiki extension
 CVE-2023-29138
        RESERVED
 CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for 
MediaWi ...)
-       TODO: check
+       NOT-FOR-US: GrowthExperiments MediaWiki extension
 CVE-2023-29136
        RESERVED
 CVE-2023-29135
@@ -391,7 +391,7 @@ CVE-2023-1770 (A vulnerability has been found in 
SourceCodester Grade Point Aver
 CVE-2023-1769 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
        NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator
 CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, 
<=  ...)
-       TODO: check
+       - check-mk <removed>
 CVE-2023-1767
        RESERVED
 CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -929,7 +929,7 @@ CVE-2023-1673
 CVE-2023-28936
        RESERVED
 CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of 
Special Ele ...)
-       TODO: check
+       NOT-FOR-US: Apache UIMA UICC
 CVE-2023-28744
        RESERVED
 CVE-2023-1672
@@ -1041,7 +1041,7 @@ CVE-2023-1664
        RESERVED
        NOT-FOR-US: Keycloak
 CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced 
browsing, ...)
-       TODO: check
+       NOT-FOR-US: Coverity
 CVE-2023-1662
        RESERVED
 CVE-2023-1661
@@ -1231,13 +1231,13 @@ CVE-2023-28856
 CVE-2023-28855
        RESERVED
 CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: nophp
 CVE-2023-28853
        RESERVED
 CVE-2023-28852
        RESERVED
 CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple 
silverst ...)
-       TODO: check
+       NOT-FOR-US: Silverstripe
 CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that 
allows  ...)
        NOT-FOR-US: Pimcore Perspective Editor
 CVE-2023-28849
@@ -1247,7 +1247,7 @@ CVE-2023-28848
 CVE-2023-28847
        RESERVED
 CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web 
applications. The ...)
-       TODO: check
+       NOT-FOR-US: Unpoly
 CVE-2023-28845 (Nextcloud talk is a video &amp; audio conferencing app for 
Nextcloud.  ...)
        NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for 
Nextcloud
 CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. 
In affec ...)
@@ -1265,9 +1265,9 @@ CVE-2023-28839
 CVE-2023-28838
        RESERVED
 CVE-2023-28837 (Wagtail is an open source content management system built on 
Django. P ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2023-28836 (Wagtail is an open source content management system built on 
Django. S ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. 
In affec ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. 
Nextcloud Se ...)
@@ -1761,7 +1761,7 @@ CVE-2023-28687
 CVE-2023-1551
        RESERVED
 CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability 
in NGIN ...)
-       TODO: check
+       NOT-FOR-US: NGINX Agent
 CVE-2023-1549
        RESERVED
 CVE-2023-1548
@@ -1922,7 +1922,7 @@ CVE-2023-28640 (Apiman is a flexible and open source API 
Management platform. Du
 CVE-2023-28639
        RESERVED
 CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy 
compres ...)
-       TODO: check
+       NOT-FOR-US: Snappier
 CVE-2023-28637 (DataEase is an open source data visualization analysis tool. 
In Dataea ...)
        NOT-FOR-US: DataEase
 CVE-2023-28636
@@ -1936,17 +1936,17 @@ CVE-2023-28633
 CVE-2023-28632
        RESERVED
 CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and 
renderer w ...)
-       TODO: check
+       NOT-FOR-US: comrak
 CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD 
versions fr ...)
        NOT-FOR-US: GoCD
 CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD 
versions befor ...)
        NOT-FOR-US: GoCD
 CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. 
In versi ...)
-       TODO: check
+       NOT-FOR-US: lambdaisland/uri
 CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. 
In versio ...)
-       TODO: check
+       NOT-FOR-US: pymedusa
 CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and 
renderer w ...)
-       TODO: check
+       NOT-FOR-US: comrak
 CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module 
for the ...)
        - libapache2-mod-auth-openidc <unfixed> (bug #1033916)
        NOTE: 
https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a
 (v2.4.13.2)
@@ -2535,7 +2535,7 @@ CVE-2023-28464 (hci_conn_cleanup in 
net/bluetooth/hci_conn.c in the Linux kernel
 CVE-2023-28463
        RESERVED
 CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara 
Server 4 ...)
-       TODO: check
+       NOT-FOR-US: Payara
 CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and 
earlier) allow  ...)
        NOT-FOR-US: Array Networks
 CVE-2023-28460 (A command injection vulnerability was discovered in Array 
Networks APV ...)
@@ -2607,15 +2607,15 @@ CVE-2023-28447 (Smarty is a template engine for PHP. In 
affected versions smarty
        NOTE: 
https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d
 (master)
        NOTE: 
https://github.com/smarty-php/smarty/commit/e09df8d851eb3ef139ced41afa5e73480f3cd5e8
 (support/3.1)
 CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Deno
 CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 
and is bu ...)
        NOT-FOR-US: Deno
 CVE-2023-28444 (angular-server-side-configuration helps configure an angular 
applicati ...)
-       TODO: check
+       NOT-FOR-US: angular-server-side-configuration
 CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
        NOT-FOR-US: Directus
 CVE-2023-28442 (GeoNode is an open source platform that facilitates the 
creation, shar ...)
-       TODO: check
+       NOT-FOR-US: GeoNode
 CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and 
prior, a ...)
        NOT-FOR-US: smartCARS
 CVE-2023-28440
@@ -2639,7 +2639,7 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage 
framework. In a cluster de
 CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. 
Frontier's  ...)
        NOT-FOR-US: Frontier
 CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app 
message serv ...)
-       TODO: check
+       NOT-FOR-US: OneSignal
 CVE-2023-28429 (Pimcore is an open source data and experience management 
platform. Ver ...)
        NOT-FOR-US: Pimcore
 CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In 
versions 1. ...)
@@ -6465,7 +6465,7 @@ CVE-2023-27226
 CVE-2023-27225
        RESERVED
 CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an 
attacker to exe ...)
-       TODO: check
+       NOT-FOR-US: NginxProxyManager
 CVE-2023-27223
        RESERVED
 CVE-2023-27222
@@ -6587,7 +6587,7 @@ CVE-2023-27165
 CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 
allows att ...)
        NOT-FOR-US: Halo
 CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a 
Server-Side R ...)
-       TODO: check
+       NOT-FOR-US: request-baskets
 CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a 
Server-Side ...)
        TODO: check
 CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side 
Request ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to