[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 03 Jul 2023 13:19:29 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26116b54 by Moritz Muehlenhoff at 2023-07-03T22:18:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in 
Google Chr ...)
-       TODO: check
+       NOT-FOR-US: Chrome OS
 CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted 
passwo ...)
-       TODO: check
+       NOT-FOR-US: TWinSoft Configuration ToolChrome OS
 CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 
mishandles acces ...)
        TODO: check
 CVE-2023-36819 (Knowage is the professional open source suite for modern 
business anal ...)
-       TODO: check
+       NOT-FOR-US: Knowage
 CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's 
Temple Church ...)
-       TODO: check
+       NOT-FOR-US: tktchurch/website
 CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) 
accounts an ...)
-       TODO: check
+       NOT-FOR-US: Bubka 2FAuth
 CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing 
cloud-native  ...)
-       TODO: check
+       NOT-FOR-US: Sealos
 CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope 
Content M ...)
-       TODO: check
+       NOT-FOR-US: Products.CMFCore
 CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access 
software se ...)
-       TODO: check
+       NOT-FOR-US: TBox
 CVE-2023-36610 (The affected TBox RTUs generate software security tokens using 
insuffi ...)
-       TODO: check
+       NOT-FOR-US: TBox
 CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and 
can run us ...)
-       TODO: check
+       NOT-FOR-US: TBox
 CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 
encryption, wh ...)
-       TODO: check
+       NOT-FOR-US: TBox
 CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 
and befor ...)
        TODO: check
 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: Maxsite CMS
 CVE-2023-36262 (An issue in OBS Studio OBS-Studio v.29.1.2 allows a local 
attack to ob ...)
        TODO: check
 CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute 
arbitrar ...)
-       TODO: check
+       NOT-FOR-US: Langchain
 CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 
3.5.5. and be ...)
-       TODO: check
+       NOT-FOR-US: mlogclub bbs-go
 CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 
3.5.5. and be ...)
-       TODO: check
+       NOT-FOR-US: mlogclub bbs-go
 CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and 
before all ...)
        TODO: check
 CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: ZZCMS
 CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: @fastify/oauth2
 CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that 
takes a s ...)
-       TODO: check
+       NOT-FOR-US: CometBFT
 CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that 
takes a s ...)
-       TODO: check
+       NOT-FOR-US: CometBFT
 CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 
4.2.3, Em ...)
        - python-django <unfixed> (bug #1040225)
        NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
@@ -53,13 +53,13 @@ CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 
4.1.10, and 4.2 before 4.2
 CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
        NOT-FOR-US: Hive provider for Apache Airflow
 CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the 
install t ...)
-       TODO: check
+       NOT-FOR-US: Trellix
 CVE-2023-3370
        REJECTED
 CVE-2023-3314 (A vulnerability arises out of a failure to comprehensively 
sanitize th ...)
-       TODO: check
+       NOT-FOR-US: Trellix
 CVE-2023-3313 (An OS common injection vulnerability exists in the ESM 
certificate API ...)
-       TODO: check
+       NOT-FOR-US: Trellix
 CVE-2023-36001
        REJECTED
 CVE-2023-35999



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26116b54cb860003a23438c2a59c2ea63cbcddcf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26116b54cb860003a23438c2a59c2ea63cbcddcf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to