[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Fri, 21 Jul 2023 12:48:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e7dafb2a by Salvatore Bonaccorso at 2023-07-21T21:47:44+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2023-3796 (A vulnerability, which was classified as 
problematic, has been fo
 CVE-2023-3795 (A vulnerability classified as critical was found in Bug Finder 
ChainCi ...)
        NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform
 CVE-2023-38632 (async-sockets-cpp through 0.3.1 has a stack-based buffer 
overflow in t ...)
-       TODO: check
+       NOT-FOR-US: async-sockets-cpp
 CVE-2023-37645 (eyoucms v1.6.3 was discovered to contain an information 
disclosure vul ...)
        NOT-FOR-US: eyoucms
 CVE-2023-37292 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
@@ -250,7 +250,7 @@ CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 
8.1.17.0 could allow a loca
 CVE-2023-32664 (A type confusion vulnerability exists in the Javascript 
checkThisBox m ...)
        NOT-FOR-US: Foxit Reader
 CVE-2023-32635 (XBRL data create application version 7.0 and earlier 
improperly restri ...)
-       TODO: check
+       NOT-FOR-US: XBRL data create application
 CVE-2023-32263 (A potential vulnerability has been identified in the Micro 
Focus Dimen ...)
        NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
 CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine 
of Foxi ...)
@@ -12074,7 +12074,7 @@ CVE-2023-30202
 CVE-2023-30201
        RESERVED
 CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, 
Alt & More ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect 
Access  ...)
        NOT-FOR-US: Prestashop
 CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect 
Access Co ...)
@@ -16372,7 +16372,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI 
component through 0.12.0
        NOTE: Fixed by: 
https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 
(v0.12.1)
        NOTE: 
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
 CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache 
ShardingSphe ...)
-       TODO: check
+       NOT-FOR-US: Apache ShardingSphere-Agent
 CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow 
in its pa ...)
        NOT-FOR-US: netconsd
 CVE-2023-28752
@@ -16479,11 +16479,11 @@ CVE-2023-1555
 CVE-2013-10022 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro 
versions ...)
-       TODO: check
+       NOT-FOR-US: Panasonic
 CVE-2023-28729 (A type confusion vulnerability in Panasonic Control FPWIN Pro 
versions ...)
-       TODO: check
+       NOT-FOR-US: Panasonic
 CVE-2023-28728 (A stack-based buffer overflow in Panasonic Control FPWIN Pro 
versions  ...)
-       TODO: check
+       NOT-FOR-US: Panasonic
 CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent 
attacker ...)
        NOT-FOR-US: Panasonic AiSEG2
 CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote 
attackers  ...)
@@ -23986,7 +23986,7 @@ CVE-2023-26219
 CVE-2023-26218
        RESERVED
 CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s 
TIBCO EBX  ...)
-       TODO: check
+       NOT-FOR-US: TIBICO Software
 CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX 
Add-ons contai ...)
        NOT-FOR-US: TIBCO
 CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX 
Add-ons contai ...)
@@ -25115,15 +25115,15 @@ CVE-2023-25841
 CVE-2023-25840
        RESERVED
 CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights 
Desktop f ...)
-       TODO: check
+       NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 
2022.1 for ...)
-       TODO: check
+       NOT-FOR-US: Esri ArcGIS
 CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2023-25835 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
-       TODO: check
+       NOT-FOR-US: Esri
 CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and 
below are  ...)
        NOT-FOR-US: Esri
 CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for 
ArcGIS ver ...)
@@ -35832,13 +35832,13 @@ CVE-2023-22510
 CVE-2023-22509
        RESERVED
 CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability 
known as  ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22507
        RESERVED
 CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability 
known as  ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote 
attacker ...)
        NOT-FOR-US: Atlassian
 CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data 
Center allow ...)
@@ -38970,11 +38970,11 @@ CVE-2023-22064
 CVE-2023-22063
        RESERVED
 CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of 
Oracle Hyper ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22059
        RESERVED
 CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -38990,9 +38990,9 @@ CVE-2023-22054 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database 
Server.  Sup ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle 
GraalVM ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator 
product of  ...)
        TODO: check
 CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
@@ -39002,7 +39002,7 @@ CVE-2023-22049 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM Enterprise E
 CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
@@ -39016,32 +39016,32 @@ CVE-2023-22043 (Vulnerability in Oracle Java SE 
(component: JavaFX).   The suppo
        - openjfx 11+26-1
        NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as 
fixed
 CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of 
Oracle E ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 <unfixed>
        - openjdk-11 11.0.20+8-1
        - openjdk-17 17.0.8+7-1
 CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply 
Chain ( ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop 
Integrator produc ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-11 11.0.20+8-1
        - openjdk-17 17.0.8+7-1
 CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle 
E-Business Sui ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle 
Database Server ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22032
        RESERVED
 CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22030
        RESERVED
 CVE-2023-22029
@@ -39049,7 +39049,7 @@ CVE-2023-22029
 CVE-2023-22028
        RESERVED
 CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22026
        RESERVED
 CVE-2023-22025
@@ -39057,13 +39057,13 @@ CVE-2023-22025
 CVE-2023-22024
        RESERVED
 CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data 
Management W ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22019
        RESERVED
 CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
@@ -39075,17 +39075,17 @@ CVE-2023-22016 (Vulnerability in the Oracle VM 
VirtualBox product of Oracle Virt
 CVE-2023-22015
        RESERVED
 CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and 
Provisioning) ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources 
product of Or ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -39096,7 +39096,7 @@ CVE-2023-22006 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM Enterprise E
 CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
@@ -39116,7 +39116,7 @@ CVE-2023-21996 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
 CVE-2023-21995
        RESERVED
 CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of 
Oracle Fu ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture 
product of Or ...)
        NOT-FOR-US: Oracle
 CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources 
product ...)
@@ -39138,7 +39138,7 @@ CVE-2023-21985 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2023-21983 (Vulnerability in the Application Express Administration 
product of Ora ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.33-1 (bug #1034719)
 CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
@@ -39154,9 +39154,9 @@ CVE-2023-21977 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.33-1 (bug #1034719)
 CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin 
product of O ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin 
product  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle 
E-Business  ...)
        NOT-FOR-US: Oracle
 CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -39190,7 +39190,7 @@ CVE-2023-21963 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.33-1 (bug #1034719)
 CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration 
Services p ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle 
E-Business  ...)
@@ -39218,7 +39218,7 @@ CVE-2023-21951
 CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of 
Oracle Da ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7dafb2ad2f5bcbd22df3b358be160ae12ff6224

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7dafb2ad2f5bcbd22df3b358be160ae12ff6224
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to