[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Thu, 19 Oct 2023 13:49:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
81d9013a by Salvatore Bonaccorso at 2023-10-19T22:47:53+02:00
Process some more NFUs

Not done yet the new Oracle MySQL CVEs as they need cross-checking with
the Oracle CPU advsory.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37450,7 +37450,7 @@ CVE-2023-26157
 CVE-2023-26156
        RESERVED
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to 
Command Inject ...)
-       TODO: check
+       NOT-FOR-US: node-qpdf
 CVE-2023-26154
        RESERVED
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are 
vulnerable to Co ...)
@@ -38672,7 +38672,7 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository 
gpac/gpac prior to v2.3.0-D
 CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache 
Software Fou ...)
        - airflow <itp> (bug #819700)
 CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery) 
vulnerability locat ...)
-       TODO: check
+       NOT-FOR-US: Apache ShenYu
 CVE-2023-25752 (When accessing throttled streams, the count of available bytes 
needed  ...)
        {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1}
        - firefox 111.0-1
@@ -51728,7 +51728,7 @@ CVE-2022-47585
 CVE-2022-47584
        RESERVED
 CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows 
code execut ...)
-       TODO: check
+       NOT-FOR-US: Mintty
 CVE-2022-47582
        RESERVED
 CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash 
upon an LDA ...)
@@ -61801,11 +61801,11 @@ CVE-2023-21417
 CVE-2023-21416
        RESERVED
 CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has 
found that ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21414 (NCC Group has found a flaw during the annual internal 
penetration test ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21413 (GoSecure on behalf of Genetec Inc. has found a flaw that 
allows for a  ...)
-       TODO: check
+       NOT-FOR-US: AXIS OS
 CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate 
Verifie ...)
        NOT-FOR-US: AXIS License Plate Verifier
 CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > 
Access Co ...)
@@ -63810,7 +63810,7 @@ CVE-2022-3763 (The Booster for WooCommerce WordPress 
plugin before 5.6.7, Booste
 CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, 
Booster Plu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN 
Connect ...)
-       TODO: check
+       NOT-FOR-US: OpenVPN Connect
 CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of 
Deserialization of Unt ...)
        NOT-FOR-US: aEnrich Technology a+HRD
 CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of 
Deserialization of Unt ...)
@@ -71964,7 +71964,7 @@ CVE-2022-42152
 CVE-2022-42151
        RESERVED
 CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: TinyLab linux-lab
 CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery 
(SSRF) via ...)
        NOT-FOR-US: kkFileView
 CVE-2022-42148
@@ -83692,7 +83692,7 @@ CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from 
Hardcoded root password.)
 CVE-2022-37831
        RESERVED
 CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site 
Scripting  ...)
-       TODO: check
+       NOT-FOR-US: Interway a.s WebJET CMS
 CVE-2022-37829
        RESERVED
 CVE-2022-37828
@@ -112229,7 +112229,7 @@ CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the 
/tmp/swhkd.pid pathname. There can
 CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c 
option.)
        NOT-FOR-US: SWHKD
 CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured 
memory prot ...)
-       TODO: check
+       NOT-FOR-US: Motorola
 CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 
3.11.17, 4.2 ...)
        NOT-FOR-US: Flooding SNS firewall
 CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via 
shell met ...)
@@ -114775,11 +114775,11 @@ CVE-2022-26944 (Percona XtraBackup 2.4.20 
unintentionally writes the command lin
        - percona-xtrabackup <removed>
        NOTE: https://jira.percona.com/browse/PXB-2722
 CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA 
authentication ch ...)
-       TODO: check
+       NOT-FOR-US: Motorola
 CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation 
on argum ...)
-       TODO: check
+       NOT-FOR-US: Motorola
 CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000 
series firmwa ...)
-       TODO: check
+       NOT-FOR-US: Motorola
 CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure 
Vulnerability.)
        NOT-FOR-US: Microsoft
 CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability. 
This CVE I ...)
@@ -119192,11 +119192,11 @@ CVE-2022-25336 (Ibexa DXP 
ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3
 CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner 
modifier for s ...)
        NOT-FOR-US: RigoBlock Dragos
 CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted 
execution en ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments
 CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted 
execution en ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments
 CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138 
(secure vari ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments
 CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro 
ServerProtect ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro 
ServerProtect 6. ...)
@@ -122286,15 +122286,15 @@ CVE-2022-24406 (OX App Suite through 7.10.6 allows 
SSRF because multipart/form-d
 CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a 
serializ ...)
        NOT-FOR-US: OX App Suite
 CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface 
encrypted ...)
-       TODO: check
+       NOT-FOR-US: TETRA
 CVE-2022-24403
        RESERVED
 CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register 
initializ ...)
-       TODO: check
+       NOT-FOR-US: TETRA
 CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface 
encrypted tr ...)
-       TODO: check
+       NOT-FOR-US: TETRA
 CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM 
adversary t ...)
-       TODO: check
+       NOT-FOR-US: TETRA
 CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs 
may allow ...)
        NOT-FOR-US: Intel
 CVE-2022-24379



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d9013a5d0d4147f813323394d2524c19ad55ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d9013a5d0d4147f813323394d2524c19ad55ab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to