[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ef175f7 by Salvatore Bonaccorso at 2023-12-09T09:53:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,30 +1,30 @@
 CVE-2023-6394 (A flaw was found in Quarkus. This issue occurs when receiving a 
reques ...)
-       TODO: check
+       NOT-FOR-US: Quarkus
 CVE-2023-6337 (HashiCorp Vault and Vault Enterprise 1.12.0 and newer are 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2023-6120 (The Welcart e-Commerce plugin for WordPress is vulnerable to 
Directory ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5756 (The Digital Publications by Supsystic plugin for WordPress is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49800 (`nuxt-api-party` is an open source module to proxy API 
requests. The l ...)
-       TODO: check
+       NOT-FOR-US: nuxt-api-party
 CVE-2023-49799 (`nuxt-api-party` is an open source module to proxy API 
requests. nuxt- ...)
-       TODO: check
+       NOT-FOR-US: nuxt-api-party
 CVE-2023-49798 (OpenZeppelin Contracts is a library for smart contract 
development. A  ...)
-       TODO: check
+       NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-49797 (PyInstaller bundles a Python application and all its 
dependencies into ...)
        TODO: check
 CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user 
servers in Doc ...)
        TODO: check
 CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user 
credentials in bro ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to 
cause a ...)
        - gpac <unfixed>
        NOTE: https://github.com/gpac/gpac/issues/2652
        NOTE: 
https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49
        NOTE: 
https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521
 CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek 
Vigor167 versi ...)
-       TODO: check
+       NOT-FOR-US: DrayTek Vigor167
 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 
2.3-DEV-rev617-g671 ...)
        - gpac <unfixed>
        NOTE: https://github.com/gpac/gpac/issues/2669
@@ -37937,13 +37937,13 @@ CVE-2023-28873 (An XSS issue in wiki and discussion 
pages in Seafile 9.0.6 allow
 CVE-2023-28872
        RESERVED
 CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure 
Enterpris ...)
-       TODO: check
+       NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28869 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28868 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
 CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker 
can send a ...)
        NOT-FOR-US: graphql-java
 CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c 
allows out ...)
@@ -39168,15 +39168,15 @@ CVE-2023-28529 (IBM InfoSphere Information Server 
11.7 is vulnerable to stored c
 CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
        NOT-FOR-US: IBM
 CVE-2023-28527 (IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable 
to a hea ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-28526 (IBM Informix Dynamic Server 12.10 and 14.10 archecker is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-28525
        RESERVED
 CVE-2023-28524
        RESERVED
 CVE-2023-28523 (IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-28522 (IBM API Connect V10 could allow an authenticated user to 
perform actio ...)
        NOT-FOR-US: IBM
 CVE-2023-28521
@@ -228837,7 +228837,7 @@ CVE-2020-25837 (Sensitive information disclosure 
vulnerability in Micro Focus Se
 CVE-2020-25836
        RESERVED
 CVE-2020-25835 (A potential vulnerability has been identified in Micro Focus 
ArcSight  ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus ArcSight Management Center
 CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight 
Logger prod ...)
        NOT-FOR-US: Micro Focus
 CVE-2020-25833 (Persistent cross-Site Scripting vulnerability on Micro Focus 
IDOL prod ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ef175f71475e4252c3d28ea0b8fa2499c4ddf52

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ef175f71475e4252c3d28ea0b8fa2499c4ddf52
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits