[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 4 11:49:09 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05a875a8 by Moritz Muehlenhoff at 2023-04-04T12:48:47+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2023-29220
CVE-2023-29219
RESERVED
CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows attackers ...)
- TODO: check
+ NOT-FOR-US: Twitter Recommendation Algorithm
CVE-2023-29217
RESERVED
CVE-2023-29169
@@ -259,13 +259,13 @@ CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x thro
NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
NOTE: https://phabricator.wikimedia.org/T285159
CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
- TODO: check
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
- TODO: check
+ NOT-FOR-US: CheckUser MediaWiki extension
CVE-2023-29138
RESERVED
CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
- TODO: check
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
CVE-2023-29136
RESERVED
CVE-2023-29135
@@ -391,7 +391,7 @@ CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Aver
CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator
CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= ...)
- TODO: check
+ - check-mk <removed>
CVE-2023-1767
RESERVED
CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -929,7 +929,7 @@ CVE-2023-1673
CVE-2023-28936
RESERVED
CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
- TODO: check
+ NOT-FOR-US: Apache UIMA UICC
CVE-2023-28744
RESERVED
CVE-2023-1672
@@ -1041,7 +1041,7 @@ CVE-2023-1664
RESERVED
NOT-FOR-US: Keycloak
CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...)
- TODO: check
+ NOT-FOR-US: Coverity
CVE-2023-1662
RESERVED
CVE-2023-1661
@@ -1231,13 +1231,13 @@ CVE-2023-28856
CVE-2023-28855
RESERVED
CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...)
- TODO: check
+ NOT-FOR-US: nophp
CVE-2023-28853
RESERVED
CVE-2023-28852
RESERVED
CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...)
- TODO: check
+ NOT-FOR-US: Silverstripe
CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows ...)
NOT-FOR-US: Pimcore Perspective Editor
CVE-2023-28849
@@ -1247,7 +1247,7 @@ CVE-2023-28848
CVE-2023-28847
RESERVED
CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
- TODO: check
+ NOT-FOR-US: Unpoly
CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud. ...)
NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud
CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...)
@@ -1265,9 +1265,9 @@ CVE-2023-28839
CVE-2023-28838
RESERVED
CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. In affec ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcloud Se ...)
@@ -1761,7 +1761,7 @@ CVE-2023-28687
CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...)
- TODO: check
+ NOT-FOR-US: NGINX Agent
CVE-2023-1549
RESERVED
CVE-2023-1548
@@ -1922,7 +1922,7 @@ CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Du
CVE-2023-28639
RESERVED
CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...)
- TODO: check
+ NOT-FOR-US: Snappier
CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...)
NOT-FOR-US: DataEase
CVE-2023-28636
@@ -1936,17 +1936,17 @@ CVE-2023-28633
CVE-2023-28632
RESERVED
CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
- TODO: check
+ NOT-FOR-US: comrak
CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...)
NOT-FOR-US: GoCD
CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...)
NOT-FOR-US: GoCD
CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...)
- TODO: check
+ NOT-FOR-US: lambdaisland/uri
CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...)
- TODO: check
+ NOT-FOR-US: pymedusa
CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
- TODO: check
+ NOT-FOR-US: comrak
CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...)
- libapache2-mod-auth-openidc <unfixed> (bug #1033916)
NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a (v2.4.13.2)
@@ -2535,7 +2535,7 @@ CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel
CVE-2023-28463
RESERVED
CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara Server 4 ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...)
NOT-FOR-US: Array Networks
CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...)
@@ -2607,15 +2607,15 @@ CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty
NOTE: https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d (master)
NOTE: https://github.com/smarty-php/smarty/commit/e09df8d851eb3ef139ced41afa5e73480f3cd5e8 (support/3.1)
CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
NOT-FOR-US: Deno
CVE-2023-28444 (angular-server-side-configuration helps configure an angular applicati ...)
- TODO: check
+ NOT-FOR-US: angular-server-side-configuration
CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...)
- TODO: check
+ NOT-FOR-US: GeoNode
CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...)
NOT-FOR-US: smartCARS
CVE-2023-28440
@@ -2639,7 +2639,7 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster de
CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...)
NOT-FOR-US: Frontier
CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...)
- TODO: check
+ NOT-FOR-US: OneSignal
CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
NOT-FOR-US: Pimcore
CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...)
@@ -6465,7 +6465,7 @@ CVE-2023-27226
CVE-2023-27225
RESERVED
CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
- TODO: check
+ NOT-FOR-US: NginxProxyManager
CVE-2023-27223
RESERVED
CVE-2023-27222
@@ -6587,7 +6587,7 @@ CVE-2023-27165
CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...)
NOT-FOR-US: Halo
CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...)
- TODO: check
+ NOT-FOR-US: request-baskets
CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...)
TODO: check
CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230404/bbcad467/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list