[Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 5 20:18:01 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c20c322d by Salvatore Bonaccorso at 2023-02-05T21:17:29+01:00
Process some NFUs
- - - - -
72331571 by Salvatore Bonaccorso at 2023-02-05T21:17:31+01:00
Add CVE-2023-0576/yugabyte-db
- - - - -
a91697ea by Salvatore Bonaccorso at 2023-02-05T21:17:32+01:00
Associate some NFUs to jellyfin, itp'ed
- - - - -
7ac9c6fa by Salvatore Bonaccorso at 2023-02-05T21:17:34+01:00
Add CVE-2023-2363{5,6}/jellyfin
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -167,7 +167,7 @@ CVE-2023-0661 (Improper access control in Devolutions Server allows an authentic
CVE-2023-0660
RESERVED
CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...)
- TODO: check
+ NOT-FOR-US: BDCOM
CVE-2022-4901
RESERVED
CVE-2022-48310
@@ -306,7 +306,7 @@ CVE-2022-48307
CVE-2022-48306
RESERVED
CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...)
- TODO: check
+ NOT-FOR-US: OnShift TurboGears
CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: MobileDetect
CVE-2018-25079 (A vulnerability was found in Segmentio is-url up to 1.2.2. It has been ...)
@@ -450,9 +450,9 @@ CVE-2023-0645
CVE-2023-0644
RESERVED
CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...)
- TODO: check
+ NOT-FOR-US: squidex
CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...)
- TODO: check
+ NOT-FOR-US: squidex
CVE-2023-0641 (A vulnerability was found in PHPGurukul Employee Leaves Management Sys ...)
NOT-FOR-US: PHPGurukul Employee Leaves Management System
CVE-2023-0640 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been ...)
@@ -1054,7 +1054,7 @@ CVE-2023-0578
CVE-2023-0577
RESERVED
CVE-2023-0576 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...)
- TODO: check
+ - yugabyte-db <itp> (bug #989673)
CVE-2023-0575
RESERVED
CVE-2023-0574
@@ -1446,7 +1446,7 @@ CVE-2023-24615
CVE-2023-24614
RESERVED
CVE-2023-24613 (The user interface of Array Networks AG Series and vxAG through 9.4.0. ...)
- TODO: check
+ NOT-FOR-US: Array Networks
CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allo ...)
NOT-FOR-US: MediaWiki PdfBook extension
CVE-2023-24611
@@ -1705,7 +1705,7 @@ CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticate
CVE-2023-24575
RESERVED
CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-24573
RESERVED
CVE-2023-24572
@@ -3057,7 +3057,7 @@ CVE-2023-24031
CVE-2023-24030
RESERVED
CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...)
NOT-FOR-US: MISP
CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...)
@@ -3293,7 +3293,7 @@ CVE-2023-23943
CVE-2023-23942
RESERVED
CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...)
- TODO: check
+ NOT-FOR-US: SwagPayPal
CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
TODO: check
CVE-2023-23939
@@ -3301,7 +3301,7 @@ CVE-2023-23939
CVE-2023-23938
RESERVED
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2023-23936
RESERVED
CVE-2023-23935
@@ -3309,7 +3309,7 @@ CVE-2023-23935
CVE-2023-23934
RESERVED
CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...)
- TODO: check
+ NOT-FOR-US: OpenSearch Anomaly Detection
CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...)
TODO: check
CVE-2023-23931
@@ -4179,9 +4179,9 @@ CVE-2010-10006 (A vulnerability, which was classified as problematic, was found
CVE-2023-23637 (IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain te ...)
NOT-FOR-US: IMPatienT
CVE-2023-23636 (In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerabl ...)
- TODO: check
+ - jellyfin <itp> (bug #994189)
CVE-2023-23635 (In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnera ...)
- TODO: check
+ - jellyfin <itp> (bug #994189)
CVE-2023-23634
RESERVED
CVE-2023-23633
@@ -4223,7 +4223,7 @@ CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.2
CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable commen ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides a centr ...)
NOT-FOR-US: Pi-Hole
CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...)
@@ -46479,9 +46479,9 @@ CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1,
CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46, remote at ...)
NOT-FOR-US: Patlite NH-FB
CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin access to ...)
- NOT-FOR-US: Jellyfin
+ - jellyfin <itp> (bug #994189)
CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...)
- NOT-FOR-US: Jellyfin
+ - jellyfin <itp> (bug #994189)
CVE-2022-35908
RESERVED
CVE-2022-35907
@@ -136012,7 +136012,7 @@ CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does no
CVE-2021-29491
REJECTED
CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
- NOT-FOR-US: Jellyfin
+ - jellyfin <itp> (bug #994189)
CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
NOT-FOR-US: Highcharts JS
CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
@@ -157158,7 +157158,7 @@ CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Synct
CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...)
NOT-FOR-US: kongchuanhujiao
CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
- NOT-FOR-US: Jellyfin
+ - jellyfin <itp> (bug #994189)
CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
- nanopb 0.4.4-2 (bug #985844)
NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd3c7b6137612f050e45abb2bfaf108143eb98b9...7ac9c6face6c87a086c16d80672fea83be2c18cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd3c7b6137612f050e45abb2bfaf108143eb98b9...7ac9c6face6c87a086c16d80672fea83be2c18cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230205/06939bd2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list