[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 20 14:52:19 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fadbaff by Moritz Muehlenhoff at 2023-02-20T15:51:53+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2023-26095
 CVE-2023-26094
 	RESERVED
 CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injection,  ...)
-	TODO: check
+	NOT-FOR-US: Liima
 CVE-2023-26092 (Liima before 1.17.28 allows server-side template injection. ...)
-	TODO: check
+	NOT-FOR-US: Liima
 CVE-2023-26091
 	RESERVED
 CVE-2023-26090
@@ -105,7 +105,7 @@ CVE-2015-10084
 CVE-2015-10083
 	RESERVED
 CVE-2023-0919 (Missing Authentication for Critical Function in GitHub repository kare ...)
-	TODO: check
+	NOT-FOR-US: Kavita
 CVE-2023-0918 (A vulnerability has been found in codeprojects Pharmacy Management Sys ...)
 	NOT-FOR-US: codeprojects Pharmacy Management System
 CVE-2023-0917 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -141,9 +141,9 @@ CVE-2015-10080
 CVE-2014-125088
 	RESERVED
 CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been  ...)
-	TODO: check
+	NOT-FOR-US: OAICat
 CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...)
-	TODO: check
+	NOT-FOR-US: uakfdotb oneapp
 CVE-2023-0911
 	RESERVED
 CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
@@ -165,11 +165,11 @@ CVE-2023-0903 (A vulnerability was found in SourceCodester Employee Task Managem
 CVE-2023-0902 (A vulnerability was found in SourceCodester Simple Food Ordering Syste ...)
 	NOT-FOR-US: SourceCodester Simple Food Ordering System
 CVE-2016-15024 (A vulnerability was found in doomsider shadow. It has been classified  ...)
-	TODO: check
+	NOT-FOR-US: doomsider shadow
 CVE-2014-125087 (A vulnerability was found in java-xmlbuilder up to 1.1. It has been ra ...)
-	TODO: check
+	NOT-FOR-US: java-xmlbuilder
 CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. ...)
-	TODO: check
+	NOT-FOR-US: madgicweb BuddyStream Plugin
 CVE-2023-26056
 	RESERVED
 CVE-2023-26055
@@ -11137,7 +11137,7 @@ CVE-2022-48117
 CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE)  ...)
 	NOT-FOR-US: AyaCMS
 CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered to be v ...)
-	TODO: check
+	NOT-FOR-US: jspreadsheet
 CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
 	NOT-FOR-US: RuoYi
 CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
@@ -41480,7 +41480,7 @@ CVE-2022-38780
 CVE-2022-38779
 	RESERVED
 CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana’s third  ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
 	NOT-FOR-US: Elastic Endpoint Security
 CVE-2022-38776
@@ -77844,7 +77844,7 @@ CVE-2022-25982
 CVE-2022-25981
 	RESERVED
 CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to Cross-s ...)
-	TODO: check
+	NOT-FOR-US: Node jsuites
 CVE-2022-25978 (All versions of the package github.com/usememos/memos/server are vulne ...)
 	NOT-FOR-US: github.com/usememos/memos/server
 CVE-2022-25977
@@ -77868,7 +77868,7 @@ CVE-2022-25964
 CVE-2022-25963
 	RESERVED
 CVE-2022-25962 (All versions of the package vagrant.js are vulnerable to Command Injec ...)
-	TODO: check
+	NOT-FOR-US: vagrant.js
 CVE-2022-25961
 	RESERVED
 CVE-2022-25956
@@ -77894,15 +77894,15 @@ CVE-2022-25944
 CVE-2022-25941
 	RESERVED
 CVE-2022-25940 (All versions of package lite-server are vulnerable to Denial of Servic ...)
-	TODO: check
+	NOT-FOR-US: Node lite-server
 CVE-2022-25939
 	RESERVED
 CVE-2022-25938
 	RESERVED
 CVE-2022-25937 (Versions of the package glance before 3.0.9 are vulnerable to Director ...)
-	TODO: check
+	NOT-FOR-US: Node glance
 CVE-2022-25936 (Versions of the package servst before 2.0.3 are vulnerable to Director ...)
-	TODO: check
+	NOT-FOR-US: Node servst
 CVE-2022-25935
 	RESERVED
 CVE-2022-25934
@@ -77910,23 +77910,23 @@ CVE-2022-25934
 CVE-2022-25933
 	RESERVED
 CVE-2022-25931 (All versions of package easy-static-server are vulnerable to Directory ...)
-	TODO: check
+	NOT-FOR-US: Node easy-static-server
 CVE-2022-25930
 	RESERVED
 CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: Node smoothie
 CVE-2022-25928
 	RESERVED
 CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
 	TODO: check
 CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Node window-control
 CVE-2022-25925
 	RESERVED
 CVE-2022-25924
 	RESERVED
 CVE-2022-25923 (Versions of the package exec-local-bin before 1.2.0 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Node exec-local-bin
 CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...)
 	NOT-FOR-US: Node morgan-json
 CVE-2022-25919
@@ -77934,7 +77934,7 @@ CVE-2022-25919
 CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...)
 	NOT-FOR-US: shescape
 CVE-2022-25916 (Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: Node mt7688-wiscan
 CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...)
 	NOT-FOR-US: com.google.cloud.tools:jib-core
 CVE-2022-25913



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fadbaff613ba1368d46c0540014e489d9f356ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fadbaff613ba1368d46c0540014e489d9f356ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230220/655f63a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list