[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 28 21:22:53 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b40a51e by Salvatore Bonaccorso at 2023-02-28T22:22:34+01:00
Process NFUs
- - - - -
bcff8807 by Salvatore Bonaccorso at 2023-02-28T22:22:36+01:00
Add CVE-2023-2310{8,9}/crasm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -170,13 +170,13 @@ CVE-2023-1082
CVE-2023-27296
RESERVED
CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...)
TODO: check
CVE-2023-27293 (Improper neutralization of input during web page generation allows an ...)
TODO: check
CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template injection ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2023-26594
RESERVED
CVE-2023-25771
@@ -302,7 +302,7 @@ CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2023-1066
RESERVED
CVE-2023-1065 (This vulnerability in the Snyk Kubernetes Monitor can result in irrele ...)
- TODO: check
+ NOT-FOR-US: Snyk Kubernetes Monitor
CVE-2023-1064
RESERVED
CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors Appointment S ...)
@@ -2667,9 +2667,9 @@ CVE-2023-26258
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
NOT-FOR-US: Connected Vehicle Systems Alliance
CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
- TODO: check
+ NOT-FOR-US: Plugin for Jira
CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
- TODO: check
+ NOT-FOR-US: Plugin for Jira
CVE-2023-26254
RESERVED
CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...)
@@ -4929,7 +4929,7 @@ CVE-2023-25542
CVE-2023-25541
RESERVED
CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-25539
RESERVED
CVE-2023-25538
@@ -5264,9 +5264,9 @@ CVE-2023-25434
CVE-2023-25433
RESERVED
CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...)
- TODO: check
+ NOT-FOR-US: Online Reviewer Management System
CVE-2023-25431 (An issue was discovered in Online Reviewer Management System v1.0. The ...)
- TODO: check
+ NOT-FOR-US: Online Reviewer Management System
CVE-2023-25430
RESERVED
CVE-2023-25429
@@ -5596,11 +5596,11 @@ CVE-2023-25268
CVE-2023-25267
RESERVED
CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
- TODO: check
+ NOT-FOR-US: Docmosis Tornado
CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal lead ...)
- TODO: check
+ NOT-FOR-US: Docmosis Tornado
CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
- TODO: check
+ NOT-FOR-US: Docmosis Tornado
CVE-2023-25263
RESERVED
CVE-2023-25262
@@ -7611,7 +7611,7 @@ CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. ..
NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247)
NOTE: Crash in CLI tool, no security impact
CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Management J ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2023-0510
RESERVED
CVE-2023-24540
@@ -8014,7 +8014,7 @@ CVE-2023-24421
CVE-2023-24420
RESERVED
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24418
RESERVED
CVE-2023-24417
@@ -8993,7 +8993,7 @@ CVE-2023-23994
CVE-2023-23993
RESERVED
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23991
RESERVED
CVE-2023-23990
@@ -9011,7 +9011,7 @@ CVE-2023-23985
CVE-2023-23984
RESERVED
CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23982
RESERVED
CVE-2023-23981
@@ -9348,7 +9348,7 @@ CVE-2023-23867
CVE-2023-23866
RESERVED
CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23864
RESERVED
CVE-2023-23863
@@ -9903,7 +9903,7 @@ CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorc
CVE-2023-0340
RESERVED
CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access Management W ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
@@ -9958,7 +9958,7 @@ CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains
CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...)
NOT-FOR-US: EMC
CVE-2023-23689 (Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-23688
RESERVED
CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube short ...)
@@ -11579,9 +11579,11 @@ CVE-2023-23111
CVE-2023-23110 (An exploitable firmware modification vulnerability was discovered in c ...)
NOT-FOR-US: Netgear
CVE-2023-23109 (In crasm 1.8-3, invalid input validation, specific files passed to the ...)
- TODO: check
+ - crasm <unfixed>
+ NOTE: https://github.com/colinbourassa/crasm/pull/7
CVE-2023-23108 (In crasm 1.8-3, invalid input validation, specific files passed to the ...)
- TODO: check
+ - crasm <unfixed>
+ NOTE: https://github.com/colinbourassa/crasm/pull/7
CVE-2023-23107
RESERVED
CVE-2023-23106
@@ -12853,69 +12855,69 @@ CVE-2023-22780
CVE-2023-22779
RESERVED
CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22776 (An authenticated path traversal vulnerability exists in the ArubaOS co ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22775 (A vulnerability exists which allows an authenticated attacker to acces ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22774 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22773 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22772 (An authenticated path traversal vulnerability exists in the ArubaOS we ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22771 (An insufficient session expiration vulnerability exists in the ArubaOS ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22770 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22769 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22768 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22767 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22766 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22765 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22764 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22763 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22762 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22761 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22760 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22759 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22758 (Authenticated remote command injection vulnerabilities exist in the Ar ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22757 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22756 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22755 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22754 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22753 (There are buffer overflow vulnerabilities in multiple underlying opera ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22752 (There are stack-based buffer overflow vulnerabilities that could lead ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22751 (There are stack-based buffer overflow vulnerabilities that could lead ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22750 (There are multiple command injection vulnerabilities that could lead t ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22749 (There are multiple command injection vulnerabilities that could lead t ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22748 (There are multiple command injection vulnerabilities that could lead t ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22747 (There are multiple command injection vulnerabilities that could lead t ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2023-22746 (CKAN is an open-source DMS (data management system) for powering data ...)
NOT-FOR-US: CKAN
CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...)
@@ -16154,7 +16156,7 @@ CVE-2022-47614
CVE-2022-47613
RESERVED
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47611
RESERVED
CVE-2022-47610
@@ -18790,7 +18792,7 @@ CVE-2022-47181
CVE-2022-47180
RESERVED
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47178
RESERVED
CVE-2022-47177
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4f904c479241e99ec6702d982b6a0eb68c25a0fa...bcff88075e926cb4f2c72fc43e8741d8adb9d969
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4f904c479241e99ec6702d982b6a0eb68c25a0fa...bcff88075e926cb4f2c72fc43e8741d8adb9d969
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/201829d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list