[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 13 11:48:42 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
551c7058 by Moritz Muehlenhoff at 2023-01-13T12:38:57+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2023-XXXX [tor TROVE-2022-02]
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc
CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2023-23565
RESERVED
CVE-2023-23564
@@ -184,21 +184,21 @@ CVE-2023-0260
CVE-2023-0259
RESERVED
CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-48260
RESERVED
CVE-2022-48259
RESERVED
CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...)
- TODO: check
+ NOT-FOR-US: Eternal Terminal
CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...)
- TODO: check
+ NOT-FOR-US: Eternal Terminal
CVE-2022-48256 (Technitium DNS Server before 10.0 allows a self-CNAME denial-of-servic ...)
- TODO: check
+ NOT-FOR-US: Technitium DNS Server
CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of the Nim ...)
TODO: check
CVE-2023-23492
@@ -557,10 +557,11 @@ CVE-2023-23349
RESERVED
CVE-2023-0229
RESERVED
+ NOT-FOR-US: OpenShift
CVE-2023-0228
RESERVED
CVE-2023-0227 (Insufficient Session Expiration in GitHub repository pyload/pyload pri ...)
- TODO: check
+ - pyload <itp> (bug #1001980)
CVE-2023-0226
RESERVED
CVE-2023-0225
@@ -1394,7 +1395,7 @@ CVE-2023-22965
CVE-2023-22964
RESERVED
CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...)
- TODO: check
+ NOT-FOR-US: Dart language (different from src:dart)
CVE-2023-22962
RESERVED
CVE-2023-22961
@@ -1426,7 +1427,7 @@ CVE-2023-22949
CVE-2023-22948
RESERVED
CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...)
- TODO: check
+ - shibboleth-sp <not-affected> (Windows-specific)
CVE-2023-22946
RESERVED
CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...)
@@ -1592,7 +1593,7 @@ CVE-2015-10037 (A vulnerability, which was classified as critical, was found in
CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...)
NOT-FOR-US: kylebebak dronfelipe
CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It has been ...)
- TODO: check
+ NOT-FOR-US: backdrop-contrib Basic Cart
CVE-2023-22924
RESERVED
CVE-2023-22923
@@ -57668,7 +57669,7 @@ CVE-2021-46797
CVE-2021-46796
RESERVED
CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46794
RESERVED
CVE-2021-46793
@@ -57676,7 +57677,7 @@ CVE-2021-46793
CVE-2021-46792
RESERVED
CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-30227
RESERVED
CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -63282,7 +63283,7 @@ CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...)
NOT-FOR-US: AMD
CVE-2021-46777
@@ -63304,9 +63305,9 @@ CVE-2021-46770
CVE-2021-46769
RESERVED
CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46766
RESERVED
CVE-2021-46765
@@ -64581,9 +64582,9 @@ CVE-2022-27889 (The Multipass service was found to have code paths that could be
CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
NOT-FOR-US: Foundry Issues service
CVE-2022-1102 (A vulnerability classified as problematic has been found in SourceCode ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- gitlab <unfixed>
CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551c7058b6a787b6bc2437564cef7c4380c6ddd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551c7058b6a787b6bc2437564cef7c4380c6ddd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230113/fd0a2d9e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list