[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 1 10:02:48 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20f7932a by Moritz Muehlenhoff at 2023-03-01T11:02:24+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -247,9 +247,9 @@ CVE-2023-27296
CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...)
NOT-FOR-US: OpenCATS
CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2023-27293 (Improper neutralization of input during web page generation allows an ...)
- TODO: check
+ NOT-FOR-US: OpenCATS
CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template injection ...)
NOT-FOR-US: OpenCATS
CVE-2023-26594
@@ -3856,7 +3856,7 @@ CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and
CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...)
NOT-FOR-US: Netgear
CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulne ...)
- TODO: check
+ NOT-FOR-US: DASH 7 Alliance protocol
CVE-2023-25858
RESERVED
CVE-2023-25857
@@ -3967,7 +3967,7 @@ CVE-2023-25809
CVE-2023-25808
RESERVED
CVE-2023-25807 (DataEase is an open source data visualization and analysis tool. When ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2023-25806
RESERVED
CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
@@ -4928,7 +4928,7 @@ CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior
CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...)
NOT-FOR-US: Fastify plugin
CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia ...)
- TODO: check
+ NOT-FOR-US: API Platform Core
CVE-2023-25574
RESERVED
CVE-2023-25573
@@ -8966,7 +8966,7 @@ CVE-2023-24047
CVE-2023-24046
RESERVED
CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...)
- TODO: check
+ NOT-FOR-US: Dataiku
CVE-2023-24044 (** DISPUTED ** A Host Header Injection issue on the Login page of Ples ...)
NOT-FOR-US: Plesk Obsidian
CVE-2023-24043
@@ -19120,9 +19120,9 @@ CVE-2022-47078
CVE-2022-47077
RESERVED
CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
- TODO: check
+ NOT-FOR-US: Smart Office Web
CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...)
- TODO: check
+ NOT-FOR-US: Smart Office Web
CVE-2022-47074
RESERVED
CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...)
@@ -27164,7 +27164,7 @@ CVE-2023-20935
CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...)
NOT-FOR-US: Android
CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...)
- NOT-FOR-US: Android
+ NOT-FOR-US: Android media framework
CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a possible w ...)
NOT-FOR-US: Android
CVE-2023-20931
@@ -49895,7 +49895,7 @@ CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allow
NOTE: https://github.com/gorilla/handlers/pull/116
NOTE: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145 (v1.3.0)
CVE-2015-10004 (Token validation methods are susceptible to a timing side-channel duri ...)
- TODO: check
+ NOT-FOR-US: Go robbert229/jwt
CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...)
NOT-FOR-US: golz4 (Golang interface to LZ4)
CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...)
@@ -51481,7 +51481,7 @@ CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory s
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
CVE-2022-2504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: SDD-Baro
CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...)
- linux 5.18.2-1
[bullseye] - linux 5.10.120-1
@@ -81298,7 +81298,7 @@ CVE-2022-25884
CVE-2022-25883
RESERVED
CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: onnx
CVE-2022-25881 (This affects versions of the package http-cache-semantics before 4.1.1 ...)
TODO: check
CVE-2022-25879
@@ -89268,9 +89268,9 @@ CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerabilit
CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...)
NOT-FOR-US: authentik
CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
- TODO: check
+ NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine)
CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
- TODO: check
+ NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine)
CVE-2022-23552 (Grafana is an open-source platform for monitoring and observability. S ...)
- grafana <removed>
CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...)
@@ -89506,7 +89506,7 @@ CVE-2022-23471 (containerd is an open source container runtime. A bug was found
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
NOTE: https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Galaxy
CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...)
- traefik <itp> (bug #983289)
CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...)
@@ -89519,7 +89519,7 @@ CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to cont
NOTE: https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h
NOTE: https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6 (v3.5.1)
CVE-2022-23466 (teler is an real-time intrusion detection and threat alert dashboard. ...)
- TODO: check
+ NOT-FOR-US: teler
CVE-2022-23465 (SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24 ...)
TODO: check
CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...)
@@ -90525,9 +90525,9 @@ CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a
CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
- TODO: check
+ NOT-FOR-US: Active IQ Unified Manager
CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...)
- TODO: check
+ NOT-FOR-US: Active IQ Unified Manager
CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...)
NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale)
CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
@@ -92822,7 +92822,7 @@ CVE-2022-22670 (An access issue was addressed with improved access restrictions.
CVE-2022-22669 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2022-22668 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22667 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2022-22666 (A memory corruption issue was addressed with improved validation. This ...)
@@ -93022,7 +93022,7 @@ CVE-2022-22584 (A memory corruption issue was addressed with improved validation
CVE-2022-22583 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
CVE-2022-22582 (A validation issue existed in the handling of symlinks. This issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22581
RESERVED
CVE-2022-22580
@@ -98031,7 +98031,7 @@ CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WIT
CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
NOT-FOR-US: Siemens
CVE-2021-45032 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- TODO: check
+ NOT-FOR-US: Rejected CVE
CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in ...)
NOT-FOR-US: MEPSAN
CVE-2021-45030
@@ -98568,7 +98568,7 @@ CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input Du
CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
NOT-FOR-US: Snow Inventory Java Scanner
CVE-2021-4105 (Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewal ...)
- TODO: check
+ NOT-FOR-US: BG-TEK
CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...)
- libtoxcore 0.2.2-1
NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
@@ -108441,7 +108441,7 @@ CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possibl
CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...)
NOT-FOR-US: Unisoc
CVE-2022-20235 (The PowerVR GPU kernel driver maintains an "Information Page" used by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...)
NOT-FOR-US: Android
CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
@@ -110314,9 +110314,9 @@ CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer o
[stretch] - strongswan <not-affected> (The vulnerable code was introduced later in version 5.6.1)
NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
CVE-2021-41989 (Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Dire ...)
- TODO: check
+ NOT-FOR-US: Qlik
CVE-2021-41988 (Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in ...)
- TODO: check
+ NOT-FOR-US: Qlik
CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products, an attack ...)
NOT-FOR-US: Mikrotik
CVE-2021-41986
@@ -110358,7 +110358,7 @@ CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with E
CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows read ...)
NOT-FOR-US: Keycloak
CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Liman MYS
CVE-2021-3854
RESERVED
CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
@@ -110719,7 +110719,7 @@ CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML inje
CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
NOT-FOR-US: Craft CMS
CVE-2021-41823 (The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows ...)
- TODO: check
+ NOT-FOR-US: Kemp LoadMaster
CVE-2021-41822
RESERVED
CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...)
@@ -114597,9 +114597,9 @@ CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includ
CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...)
NOT-FOR-US: Nagios XI
CVE-2021-40342 (In the DES implementation, the affected product versions use a default ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40341 (DES cipher, which has inadequate encryption strength, is used Hitachi ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
NOT-FOR-US: Hitachi
CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...)
@@ -116906,7 +116906,7 @@ CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 all
CVE-2021-39370
RESERVED
CVE-2021-39369 (In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the ...)
- TODO: check
+ NOT-FOR-US: Philips (formerly Carestream) Vue MyVue PACS
CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...)
NOT-FOR-US: Canon Oce Print Exec Workgroup
CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...)
@@ -119786,11 +119786,11 @@ CVE-2021-38243
CVE-2021-38242
RESERVED
CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows remote a ...)
- TODO: check
+ NOT-FOR-US: Ruoyi
CVE-2021-38240
RESERVED
CVE-2021-38239 (SQL Injection vulnerability in dataease before 1.2.0, allows attackers ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2021-38238
RESERVED
CVE-2021-38237
@@ -121188,7 +121188,7 @@ CVE-2021-37776
CVE-2021-37775
RESERVED
CVE-2021-37774 (An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0. ...)
- TODO: check
+ NOT-FOR-US: TL-WDR7660
CVE-2021-37773
RESERVED
CVE-2021-37772
@@ -121872,7 +121872,7 @@ CVE-2021-37520
CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...)
TODO: check
CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...)
- TODO: check
+ NOT-FOR-US: Vivium
CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...)
- dolibarr <removed>
CVE-2021-37516
@@ -121908,13 +121908,13 @@ CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows
CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1 ...)
TODO: check
CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...)
- TODO: check
+ NOT-FOR-US: Reprise License Manager
CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web interface thro ...)
- TODO: check
+ NOT-FOR-US: Reprise License Manager
CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM) web inte ...)
- TODO: check
+ NOT-FOR-US: Reprise License Manager
CVE-2021-37497 (SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote a ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2021-37496
RESERVED
CVE-2021-37495
@@ -121924,7 +121924,7 @@ CVE-2021-37494
CVE-2021-37493
RESERVED
CVE-2021-37492 (An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 ...)
- TODO: check
+ NOT-FOR-US: Ravencoin
CVE-2021-37491 (An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogec ...)
TODO: check
CVE-2021-37490
@@ -122168,19 +122168,19 @@ CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can
CVE-2021-37380
RESERVED
CVE-2021-37379 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37378 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37377 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37376 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37375 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37374 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37373 (** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Teradek
CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...)
NOT-FOR-US: Online Student Admission System
CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f7932af283b0e05a58b90005d336198571ed97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f7932af283b0e05a58b90005d336198571ed97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230301/e4b6b377/attachment.htm>
More information about the debian-security-tracker-commits
mailing list