[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 6 16:40:43 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27012d59 by Moritz Muehlenhoff at 2023-03-06T17:40:26+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -422,7 +422,7 @@ CVE-2023-27643
 CVE-2023-27642
 	RESERVED
 CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
-	TODO: check
+	NOT-FOR-US: L-Soft
 CVE-2023-27640
 	RESERVED
 CVE-2023-27639
@@ -445,7 +445,7 @@ CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arb
 	- debian-goodies <unfixed> (bug #1031267)
 	[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
 CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...)
-	TODO: check
+	NOT-FOR-US: icret/easyimages2.0
 CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...)
 	NOT-FOR-US: SourceCodester Health Center Patient Record Management System
 CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -543,7 +543,7 @@ CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1
 CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
 	NOT-FOR-US: Qtranslate Slug Plugin
 CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt  ...)
-	TODO: check
+	NOT-FOR-US: bywater-koha-xslt
 CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classi ...)
@@ -673,13 +673,13 @@ CVE-2023-1167
 CVE-2023-1166
 	RESERVED
 CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
-	TODO: check
+	NOT-FOR-US: icplayer
 CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...)
-	TODO: check
+	NOT-FOR-US: icplayer
 CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...)
-	TODO: check
+	NOT-FOR-US: NEOSDiscovery
 CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...)
-	TODO: check
+	NOT-FOR-US: json-logic-js
 CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm  ...)
 	- ayttm <removed>
 	NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
@@ -739,7 +739,7 @@ CVE-2023-27540
 CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been  ...)
 	NOT-FOR-US: Zhong Bang CRMEB Java
 CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation and classified ...)
-	TODO: check
+	NOT-FOR-US: KylinSoft
 CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and class ...)
 	NOT-FOR-US: DrayTek Vigor 2960
 CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...)
@@ -753,11 +753,11 @@ CVE-2023-1159
 CVE-2023-1158
 	RESERVED
 CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
-	TODO: check
+	NOT-FOR-US: Finixbit elf-parser
 CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Health Center Patient Record Management System
 CVE-2021-4328 (A vulnerability has been found in 狮子鱼CMS and clas ...)
-	TODO: check
+	NOT-FOR-US: 狮子鱼CMS
 CVE-2020-36665 (A vulnerability was found in Artesãos SEOTools up to 0.17.1 and c ...)
 	NOT-FOR-US: artesaos SEOTools
 CVE-2020-36664 (A vulnerability has been found in Artesãos SEOTools up to 0.17.1  ...)
@@ -1140,7 +1140,7 @@ CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability in
 CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...)
 	NOT-FOR-US: SourceCodester Simple Payroll System
 CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...)
-	TODO: check
+	NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
 CVE-2023-1111
 	RESERVED
 CVE-2023-1110
@@ -3231,7 +3231,7 @@ CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce S
 CVE-2023-26511
 	RESERVED
 CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft  ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2023-26509
 	RESERVED
 CVE-2023-26508
@@ -3267,7 +3267,7 @@ CVE-2023-26494
 CVE-2023-26493
 	RESERVED
 CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...)
 	TODO: check
 CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
@@ -3275,11 +3275,11 @@ CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers
 CVE-2023-26489
 	RESERVED
 CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin
 CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	TODO: check
+	NOT-FOR-US: Vega
 CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	TODO: check
+	NOT-FOR-US: Vega
 CVE-2023-26485
 	RESERVED
 CVE-2023-26484
@@ -3738,7 +3738,7 @@ CVE-2023-0959
 CVE-2023-0958
 	RESERVED
 CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
-	TODO: check
+	NOT-FOR-US: Gitpod
 CVE-2023-0956
 	RESERVED
 CVE-2023-0955
@@ -4079,7 +4079,7 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via
 	NOTE: https://debbugs.gnu.org/61819
 	NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14
 CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui- ...)
-	TODO: check
+	NOT-FOR-US: Barracuda
 CVE-2023-26212
 	RESERVED
 CVE-2023-26211
@@ -4283,13 +4283,13 @@ CVE-2023-26113
 CVE-2023-26112
 	RESERVED
 CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
-	TODO: check
+	NOT-FOR-US: @nubosoftware/node-static
 CVE-2023-26110
 	RESERVED
 CVE-2023-26109
 	RESERVED
 CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
-	TODO: check
+	NOT-FOR-US: @nestjs/core
 CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
 	TODO: check
 CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...)
@@ -4506,9 +4506,9 @@ CVE-2023-26053 (Gradle is a build tool with a focus on build automation and supp
 	- gradle <not-affected> (The version of Gradle in Debian doesn't support dependency verification yet)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
 CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
-	TODO: check
+	NOT-FOR-US: Saleor
 CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
-	TODO: check
+	NOT-FOR-US: Saleor
 CVE-2023-26050
 	RESERVED
 CVE-2023-26049
@@ -4516,9 +4516,9 @@ CVE-2023-26049
 CVE-2023-26048
 	RESERVED
 CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
-	TODO: check
+	NOT-FOR-US: teler-waf
 CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
-	TODO: check
+	NOT-FOR-US: teler-waf
 CVE-2023-26045
 	RESERVED
 CVE-2023-26044
@@ -4731,9 +4731,9 @@ CVE-2023-25957
 CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
 	NOT-FOR-US: Apache Airflow AWS Provider
 CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product  ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2023-0896
 	RESERVED
 CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for WordP ...)
@@ -5125,7 +5125,7 @@ CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.
 CVE-2023-25820
 	RESERVED
 CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2023-25818
 	RESERVED
 CVE-2023-25817
@@ -6075,7 +6075,7 @@ CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag
 CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
 	NOT-FOR-US: Wallabag
 CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
-	TODO: check
+	NOT-FOR-US: Wallabag
 CVE-2023-0733
 	RESERVED
 CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
@@ -6583,9 +6583,9 @@ CVE-2023-25405
 CVE-2023-25404
 	RESERVED
 CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass ...)
-	TODO: check
+	NOT-FOR-US: CleverStupidDog yf-exam
 CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is n ...)
-	TODO: check
+	NOT-FOR-US: CleverStupidDog yf-exam
 CVE-2023-25401
 	RESERVED
 CVE-2023-25400
@@ -8140,9 +8140,9 @@ CVE-2023-0580
 CVE-2023-0579
 	RESERVED
 CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: ASOS
 CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: ASOS
 CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
 	- yugabyte-db <itp> (bug #989673)
 CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...)
@@ -8497,11 +8497,11 @@ CVE-2023-24645
 CVE-2023-24644
 	RESERVED
 CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Judging Management System
 CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Judging Management System
 CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Judging Management System
 CVE-2023-24640
 	RESERVED
 CVE-2023-24639
@@ -9201,13 +9201,13 @@ CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
 CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...)
-	TODO: check
+	NOT-FOR-US: YouTube Embedded 1.2 SDK
 CVE-2023-0459
 	RESERVED
 CVE-2023-0458
 	RESERVED
 CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-4896
 	RESERVED
 CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
@@ -10512,11 +10512,11 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi
 CVE-2023-23930
 	RESERVED
 CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...)
 	NOT-FOR-US: reason-jose
 CVE-2023-23927 (Craft is a platform for creating digital experiences. When you insert  ...)
-	TODO: check
+	NOT-FOR-US: Craft
 CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
 	NOT-FOR-US: APOC
 CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
@@ -12475,7 +12475,7 @@ CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a Bl
 CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...)
 	NOT-FOR-US: Zdir
 CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2023-23312
 	RESERVED
 CVE-2023-23311
@@ -13867,11 +13867,11 @@ CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared
 CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
 	NOT-FOR-US: Information Cards Module
 CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...)
-	TODO: check
+	NOT-FOR-US: BlogEngine.NET
 CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
-	TODO: check
+	NOT-FOR-US: BlogEngine.NET
 CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
-	TODO: check
+	NOT-FOR-US: BlogEngine.NET
 CVE-2023-0117
 	RESERVED
 CVE-2023-0116
@@ -14287,7 +14287,7 @@ CVE-2023-22740 (Discourse is an open source platform for community discussion. V
 CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...)
 	NOT-FOR-US: Discourse
 CVE-2023-22738 (vantage6 is a privacy preserving federated learning infrastructure for ...)
-	TODO: check
+	NOT-FOR-US: vantage6
 CVE-2023-22737 (wire-server provides back end services for Wire, a team communication  ...)
 	NOT-FOR-US: wire-server
 CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -16036,7 +16036,7 @@ CVE-2022-XXXX [RUSTSEC-2022-0074]
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
 	NOTE: https://github.com/phsym/prettytable-rs/issues/145
 CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
 	TODO: check
 CVE-2023-22429
@@ -16046,11 +16046,11 @@ CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching fun
 CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
 	NOT-FOR-US: SHIRASAGI
 CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...)
-	TODO: check
+	NOT-FOR-US: Kostac
 CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
-	TODO: check
+	NOT-FOR-US: Kostac
 CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
-	TODO: check
+	NOT-FOR-US: Kostac
 CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
 	NOT-FOR-US: tsClinical
 CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
@@ -16082,11 +16082,11 @@ CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance
 CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...)
 	NOT-FOR-US: Screen Creator Advance
 CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...)
-	TODO: check
+	NOT-FOR-US: SS1
 CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...)
-	TODO: check
+	NOT-FOR-US: SS1
 CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...)
-	TODO: check
+	NOT-FOR-US: SS1
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
 	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
@@ -16848,7 +16848,7 @@ CVE-2022-41989 (Sewio’s Real-Time Location System (RTLS) Studio version 2.
 CVE-2022-41696
 	RESERVED
 CVE-2022-40633 (A malicious actor can clone access cards used to open control cabinets ...)
-	TODO: check
+	NOT-FOR-US: Rittal
 CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: bird-lg
 CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...)
@@ -16882,7 +16882,7 @@ CVE-2020-36621 (A vulnerability, which was classified as problematic, has been f
 CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...)
 	NOT-FOR-US: Brondahl EnumStringValues
 CVE-2023-22381 (A code injection vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
@@ -22056,7 +22056,7 @@ CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /adm
 CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL  ...)
 	NOT-FOR-US: Online Student Enrollment System
 CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discov ...)
-	TODO: check
+	NOT-FOR-US: Accruent LLC Maintenance Connection
 CVE-2022-46500
 	RESERVED
 CVE-2022-46499



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/ae09b05f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list