[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Mar 6 16:40:43 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
27012d59 by Moritz Muehlenhoff at 2023-03-06T17:40:26+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -422,7 +422,7 @@ CVE-2023-27643
CVE-2023-27642
RESERVED
CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
- TODO: check
+ NOT-FOR-US: L-Soft
CVE-2023-27640
RESERVED
CVE-2023-27639
@@ -445,7 +445,7 @@ CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arb
- debian-goodies <unfixed> (bug #1031267)
[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...)
- TODO: check
+ NOT-FOR-US: icret/easyimages2.0
CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...)
NOT-FOR-US: SourceCodester Health Center Patient Record Management System
CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -543,7 +543,7 @@ CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1
CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
NOT-FOR-US: Qtranslate Slug Plugin
CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt ...)
- TODO: check
+ NOT-FOR-US: bywater-koha-xslt
CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classi ...)
@@ -673,13 +673,13 @@ CVE-2023-1167
CVE-2023-1166
RESERVED
CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
- TODO: check
+ NOT-FOR-US: icplayer
CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...)
- TODO: check
+ NOT-FOR-US: icplayer
CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...)
- TODO: check
+ NOT-FOR-US: NEOSDiscovery
CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...)
- TODO: check
+ NOT-FOR-US: json-logic-js
CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...)
- ayttm <removed>
NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
@@ -739,7 +739,7 @@ CVE-2023-27540
CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been ...)
NOT-FOR-US: Zhong Bang CRMEB Java
CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation and classified ...)
- TODO: check
+ NOT-FOR-US: KylinSoft
CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and class ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1162 (A vulnerability, which was classified as critical, was found in DrayTe ...)
@@ -753,11 +753,11 @@ CVE-2023-1159
CVE-2023-1158
RESERVED
CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
- TODO: check
+ NOT-FOR-US: Finixbit elf-parser
CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Health Center Patient Record Management System
CVE-2021-4328 (A vulnerability has been found in 狮子鱼CMS and clas ...)
- TODO: check
+ NOT-FOR-US: 狮子鱼CMS
CVE-2020-36665 (A vulnerability was found in Artesãos SEOTools up to 0.17.1 and c ...)
NOT-FOR-US: artesaos SEOTools
CVE-2020-36664 (A vulnerability has been found in Artesãos SEOTools up to 0.17.1 ...)
@@ -1140,7 +1140,7 @@ CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability in
CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...)
NOT-FOR-US: SourceCodester Simple Payroll System
CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...)
- TODO: check
+ NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
CVE-2023-1111
RESERVED
CVE-2023-1110
@@ -3231,7 +3231,7 @@ CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce S
CVE-2023-26511
RESERVED
CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2023-26509
RESERVED
CVE-2023-26508
@@ -3267,7 +3267,7 @@ CVE-2023-26494
CVE-2023-26493
RESERVED
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...)
TODO: check
CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
@@ -3275,11 +3275,11 @@ CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers
CVE-2023-26489
RESERVED
CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2023-26485
RESERVED
CVE-2023-26484
@@ -3738,7 +3738,7 @@ CVE-2023-0959
CVE-2023-0958
RESERVED
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
- TODO: check
+ NOT-FOR-US: Gitpod
CVE-2023-0956
RESERVED
CVE-2023-0955
@@ -4079,7 +4079,7 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via
NOTE: https://debbugs.gnu.org/61819
NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14
CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui- ...)
- TODO: check
+ NOT-FOR-US: Barracuda
CVE-2023-26212
RESERVED
CVE-2023-26211
@@ -4283,13 +4283,13 @@ CVE-2023-26113
CVE-2023-26112
RESERVED
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
- TODO: check
+ NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110
RESERVED
CVE-2023-26109
RESERVED
CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: @nestjs/core
CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
TODO: check
CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...)
@@ -4506,9 +4506,9 @@ CVE-2023-26053 (Gradle is a build tool with a focus on build automation and supp
- gradle <not-affected> (The version of Gradle in Debian doesn't support dependency verification yet)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering personalize ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2023-26050
RESERVED
CVE-2023-26049
@@ -4516,9 +4516,9 @@ CVE-2023-26049
CVE-2023-26048
RESERVED
CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
- TODO: check
+ NOT-FOR-US: teler-waf
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
- TODO: check
+ NOT-FOR-US: teler-waf
CVE-2023-26045
RESERVED
CVE-2023-26044
@@ -4731,9 +4731,9 @@ CVE-2023-25957
CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
NOT-FOR-US: Apache Airflow AWS Provider
CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-0896
RESERVED
CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for WordP ...)
@@ -5125,7 +5125,7 @@ CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.
CVE-2023-25820
RESERVED
CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-25818
RESERVED
CVE-2023-25817
@@ -6075,7 +6075,7 @@ CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
NOT-FOR-US: Wallabag
CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-0733
RESERVED
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
@@ -6583,9 +6583,9 @@ CVE-2023-25405
CVE-2023-25404
RESERVED
CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass ...)
- TODO: check
+ NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is n ...)
- TODO: check
+ NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-25401
RESERVED
CVE-2023-25400
@@ -8140,9 +8140,9 @@ CVE-2023-0580
CVE-2023-0579
RESERVED
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ASOS
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- yugabyte-db <itp> (bug #989673)
CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...)
@@ -8497,11 +8497,11 @@ CVE-2023-24645
CVE-2023-24644
RESERVED
CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24640
RESERVED
CVE-2023-24639
@@ -9201,13 +9201,13 @@ CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which
- linux 6.1.7-1
NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...)
- TODO: check
+ NOT-FOR-US: YouTube Embedded 1.2 SDK
CVE-2023-0459
RESERVED
CVE-2023-0458
RESERVED
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
@@ -10512,11 +10512,11 @@ CVE-2023-23931 (cryptography is a package designed to expose cryptographic primi
CVE-2023-23930
RESERVED
CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...)
NOT-FOR-US: reason-jose
CVE-2023-23927 (Craft is a platform for creating digital experiences. When you insert ...)
- TODO: check
+ NOT-FOR-US: Craft
CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
NOT-FOR-US: APOC
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
@@ -12475,7 +12475,7 @@ CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a Bl
CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...)
NOT-FOR-US: Zdir
CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2023-23312
RESERVED
CVE-2023-23311
@@ -13867,11 +13867,11 @@ CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared
CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
NOT-FOR-US: Information Cards Module
CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-0117
RESERVED
CVE-2023-0116
@@ -14287,7 +14287,7 @@ CVE-2023-22740 (Discourse is an open source platform for community discussion. V
CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...)
NOT-FOR-US: Discourse
CVE-2023-22738 (vantage6 is a privacy preserving federated learning infrastructure for ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-22737 (wire-server provides back end services for Wire, a team communication ...)
NOT-FOR-US: wire-server
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -16036,7 +16036,7 @@ CVE-2022-XXXX [RUSTSEC-2022-0074]
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
NOTE: https://github.com/phsym/prettytable-rs/issues/145
CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
TODO: check
CVE-2023-22429
@@ -16046,11 +16046,11 @@ CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching fun
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
NOT-FOR-US: SHIRASAGI
CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
NOT-FOR-US: tsClinical
CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
@@ -16082,11 +16082,11 @@ CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance
CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...)
NOT-FOR-US: Screen Creator Advance
CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
NOT-FOR-US: EasyMail
CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
@@ -16848,7 +16848,7 @@ CVE-2022-41989 (Sewio’s Real-Time Location System (RTLS) Studio version 2.
CVE-2022-41696
RESERVED
CVE-2022-40633 (A malicious actor can clone access cards used to open control cabinets ...)
- TODO: check
+ NOT-FOR-US: Rittal
CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: bird-lg
CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...)
@@ -16882,7 +16882,7 @@ CVE-2020-36621 (A vulnerability, which was classified as problematic, has been f
CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...)
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381 (A code injection vulnerability was identified in GitHub Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
@@ -22056,7 +22056,7 @@ CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /adm
CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL ...)
NOT-FOR-US: Online Student Enrollment System
CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discov ...)
- TODO: check
+ NOT-FOR-US: Accruent LLC Maintenance Connection
CVE-2022-46500
RESERVED
CVE-2022-46499
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/ae09b05f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list