[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 9 19:09:08 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
932653e2 by Moritz Muehlenhoff at 2023-03-09T20:06:33+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2023-27976
 CVE-2023-27975
 	RESERVED
 CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wh ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2023-27973
 	RESERVED
 CVE-2023-27972
@@ -29,7 +29,7 @@ CVE-2023-27971
 CVE-2023-1284
 	RESERVED
 CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0. ...)
-	TODO: check
+	NOT-FOR-US: qwik
 CVE-2023-1282
 	RESERVED
 CVE-2023-1281
@@ -39,11 +39,11 @@ CVE-2023-1280
 CVE-2023-1279
 	RESERVED
 CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: IBOS
 CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...)
-	TODO: check
+	NOT-FOR-US: kylin-system-updater
 CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wi ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2017-20182
 	RESERVED
 CVE-2014-125093
@@ -1461,7 +1461,7 @@ CVE-2023-27488
 CVE-2023-27487
 	RESERVED
 CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...)
-	TODO: check
+	NOT-FOR-US: xCAT
 CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
 	NOT-FOR-US: thmmniii/fbs-core
 CVE-2023-27484
@@ -1469,7 +1469,7 @@ CVE-2023-27484
 CVE-2023-27483
 	RESERVED
 CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...)
-	TODO: check
+	- homeassistant <itp> (bug #839786)
 CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -1489,7 +1489,7 @@ CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geos
 	- owslib <unfixed>
 	NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063
 CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...)
-	TODO: check
+	NOT-FOR-US: Goutil
 CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2023-27473
@@ -2826,7 +2826,7 @@ CVE-2023-26924
 CVE-2023-26923
 	RESERVED
 CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
-	TODO: check
+	NOT-FOR-US: Varisicte
 CVE-2023-26921
 	RESERVED
 CVE-2023-26920
@@ -9507,7 +9507,7 @@ CVE-2023-24535
 CVE-2023-24534
 	RESERVED
 CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorrect re ...)
-	TODO: check
+	NOT-FOR-US: filippo.io/nistec (also included in golang, but tracked as CVE-2023-24533 for it)
 CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...)
 	- golang-1.20 1.20.2-1
 	[experimental] - golang-1.19 1.19.7-1
@@ -11600,7 +11600,7 @@ CVE-2023-23762
 CVE-2023-23761
 	RESERVED
 CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23759
 	RESERVED
 CVE-2023-23758
@@ -90933,7 +90933,6 @@ CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, sc
 	- rust-crossbeam-utils-0.7 <unfixed>
 	NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
 	NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781
-	TODO: check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
 CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
 	NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
@@ -99373,7 +99372,7 @@ CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-
 CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher,  ...)
 	NOT-FOR-US: Rancher
 CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...)
-	TODO: check
+	NOT-FOR-US: SuSE
 CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability  ...)
 	- ruby-xmlhash <unfixed> (bug #1010667)
 	[bullseye] - ruby-xmlhash <no-dsa> (Minor issue)
@@ -112797,7 +112796,6 @@ CVE-2021-3838
 	- php-dompdf 2.0.2+dfsg-1
 	NOTE: https://github.com/dompdf/dompdf/issues/2564
 	NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e
-	TODO: check details, introducing version
 CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41768
@@ -124185,11 +124183,11 @@ CVE-2021-37319
 CVE-2021-37318
 	RESERVED
 CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U route ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firm ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-37314
 	RESERVED
 CVE-2021-37313
@@ -124207,11 +124205,11 @@ CVE-2021-37308
 CVE-2021-37307
 	RESERVED
 CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2021-37303
 	RESERVED
 CVE-2021-37302
@@ -125681,9 +125679,9 @@ CVE-2021-36715
 CVE-2021-36714
 	RESERVED
 CVE-2021-36713 (Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9 ...)
-	TODO: check
+	NOT-FOR-US: DataTables
 CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: yzmcms
 CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code execution beca ...)
 	NOT-FOR-US: OctoBot
 CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...)
@@ -125737,13 +125735,13 @@ CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe
 	[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
 	NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
 CVE-2021-36689 (An issue discovered in com.samourai.wallet.PinEntryActivity.java in St ...)
-	TODO: check
+	NOT-FOR-US: com.samourai.wallet.PinEntryActivity.java
 CVE-2021-36688
 	RESERVED
 CVE-2021-36687
 	RESERVED
 CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: yapi
 CVE-2021-36685
 	RESERVED
 CVE-2021-36684
@@ -125853,9 +125851,9 @@ CVE-2021-36633
 CVE-2021-36632
 	RESERVED
 CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and  ...)
-	TODO: check
+	NOT-FOR-US: Baidunetdisk
 CVE-2021-36630 (DDOS reflection amplification vulnerability in eAut module of Ruckus W ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2021-36629
 	RESERVED
 CVE-2021-36628
@@ -125909,7 +125907,7 @@ CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). Th
 CVE-2021-36604
 	RESERVED
 CVE-2021-36603 (Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote att ...)
-	TODO: check
+	NOT-FOR-US: tasmota
 CVE-2021-36602
 	RESERVED
 CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...)
@@ -125980,9 +125978,9 @@ CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1
 CVE-2021-36571
 	RESERVED
 CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...)
-	TODO: check
+	NOT-FOR-US: FUEL-CMS
 CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...)
-	TODO: check
+	NOT-FOR-US: FUEL-CMS
 CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to  ...)
 	- moodle <removed>
 CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
@@ -126028,11 +126026,11 @@ CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /ad
 CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...)
 	NOT-FOR-US: Mara CMS
 CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: KiteCMS
 CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: tpcms
 CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: tpcms
 CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...)
 	NOT-FOR-US: SeedDMS
 CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932653e26db45200b6e56900bcf1d2f423764c42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932653e26db45200b6e56900bcf1d2f423764c42
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230309/e13cce2e/attachment.htm>

More information about the debian-security-tracker-commits mailing list