[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 10 10:51:44 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
604def06 by Moritz Muehlenhoff at 2023-03-10T11:51:03+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2023-28006
CVE-2023-28005
RESERVED
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
- TODO: check
+ - froxlor <itp> (bug #581792)
CVE-2023-1306
RESERVED
CVE-2023-1305
@@ -49,13 +49,13 @@ CVE-2023-1305
CVE-2023-1304
RESERVED
CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-1301 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-1299
RESERVED
CVE-2023-1298
@@ -169,11 +169,11 @@ CVE-2023-1277 (A vulnerability, which was classified as critical, was found in k
CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wi ...)
NOT-FOR-US: Bitwarden
CVE-2017-20182 (A vulnerability was found in Mobile Vikings Django AJAX Utilities up t ...)
- TODO: check
+ NOT-FOR-US: Mobile Vikings Django AJAX Utilities
CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin up to 1. ...)
- TODO: check
+ NOT-FOR-US: Ad Blocking Detector Plugin
CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...)
- TODO: check
+ NOT-FOR-US: MMDeveloper
CVE-2023-27970
RESERVED
CVE-2023-27969
@@ -1601,7 +1601,7 @@ CVE-2023-27492
CVE-2023-27491
RESERVED
CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...)
- TODO: check
+ NOT-FOR-US: NextAuth.js
CVE-2023-27489
RESERVED
CVE-2023-27488
@@ -1613,9 +1613,9 @@ CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
NOT-FOR-US: thmmniii/fbs-core
CVE-2023-27484 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...)
- TODO: check
+ NOT-FOR-US: crossplane-runtime
CVE-2023-27483 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...)
- TODO: check
+ NOT-FOR-US: crossplane-runtime
CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...)
- homeassistant <itp> (bug #839786)
CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -2390,31 +2390,31 @@ CVE-2023-27216
CVE-2023-27215
RESERVED
CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...)
- TODO: check
+ NOT-FOR-US: Online Student Management System
CVE-2023-27213 (Online Student Management System v1.0 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: Online Student Management System
CVE-2023-27212 (A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of ...)
- TODO: check
+ NOT-FOR-US: Online Pizza Ordering System
CVE-2023-27211 (A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Onl ...)
- TODO: check
+ NOT-FOR-US: Online Pizza Ordering System
CVE-2023-27210 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Online Pizza Ordering System
CVE-2023-27209
RESERVED
CVE-2023-27208 (A cross-site scripting (XSS) vulnerability in /php-opos/login.php of O ...)
- TODO: check
+ NOT-FOR-US: Online Pizza Ordering System
CVE-2023-27207 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Online Pizza Ordering System
CVE-2023-27206 (A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of B ...)
- TODO: check
+ NOT-FOR-US: Best POS Management System
CVE-2023-27205 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Best POS Management System
CVE-2023-27204 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Best POS Management System
CVE-2023-27203 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Best POS Management System
CVE-2023-27202 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Best POS Management System
CVE-2023-27201
RESERVED
CVE-2023-27200
@@ -2904,7 +2904,7 @@ CVE-2023-26959
CVE-2023-26958
RESERVED
CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete ...)
- TODO: check
+ NOT-FOR-US: onekeyadmin
CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
@@ -5004,9 +5004,9 @@ CVE-2023-26112
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...)
- TODO: check
+ NOT-FOR-US: node-bluetooth
CVE-2023-26109 (All versions of the package node-bluetooth-serial-port are vulnerable ...)
- TODO: check
+ NOT-FOR-US: node-bluetooth-serial-port
CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
NOT-FOR-US: @nestjs/core
CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
@@ -5854,7 +5854,7 @@ CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.
CVE-2023-25815
RESERVED
CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...)
- TODO: check
+ NOT-FOR-US: metersphere
CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...)
NOT-FOR-US: Sequelize
CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do ...)
@@ -6839,7 +6839,7 @@ CVE-2023-25575 (API Platform Core is the server component of API Platform: hyper
CVE-2023-25574
RESERVED
CVE-2023-25573 (metersphere is an open source continuous testing platform. In affected ...)
- TODO: check
+ NOT-FOR-US: metersphere
CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...)
NOT-FOR-US: react-admin
CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...)
@@ -8333,11 +8333,11 @@ CVE-2023-0625
CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
NOT-FOR-US: OrangeScrum
CVE-2023-0623 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...)
- TODO: check
+ NOT-FOR-US: Cscape Envision RV
CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...)
- TODO: check
+ NOT-FOR-US: Cscape Envision RV
CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...)
- TODO: check
+ NOT-FOR-US: Cscape Envision RV
CVE-2023-0620
RESERVED
CVE-2023-25000
@@ -32770,7 +32770,7 @@ CVE-2023-20066
CVE-2023-20065
RESERVED
CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...)
- TODO: check
+ NOT-FOR-US: Cisco's use of GRUB
CVE-2023-20063
RESERVED
CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
@@ -32803,7 +32803,7 @@ CVE-2023-20051
CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20048
RESERVED
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
@@ -74298,7 +74298,7 @@ CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in
CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: Fortinet
CVE-2022-29056 (A improper restriction of excessive authentication attempts vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
NOT-FOR-US: FortiGuard
CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
@@ -83266,7 +83266,7 @@ CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototyp
CVE-2022-25906 (All versions of the package is-http2 are vulnerable to Command Injecti ...)
NOT-FOR-US: Node is-http2
CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype Pollutio ...)
- TODO: check
+ NOT-FOR-US: Node safe-eval
CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
NOT-FOR-US: Rust crate opcua
CVE-2022-25902
@@ -83381,7 +83381,7 @@ CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to C
CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...)
NOT-FOR-US: Tagify
CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...)
- TODO: check
+ NOT-FOR-US: Node semver-tags
CVE-2022-25852 (All versions of package pg-native; all versions of package libpq are v ...)
NOT-FOR-US: Node pgnative
CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...)
@@ -83391,9 +83391,9 @@ CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are v
CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site S ...)
NOT-FOR-US: joyqi/hyper-down
CVE-2022-25848 (This affects all versions of package static-dev-server. This is becaus ...)
- TODO: check
+ NOT-FOR-US: static-dev-server
CVE-2022-25847 (All versions of the package serve-lite are vulnerable to Cross-site Sc ...)
- TODO: check
+ NOT-FOR-US: serve-lite
CVE-2022-25846
RESERVED
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
@@ -83456,7 +83456,7 @@ CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype P
CVE-2022-25351
RESERVED
CVE-2022-25350 (All versions of the package puppet-facter are vulnerable to Command In ...)
- TODO: check
+ NOT-FOR-US: Node puppet-facter (different from src:facter)
CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...)
- materialize <unfixed> (bug #1014727)
NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498
@@ -83490,7 +83490,7 @@ CVE-2022-25232
CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
NOT-FOR-US: node-opcua/node-opcua
CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...)
- TODO: check
+ NOT-FOR-US: Node p4
CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort before 1.1. ...)
NOT-FOR-US: com.fasterxml.util:java-merge-sort
CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...)
@@ -83521,7 +83521,7 @@ CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
NOT-FOR-US: simple-git
CVE-2022-24431 (All versions of package abacus-ext-cmdline are vulnerable to Command I ...)
- TODO: check
+ NOT-FOR-US: abacus-ext-cmdline
CVE-2022-24430
RESERVED
CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
@@ -83529,7 +83529,7 @@ CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbi
CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
NOT-FOR-US: ASNeG/OpcUaStack
CVE-2022-24377 (The package cycle-import-check before 1.3.2 are vulnerable to Command ...)
- TODO: check
+ NOT-FOR-US: cycle-import-check
CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
NOT-FOR-US: Node git-promise
CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
@@ -83572,7 +83572,7 @@ CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Den
CVE-2022-21811
RESERVED
CVE-2022-21810 (All versions of the package smartctl are vulnerable to Command Injecti ...)
- TODO: check
+ NOT-FOR-US: Node smartctl
CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...)
NOT-FOR-US: node nconf
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
@@ -83624,7 +83624,7 @@ CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
NOT-FOR-US: AlexFlipnote/url_regex
CVE-2022-21192 (All versions of the package serve-lite are vulnerable to Directory Tra ...)
- TODO: check
+ NOT-FOR-US: serve-lite
CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...)
NOT-FOR-US: Node global-modules-path
CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...)
@@ -83688,9 +83688,9 @@ CVE-2022-0744
CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...)
NOT-FOR-US: Laravel Fortify
CVE-2022-25837 (Bluetooth® Pairing in Bluetooth Core Specification v1.0B through ...)
- TODO: check
+ NOT-FOR-US: Bluetooth protocol issue
CVE-2022-25836 (Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4. ...)
- TODO: check
+ NOT-FOR-US: Bluetooth protocol issue
CVE-2022-25835
RESERVED
CVE-2022-25834
@@ -91372,7 +91372,7 @@ CVE-2022-23525 (Helm is a tool for managing Charts, pre-configured Kubernetes re
CVE-2022-23524 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...)
- helm-kubernetes <itp> (bug #910799)
CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...)
- TODO: check
+ NOT-FOR-US: Rust crate linux-loader
CVE-2022-23522
RESERVED
CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...)
@@ -91450,7 +91450,7 @@ CVE-2022-23501 (TYPO3 is an open source PHP based web content management system.
CVE-2022-23500 (TYPO3 is an open source PHP based web content management system. In ve ...)
NOT-FOR-US: Typo3
CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe markup ba ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2022-23498 (Grafana is an open-source platform for monitoring and observability. W ...)
- grafana <not-affected> (Specific to Grafana Enterprise)
CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...)
@@ -91544,7 +91544,7 @@ CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to cont
CVE-2022-23466 (teler is an real-time intrusion detection and threat alert dashboard. ...)
NOT-FOR-US: teler
CVE-2022-23465 (SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24 ...)
- TODO: check
+ NOT-FOR-US: SwiftTerm
CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...)
NOT-FOR-US: Nepxion
CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...)
@@ -123940,7 +123940,7 @@ CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr pa
CVE-2021-37503
RESERVED
CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remot ...)
- TODO: check
+ NOT-FOR-US: automad
CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1 ...)
TODO: check
CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...)
@@ -124496,7 +124496,7 @@ CVE-2021-37236
CVE-2021-37235
RESERVED
CVE-2021-37234 (Incorrect Access Control vulnerability in Modern Honey Network commit ...)
- TODO: check
+ NOT-FOR-US: Modern Honey Network
CVE-2021-37233
RESERVED
CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604def06ae770af73df3bd208cf7ea323d77e9e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604def06ae770af73df3bd208cf7ea323d77e9e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/3baa97f0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list