[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 13 09:23:16 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc29fbf9 by Moritz Muehlenhoff at 2023-03-13T10:22:55+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access
 CVE-2023-1363 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
 CVE-2023-1362 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
-	TODO: check
+	NOT-FOR-US: Bumsys
 CVE-2023-1361 (SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. ...)
-	TODO: check
+	NOT-FOR-US: Bumsys
 CVE-2022-48392
 	RESERVED
 CVE-2022-48391
@@ -127,7 +127,7 @@ CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critic
 CVE-2023-1349 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Hsycms
 CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: ICEPAY REST-API-NET
 CVE-2023-28143
 	RESERVED
 CVE-2023-28142
@@ -435,7 +435,7 @@ CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository ostic
 CVE-2023-1314
 	RESERVED
 CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
-	TODO: check
+	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
 	NOT-FOR-US: pimcore
 CVE-2023-1311 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -2939,13 +2939,13 @@ CVE-2023-27166
 CVE-2023-27165
 	RESERVED
 CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2023-27163
 	RESERVED
 CVE-2023-27162
 	RESERVED
 CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)
-	TODO: check
+	NOT-FOR-US: Jellyfin
 CVE-2023-27160
 	RESERVED
 CVE-2023-27159
@@ -8808,7 +8808,7 @@ CVE-2023-0620
 CVE-2023-25000
 	RESERVED
 CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth method allow ...)
-	TODO: check
+	NOT-FOR-US: Vault
 CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
 	- libcommons-fileupload-java 1.4-2 (bug #1031733)
 	[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
@@ -11780,7 +11780,7 @@ CVE-2023-23913
 CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
 	NOT-FOR-US: EdgeRouters
 CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...)
-	TODO: check
+	NOT-FOR-US: open.rocket.chat
 CVE-2023-23900
 	RESERVED
 CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...)
@@ -16852,7 +16852,7 @@ CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allo
 CVE-2022-48112
 	RESERVED
 CVE-2022-48111 (A cross-site scripting (XSS) vulnerability in the check_login function ...)
-	TODO: check
+	NOT-FOR-US: SIPE
 CVE-2022-48110 (** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a  ...)
 	NOT-FOR-US: Disputed ckeditor issue
 CVE-2022-48109
@@ -107676,7 +107676,7 @@ CVE-2022-20931
 CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...)
@@ -134485,7 +134485,7 @@ CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.
 	NOTE: https://github.com/gpac/gpac/issues/1782
 	NOTE: Negligible security impact
 CVE-2021-33360 (An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Node gnuplot
 CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...)
 	NOT-FOR-US: gowitness
 CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...)
@@ -149251,7 +149251,7 @@ CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric
 CVE-2021-27789 (The Web application of Brocade Fabric OS before versions Brocade Fabri ...)
 	NOT-FOR-US: Brocade Fabric OS
 CVE-2021-27788 (HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27787
 	RESERVED
 CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform cross ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc29fbf953043f3988396be508ac4f6dda551d57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc29fbf953043f3988396be508ac4f6dda551d57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/c4b3a2e6/attachment.htm>


More information about the debian-security-tracker-commits mailing list