[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Mar 13 09:23:16 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc29fbf9 by Moritz Muehlenhoff at 2023-03-13T10:22:55+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,9 +11,9 @@ CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access
CVE-2023-1363 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1362 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- TODO: check
+ NOT-FOR-US: Bumsys
CVE-2023-1361 (SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. ...)
- TODO: check
+ NOT-FOR-US: Bumsys
CVE-2022-48392
RESERVED
CVE-2022-48391
@@ -127,7 +127,7 @@ CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critic
CVE-2023-1349 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Hsycms
CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been decl ...)
- TODO: check
+ NOT-FOR-US: ICEPAY REST-API-NET
CVE-2023-28143
RESERVED
CVE-2023-28142
@@ -435,7 +435,7 @@ CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository ostic
CVE-2023-1314
RESERVED
CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2023-1311 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -2939,13 +2939,13 @@ CVE-2023-27166
CVE-2023-27165
RESERVED
CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2023-27163
RESERVED
CVE-2023-27162
RESERVED
CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: Jellyfin
CVE-2023-27160
RESERVED
CVE-2023-27159
@@ -8808,7 +8808,7 @@ CVE-2023-0620
CVE-2023-25000
RESERVED
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth method allow ...)
- TODO: check
+ NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
- libcommons-fileupload-java 1.4-2 (bug #1031733)
[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
@@ -11780,7 +11780,7 @@ CVE-2023-23913
CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
NOT-FOR-US: EdgeRouters
CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...)
- TODO: check
+ NOT-FOR-US: open.rocket.chat
CVE-2023-23900
RESERVED
CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...)
@@ -16852,7 +16852,7 @@ CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allo
CVE-2022-48112
RESERVED
CVE-2022-48111 (A cross-site scripting (XSS) vulnerability in the check_login function ...)
- TODO: check
+ NOT-FOR-US: SIPE
CVE-2022-48110 (** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a ...)
NOT-FOR-US: Disputed ckeditor issue
CVE-2022-48109
@@ -107676,7 +107676,7 @@ CVE-2022-20931
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...)
NOT-FOR-US: Cisco
CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...)
@@ -134485,7 +134485,7 @@ CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.
NOTE: https://github.com/gpac/gpac/issues/1782
NOTE: Negligible security impact
CVE-2021-33360 (An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers ...)
- TODO: check
+ NOT-FOR-US: Node gnuplot
CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...)
NOT-FOR-US: gowitness
CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...)
@@ -149251,7 +149251,7 @@ CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric
CVE-2021-27789 (The Web application of Brocade Fabric OS before versions Brocade Fabri ...)
NOT-FOR-US: Brocade Fabric OS
CVE-2021-27788 (HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27787
RESERVED
CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform cross ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc29fbf953043f3988396be508ac4f6dda551d57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc29fbf953043f3988396be508ac4f6dda551d57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/c4b3a2e6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list