[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 17 18:49:03 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aba57269 by Moritz Muehlenhoff at 2023-03-17T19:48:43+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -86,7 +86,7 @@ CVE-2023-1423
CVE-2023-1422
RESERVED
CVE-2023-1421 (A reflected cross-site scripting vulnerability in the OAuth flow compl ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2019-25135
RESERVED
CVE-2019-25134
@@ -450,9 +450,9 @@ CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privil
NOTE: posted to kernel-hardening list, and can be mitigated with Linux 6.2, see option
NOTE: CONFIG_LEGACY_TIOCSTI.
CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web ser ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-28336
RESERVED
CVE-2023-28335
@@ -517,7 +517,7 @@ CVE-2023-1390
[buster] - linux 4.19.171-1
NOTE: https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4)
CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 2023 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-1388
RESERVED
CVE-2023-1387
@@ -1263,15 +1263,15 @@ CVE-2023-28100
[bullseye] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-28097 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementation, h ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-28094
RESERVED
CVE-2023-28093
@@ -2745,17 +2745,17 @@ CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and
CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27601 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27600 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27599 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27598 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27597 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27596 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
- TODO: check
+ NOT-FOR-US: OpenSIPS
CVE-2023-27595
RESERVED
CVE-2023-27594
@@ -2767,7 +2767,7 @@ CVE-2023-27592
CVE-2023-27591
RESERVED
CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...)
TODO: check
CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or REST A ...)
@@ -4167,7 +4167,7 @@ CVE-2023-27086
CVE-2023-27085
RESERVED
CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allo ...)
- TODO: check
+ NOT-FOR-US: Dreamer CMS
CVE-2023-27083
RESERVED
CVE-2023-27082
@@ -4433,7 +4433,7 @@ CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site
CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26951 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: onekeyadmin
CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...)
@@ -4511,7 +4511,7 @@ CVE-2023-26914
CVE-2023-26913
RESERVED
CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...)
- TODO: check
+ NOT-FOR-US: S-mall-ssm
CVE-2023-26911
RESERVED
CVE-2023-26910
@@ -4767,7 +4767,7 @@ CVE-2023-26786
CVE-2023-26785
RESERVED
CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020 ...)
- TODO: check
+ NOT-FOR-US: Kirin
CVE-2023-26783
RESERVED
CVE-2023-26782
@@ -6590,7 +6590,7 @@ CVE-2023-26086
CVE-2023-26085
RESERVED
CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...)
- TODO: check
+ NOT-FOR-US: AArch64cryptolib
CVE-2023-26083
RESERVED
CVE-2023-26082
@@ -9105,9 +9105,9 @@ CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allo
CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows atta ...)
NOT-FOR-US: D-Link
CVE-2023-25281 (A stack overflow vulnerability exists in pingV4Msg component in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25280 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
NOT-FOR-US: D-Link
CVE-2023-25278
@@ -9133,7 +9133,7 @@ CVE-2023-25269
CVE-2023-25268
RESERVED
CVE-2023-25267 (An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 1 ...)
- TODO: check
+ NOT-FOR-US: Kerio Connect
CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal lead ...)
@@ -10379,8 +10379,8 @@ CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting wi
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch
NOTE: https://nethack.org/security/CVE-2023-24809.html
CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
- - ippsample <unfixed> (bug #1033104)
- TODO: check, might affect src:ippsample, will be determined via query to maintainers in #1033104
+ - ippsample <unfixed> (unimportant; bug #1033104)
+ NOTE: Crash in CLI tool, no security impact
CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...)
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
@@ -10436,7 +10436,7 @@ CVE-2023-24797
CVE-2023-24796
RESERVED
CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...)
- TODO: check
+ NOT-FOR-US: JHR-N916R
CVE-2023-24794
RESERVED
CVE-2023-24793
@@ -10506,7 +10506,7 @@ CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1
CVE-2023-24761
RESERVED
CVE-2023-24760 (An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalat ...)
- TODO: check
+ NOT-FOR-US: Ofcms
CVE-2023-24759
RESERVED
CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
@@ -11491,7 +11491,7 @@ CVE-2023-24470
CVE-2023-24469
RESERVED
CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2023-24467
RESERVED
CVE-2023-24466
@@ -13831,7 +13831,7 @@ CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Tr
CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-0322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: UNIS
CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
NOT-FOR-US: Campbell
CVE-2023-0320
@@ -15079,7 +15079,7 @@ CVE-2023-23152
CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deleti ...)
NOT-FOR-US: bloofoxCMS
CVE-2023-23150 (SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SA-WR915ND
CVE-2023-23149
RESERVED
CVE-2023-23148
@@ -16723,7 +16723,7 @@ CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is miss
CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
NOT-FOR-US: Nessus
CVE-2023-0100 (In Eclipse BIRT, starting from version 2.6.2, the default configuratio ...)
- TODO: check
+ NOT-FOR-US: Eclipse BIRT
CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape some param ...)
@@ -23965,7 +23965,7 @@ CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting al
CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffweb pr ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4313 (A vulnerability was reported where through modifying the scan variable ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...)
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
@@ -27548,7 +27548,7 @@ CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, wh
CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-4008
RESERVED
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
@@ -28575,7 +28575,7 @@ CVE-2022-45157
CVE-2022-45156
RESERVED
CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...)
- TODO: check
+ NOT-FOR-US: openSUSE Factory
CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...)
NOT-FOR-US: SuSE supportutils
CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...)
@@ -50981,7 +50981,7 @@ CVE-2022-37942 (Not used in 2022 ...)
CVE-2022-37941 (Not used in 2022 ...)
NOT-FOR-US: Unused CVE ID
CVE-2022-37940 (Potential security vulnerabilities have been identified in the HPE Fle ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
NOT-FOR-US: HPE
CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba5726959fe5def87ec6aed3404412910da75a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba5726959fe5def87ec6aed3404412910da75a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/867a7c3b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list