[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-1545/teampass

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 21 20:51:35 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79dd0a72 by Salvatore Bonaccorso at 2023-03-21T21:49:06+01:00
Add CVE-2023-1545/teampass

- - - - -
9cd30a49 by Salvatore Bonaccorso at 2023-03-21T21:51:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2023-1547
 CVE-2023-1546
 	RESERVED
 CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
-	TODO: check
+	- teampass <itp> (bug #730180)
 CVE-2023-1544
 	RESERVED
 CVE-2023-28686
@@ -166,7 +166,7 @@ CVE-2023-1529
 CVE-2023-1528
 	RESERVED
 CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
-	TODO: check
+	NOT-FOR-US: Corebos
 CVE-2023-1526
 	RESERVED
 CVE-2023-1525
@@ -294,7 +294,7 @@ CVE-2019-25136
 CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classi ...)
 	TODO: check
 CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...)
-	TODO: check
+	NOT-FOR-US: Ydalb mapicoin
 CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
@@ -656,7 +656,7 @@ CVE-2023-1464 (A vulnerability, which was classified as critical, was found in S
 CVE-2023-1463 (Improper Authorization in GitHub repository nilsteampassnet/teampass p ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability in Vadi ...)
-	TODO: check
+	NOT-FOR-US: Vadi Corporate Information Systems DigiKent
 CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System  ...)
 	NOT-FOR-US: SourceCodester Canteen Management System
 CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
@@ -2246,7 +2246,7 @@ CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket
 CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
 	NOT-FOR-US: osTicket
 CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<=  ...)
-	TODO: check
+	NOT-FOR-US: cloudflared's installer
 CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
@@ -2392,21 +2392,21 @@ CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 CVE-2023-1285
 	RESERVED
 CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-27976
 	RESERVED
 CVE-2023-27975



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/d8ce47dc/attachment.htm>


More information about the debian-security-tracker-commits mailing list