[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-1545/teampass
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 21 20:51:35 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79dd0a72 by Salvatore Bonaccorso at 2023-03-21T21:49:06+01:00
Add CVE-2023-1545/teampass
- - - - -
9cd30a49 by Salvatore Bonaccorso at 2023-03-21T21:51:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2023-1547
CVE-2023-1546
RESERVED
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
- TODO: check
+ - teampass <itp> (bug #730180)
CVE-2023-1544
RESERVED
CVE-2023-28686
@@ -166,7 +166,7 @@ CVE-2023-1529
CVE-2023-1528
RESERVED
CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
- TODO: check
+ NOT-FOR-US: Corebos
CVE-2023-1526
RESERVED
CVE-2023-1525
@@ -294,7 +294,7 @@ CVE-2019-25136
CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classi ...)
TODO: check
CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...)
- TODO: check
+ NOT-FOR-US: Ydalb mapicoin
CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
@@ -656,7 +656,7 @@ CVE-2023-1464 (A vulnerability, which was classified as critical, was found in S
CVE-2023-1463 (Improper Authorization in GitHub repository nilsteampassnet/teampass p ...)
- teampass <itp> (bug #730180)
CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability in Vadi ...)
- TODO: check
+ NOT-FOR-US: Vadi Corporate Information Systems DigiKent
CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
@@ -2246,7 +2246,7 @@ CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket
CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
NOT-FOR-US: osTicket
CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<= ...)
- TODO: check
+ NOT-FOR-US: cloudflared's installer
CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
@@ -2392,21 +2392,21 @@ CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2023-1285
RESERVED
CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27976
RESERVED
CVE-2023-27975
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/d8ce47dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list