Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27012d59 by Moritz Muehlenhoff at 2023-03-06T17:40:26+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -422,7 +422,7 @@ CVE-2023-27643
CVE-2023-27642
RESERVED
CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in
L-Soft LISTSE ...)
- TODO: check
+ NOT-FOR-US: L-Soft
CVE-2023-27640
RESERVED
CVE-2023-27639
@@ -445,7 +445,7 @@ CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows
attackers to execute arb
- debian-goodies <unfixed> (bug #1031267)
[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before
execution)
CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository
icret/easyima ...)
- TODO: check
+ NOT-FOR-US: icret/easyimages2.0
CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center
Patient ...)
NOT-FOR-US: SourceCodester Health Center Patient Record Management
System
CVE-2023-1179 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -543,7 +543,7 @@ CVE-2015-10093 (A vulnerability was found in Mark User as
Spammer Plugin 1.0.0/1
CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to
1.1.16. It h ...)
NOT-FOR-US: Qtranslate Slug Plugin
CVE-2015-10091 (A vulnerability has been found in ByWater Solutions
bywater-koha-xslt ...)
- TODO: check
+ NOT-FOR-US: bywater-koha-xslt
CVE-2015-10090 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: WordPress plugin
CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0
and classi ...)
@@ -673,13 +673,13 @@ CVE-2023-1167
CVE-2023-1166
RESERVED
CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been
rated a ...)
- TODO: check
+ NOT-FOR-US: icplayer
CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been
declare ...)
- TODO: check
+ NOT-FOR-US: icplayer
CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70
and clas ...)
- TODO: check
+ NOT-FOR-US: NEOSDiscovery
CVE-2021-4329 (A vulnerability, which was classified as critical, has been
found in j ...)
- TODO: check
+ NOT-FOR-US: json-logic-js
CVE-2015-10088 (A vulnerability, which was classified as critical, was found
in ayttm ...)
- ayttm <removed>
NOTE:
https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
@@ -739,7 +739,7 @@ CVE-2023-27540
CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It
has been ...)
NOT-FOR-US: Zhong Bang CRMEB Java
CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation and
classified ...)
- TODO: check
+ NOT-FOR-US: KylinSoft
CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4
and class ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1162 (A vulnerability, which was classified as critical, was found in
DrayTe ...)
@@ -753,11 +753,11 @@ CVE-2023-1159
CVE-2023-1158
RESERVED
CVE-2023-1157 (A vulnerability, which was classified as problematic, was found
in fin ...)
- TODO: check
+ NOT-FOR-US: Finixbit elf-parser
CVE-2023-1156 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Health Center Patient Record Management
System
CVE-2021-4328 (A vulnerability has been found in 狮子鱼CMS
and clas ...)
- TODO: check
+ NOT-FOR-US: 狮子鱼CMS
CVE-2020-36665 (A vulnerability was found in Artesãos SEOTools up to
0.17.1 and c ...)
NOT-FOR-US: artesaos SEOTools
CVE-2020-36664 (A vulnerability has been found in Artesãos SEOTools up to
0.17.1 ...)
@@ -1140,7 +1140,7 @@ CVE-2023-1114 (Improper Input Validation, Missing
Authorization vulnerability in
CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll
System 1.0. ...)
NOT-FOR-US: SourceCodester Simple Payroll System
CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload
Contac ...)
- TODO: check
+ NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
CVE-2023-1111
RESERVED
CVE-2023-1110
@@ -3231,7 +3231,7 @@ CVE-2023-0997 (A vulnerability was found in
SourceCodester Moosikay E-Commerce S
CVE-2023-26511
RESERVED
CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can
view draft ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2023-26509
RESERVED
CVE-2023-26508
@@ -3267,7 +3267,7 @@ CVE-2023-26494
CVE-2023-26493
RESERVED
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator.
When the U ...)
TODO: check
CVE-2023-26490 (mailcow is a dockerized email package, with multiple
containers linked ...)
@@ -3275,11 +3275,11 @@ CVE-2023-26490 (mailcow is a dockerized email package,
with multiple containers
CVE-2023-26489
RESERVED
CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2023-26487 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2023-26486 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Vega
CVE-2023-26485
RESERVED
CVE-2023-26484
@@ -3738,7 +3738,7 @@ CVE-2023-0959
CVE-2023-0958
RESERVED
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to
release-2022.11.2. ...)
- TODO: check
+ NOT-FOR-US: Gitpod
CVE-2023-0956
RESERVED
CVE-2023-0955
@@ -4079,7 +4079,7 @@ CVE-2022-48337 (GNU Emacs through 28.2 allows attackers
to execute commands via
NOTE: https://debbugs.gnu.org/61819
NOTE:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14
CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before
8 webui- ...)
- TODO: check
+ NOT-FOR-US: Barracuda
CVE-2023-26212
RESERVED
CVE-2023-26211
@@ -4283,13 +4283,13 @@ CVE-2023-26113
CVE-2023-26112
RESERVED
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all
versions of ...)
- TODO: check
+ NOT-FOR-US: @nubosoftware/node-static
CVE-2023-26110
RESERVED
CVE-2023-26109
RESERVED
CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are
vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: @nestjs/core
CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to
Arbitrary Code ...)
TODO: check
CVE-2023-26106 (All versions of the package dot-lens are vulnerable to
Prototype Pollu ...)
@@ -4506,9 +4506,9 @@ CVE-2023-26053 (Gradle is a build tool with a focus on
build automation and supp
- gradle <not-affected> (The version of Gradle in Debian doesn't
support dependency verification yet)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854
CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering
personalize ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering
personalize ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2023-26050
RESERVED
CVE-2023-26049
@@ -4516,9 +4516,9 @@ CVE-2023-26049
CVE-2023-26048
RESERVED
CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS
functionalit ...)
- TODO: check
+ NOT-FOR-US: teler-waf
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS
functionalit ...)
- TODO: check
+ NOT-FOR-US: teler-waf
CVE-2023-26045
RESERVED
CVE-2023-26044
@@ -4731,9 +4731,9 @@ CVE-2023-25957
CVE-2023-25956 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
NOT-FOR-US: Apache Airflow AWS Provider
CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key
Settings of E ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and
Product ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-0896
RESERVED
CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin
for WordP ...)
@@ -5125,7 +5125,7 @@ CVE-2023-25821 (Nextcloud is an Open Source private cloud
software. Versions 24.
CVE-2023-25820
RESERVED
CVE-2023-25819 (Discourse is an open source platform for community discussion.
Tags th ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-25818
RESERVED
CVE-2023-25817
@@ -6075,7 +6075,7 @@ CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in
GitHub repository wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository
wallabag/wallab ...)
NOT-FOR-US: Wallabag
CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag
prior to ...)
- TODO: check
+ NOT-FOR-US: Wallabag
CVE-2023-0733
RESERVED
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear
Shop 1 ...)
@@ -6583,9 +6583,9 @@ CVE-2023-25405
CVE-2023-25404
RESERVED
CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to
Authentication Bypass ...)
- TODO: check
+ NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload.
There is n ...)
- TODO: check
+ NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-25401
RESERVED
CVE-2023-25400
@@ -8140,9 +8140,9 @@ CVE-2023-0580
CVE-2023-0579
RESERVED
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: ASOS
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- yugabyte-db <itp> (bug #989673)
CVE-2023-0575 (External Control of Critical State Data, Improper Control of
Generatio ...)
@@ -8497,11 +8497,11 @@ CVE-2023-24645
CVE-2023-24644
RESERVED
CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2023-24640
RESERVED
CVE-2023-24639
@@ -9201,13 +9201,13 @@ CVE-2023-0461 (There is a use-after-free vulnerability
in the Linux Kernel which
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the
YouTube Mai ...)
- TODO: check
+ NOT-FOR-US: YouTube Embedded 1.2 SDK
CVE-2023-0459
RESERVED
CVE-2023-0458
RESERVED
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi
Electric C ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize
user inpu ...)
@@ -10512,11 +10512,11 @@ CVE-2023-23931 (cryptography is a package designed to
expose cryptographic primi
CVE-2023-23930
RESERVED
CVE-2023-23929 (vantage6 is a privacy preserving federated learning
infrastructure for ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and
OCaml.`Jose.Jws.v ...)
NOT-FOR-US: reason-jose
CVE-2023-23927 (Craft is a platform for creating digital experiences. When you
insert ...)
- TODO: check
+ NOT-FOR-US: Craft
CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for
Neo4j. An ...)
NOT-FOR-US: APOC
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API
which is ...)
@@ -12475,7 +12475,7 @@ CVE-2023-23315 (The PrestaShop e-commerce platform
module stripejs contains a Bl
CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload
component of ...)
NOT-FOR-US: Zdir
CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2023-23312
RESERVED
CVE-2023-23311
@@ -13867,11 +13867,11 @@ CVE-2015-10032 (A vulnerability was found in
HealthMateWeb. It has been declared
CVE-2010-10004 (A vulnerability was found in Information Cards Module and
classified a ...)
NOT-FOR-US: Information Cards Module
CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET
3.3.8.0, al ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in
BlogEngine.NET 3. ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in
BlogEngine.NET 3. ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2023-0117
RESERVED
CVE-2023-0116
@@ -14287,7 +14287,7 @@ CVE-2023-22740 (Discourse is an open source platform
for community discussion. V
CVE-2023-22739 (Discourse is an open source platform for community discussion.
Version ...)
NOT-FOR-US: Discourse
CVE-2023-22738 (vantage6 is a privacy preserving federated learning
infrastructure for ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2023-22737 (wire-server provides back end services for Wire, a team
communication ...)
NOT-FOR-US: wire-server
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
@@ -16036,7 +16036,7 @@ CVE-2022-XXXX [RUSTSEC-2022-0074]
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
NOTE: https://github.com/phsym/prettytable-rs/issues/145
CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of
EC-CUBE 4 ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE
CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to
2.23.1. ...)
TODO: check
CVE-2023-22429
@@ -16046,11 +16046,11 @@ CVE-2023-22427 (Stored cross-site scripting
vulnerability in Theme switching fun
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function
of SHIR ...)
NOT-FOR-US: SHIRASAGI
CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming
Software ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC
Programming Soft ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC
Programming Soft ...)
- TODO: check
+ NOT-FOR-US: Kostac
CVE-2023-22377 (Improper restriction of XML external entity reference (XXE)
vulnerabil ...)
NOT-FOR-US: tsClinical
CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting
vulnera ...)
@@ -16082,11 +16082,11 @@ CVE-2023-22346 (Out-of-bound read vulnerability
exists in Screen Creator Advance
CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator
Advance 2 Ve ...)
NOT-FOR-US: Screen Creator Advance
CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1
Ver.13.0.0.40 and e ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier
and Raku ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and
earlier ...)
- TODO: check
+ NOT-FOR-US: SS1
CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and
earlier al ...)
NOT-FOR-US: EasyMail
CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0
to 4.4. ...)
@@ -16848,7 +16848,7 @@ CVE-2022-41989 (Sewio’s Real-Time Location System
(RTLS) Studio version 2.
CVE-2022-41696
RESERVED
CVE-2022-40633 (A malicious actor can clone access cards used to open control
cabinets ...)
- TODO: check
+ NOT-FOR-US: Rittal
CVE-2021-4274 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: bird-lg
CVE-2021-4273 (A vulnerability classified as problematic was found in
studygolang. Th ...)
@@ -16882,7 +16882,7 @@ CVE-2020-36621 (A vulnerability, which was classified
as problematic, has been f
CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to
4.0.0. It ...)
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381 (A code injection vulnerability was identified in GitHub
Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-22380 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System
(CHS) Ver.3 ...)
@@ -22056,7 +22056,7 @@ CVE-2022-46503 (A cross-site scripting (XSS)
vulnerability in the component /adm
CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to
contain a SQL ...)
NOT-FOR-US: Online Student Enrollment System
CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2
was discov ...)
- TODO: check
+ NOT-FOR-US: Accruent LLC Maintenance Connection
CVE-2022-46500
RESERVED
CVE-2022-46499
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27012d592856a81757382ec04a7d62fe86b35d7f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
