Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
932653e2 by Moritz Muehlenhoff at 2023-03-09T20:06:33+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2023-27976
CVE-2023-27975
RESERVED
CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password
auto-fill wh ...)
- TODO: check
+ NOT-FOR-US: Bitwarden
CVE-2023-27973
RESERVED
CVE-2023-27972
@@ -29,7 +29,7 @@ CVE-2023-27971
CVE-2023-1284
RESERVED
CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to
0.21.0. ...)
- TODO: check
+ NOT-FOR-US: qwik
CVE-2023-1282
RESERVED
CVE-2023-1281
@@ -39,11 +39,11 @@ CVE-2023-1280
CVE-2023-1279
RESERVED
CVE-2023-1278 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: IBOS
CVE-2023-1277 (A vulnerability, which was classified as critical, was found in
kylin- ...)
- TODO: check
+ NOT-FOR-US: kylin-system-updater
CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password
auto-fill wi ...)
- TODO: check
+ NOT-FOR-US: Bitwarden
CVE-2017-20182
RESERVED
CVE-2014-125093
@@ -1461,7 +1461,7 @@ CVE-2023-27488
CVE-2023-27487
RESERVED
CVE-2023-27486 (xCAT is a toolkit for deployment and administration of
computer cluste ...)
- TODO: check
+ NOT-FOR-US: xCAT
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for
students. In v ...)
NOT-FOR-US: thmmniii/fbs-core
CVE-2023-27484
@@ -1469,7 +1469,7 @@ CVE-2023-27484
CVE-2023-27483
RESERVED
CVE-2023-27482 (homeassistant is an open source home automation tool. A
remotely explo ...)
- TODO: check
+ - homeassistant <itp> (bug #839786)
CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -1489,7 +1489,7 @@ CVE-2023-27476 (OWSLib is a Python package for client
programming with Open Geos
- owslib <unfixed>
NOTE:
https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063
CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the
go langu ...)
- TODO: check
+ NOT-FOR-US: Goutil
CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
CVE-2023-27473
@@ -2826,7 +2826,7 @@ CVE-2023-26924
CVE-2023-26923
RESERVED
CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2
allows a ...)
- TODO: check
+ NOT-FOR-US: Varisicte
CVE-2023-26921
RESERVED
CVE-2023-26920
@@ -9507,7 +9507,7 @@ CVE-2023-24535
CVE-2023-24534
RESERVED
CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce
incorrect re ...)
- TODO: check
+ NOT-FOR-US: filippo.io/nistec (also included in golang, but tracked as
CVE-2023-24533 for it)
CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve
may return ...)
- golang-1.20 1.20.2-1
[experimental] - golang-1.19 1.19.7-1
@@ -11600,7 +11600,7 @@ CVE-2023-23762
CVE-2023-23761
RESERVED
CVE-2023-23760 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23759
RESERVED
CVE-2023-23758
@@ -90933,7 +90933,6 @@ CVE-2022-23639 (crossbeam-utils provides atomics,
synchronization primitives, sc
- rust-crossbeam-utils-0.7 <unfixed>
NOTE:
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781
- TODO: check, crossbeam-utils are vendored in various other sources, in
particular rustc to be checked
CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A
cross-site scri ...)
NOT-FOR-US: darylldoyle svg-sanitizer
CVE-2022-23637 (K-Box is a web-based application to manage documents, images,
videos a ...)
@@ -99373,7 +99372,7 @@ CVE-2022-21952 (An Uncontrolled Resource Consumption
vulnerability in spacewalk-
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE
Rancher, ...)
NOT-FOR-US: Rancher
CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service
of cana ...)
- TODO: check
+ NOT-FOR-US: SuSE
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference
vulnerability ...)
- ruby-xmlhash <unfixed> (bug #1010667)
[bullseye] - ruby-xmlhash <no-dsa> (Minor issue)
@@ -112797,7 +112796,6 @@ CVE-2021-3838
- php-dompdf 2.0.2+dfsg-1
NOTE: https://github.com/dompdf/dompdf/issues/2564
NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e
- TODO: check details, introducing version
CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85
devices (CPU v ...)
NOT-FOR-US: Siemens
CVE-2021-41768
@@ -124185,11 +124183,11 @@ CVE-2021-37319
CVE-2021-37318
RESERVED
CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS
RT-AC68U route ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U
router firm ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS
RT-AC68 ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-37314
RESERVED
CVE-2021-37313
@@ -124207,11 +124205,11 @@ CVE-2021-37308
CVE-2021-37307
RESERVED
CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier
allows r ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier
allows r ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2021-37303
RESERVED
CVE-2021-37302
@@ -125681,9 +125679,9 @@ CVE-2021-36715
CVE-2021-36714
RESERVED
CVE-2021-36713 (Cross Site Scripting (XSS) vulnerability in the DataTables
plug-in 1.9 ...)
- TODO: check
+ NOT-FOR-US: DataTables
CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: yzmcms
CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code
execution beca ...)
NOT-FOR-US: OctoBot
CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the
kernel. ...)
@@ -125737,13 +125735,13 @@ CVE-2021-36690 (** DISPUTED ** A segmentation fault
can occur in the sqlite3.exe
[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
CVE-2021-36689 (An issue discovered in
com.samourai.wallet.PinEntryActivity.java in St ...)
- TODO: check
+ NOT-FOR-US: com.samourai.wallet.PinEntryActivity.java
CVE-2021-36688
RESERVED
CVE-2021-36687
RESERVED
CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: yapi
CVE-2021-36685
RESERVED
CVE-2021-36684
@@ -125853,9 +125851,9 @@ CVE-2021-36633
CVE-2021-36632
RESERVED
CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version
7.4.3 and ...)
- TODO: check
+ NOT-FOR-US: Baidunetdisk
CVE-2021-36630 (DDOS reflection amplification vulnerability in eAut module of
Ruckus W ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2021-36629
RESERVED
CVE-2021-36628
@@ -125909,7 +125907,7 @@ CVE-2021-36605 (engineercms 1.03 is vulnerable to
Cross Site Scripting (XSS). Th
CVE-2021-36604
RESERVED
CVE-2021-36603 (Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows
remote att ...)
- TODO: check
+ NOT-FOR-US: tasmota
CVE-2021-36602
RESERVED
CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS)
vulnerabilit ...)
@@ -125980,9 +125978,9 @@ CVE-2021-36572 (Cross Site Scripting (XSS)
vulnerability in Feehi CMS thru 2.1.1
CVE-2021-36571
RESERVED
CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13
allows rem ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13
allows rem ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2021-36568 (In certain Moodle products after creating a course, it is
possible to ...)
- moodle <removed>
CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization
vulnerabil ...)
@@ -126028,11 +126026,11 @@ CVE-2021-36548 (A remote code execution (RCE)
vulnerability in the component /ad
CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component
/codebase ...)
NOT-FOR-US: Mara CMS
CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1
allows remote ...)
- TODO: check
+ NOT-FOR-US: KiteCMS
CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows
remote at ...)
- TODO: check
+ NOT-FOR-US: tpcms
CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows
remote a ...)
- TODO: check
+ NOT-FOR-US: tpcms
CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.UnlockDo ...)
NOT-FOR-US: SeedDMS
CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the
/op/op.LockDocu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932653e26db45200b6e56900bcf1d2f423764c42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932653e26db45200b6e56900bcf1d2f423764c42
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
