Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79dd0a72 by Salvatore Bonaccorso at 2023-03-21T21:49:06+01:00
Add CVE-2023-1545/teampass
- - - - -
9cd30a49 by Salvatore Bonaccorso at 2023-03-21T21:51:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2023-1547
CVE-2023-1546
RESERVED
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass
prior to 3 ...)
- TODO: check
+ - teampass <itp> (bug #730180)
CVE-2023-1544
RESERVED
CVE-2023-28686
@@ -166,7 +166,7 @@ CVE-2023-1529
CVE-2023-1528
RESERVED
CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository
tsolucio/cor ...)
- TODO: check
+ NOT-FOR-US: Corebos
CVE-2023-1526
RESERVED
CVE-2023-1525
@@ -294,7 +294,7 @@ CVE-2019-25136
CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0
and classi ...)
TODO: check
CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0
and class ...)
- TODO: check
+ NOT-FOR-US: Ydalb mapicoin
CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It
has been c ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1501 (A vulnerability, which was classified as critical, was found in
RockOA ...)
@@ -656,7 +656,7 @@ CVE-2023-1464 (A vulnerability, which was classified as
critical, was found in S
CVE-2023-1463 (Improper Authorization in GitHub repository
nilsteampassnet/teampass p ...)
- teampass <itp> (bug #730180)
CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability
in Vadi ...)
- TODO: check
+ NOT-FOR-US: Vadi Corporate Information Systems DigiKent
CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management
System ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza
Ordering Syst ...)
@@ -2246,7 +2246,7 @@ CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in
GitHub repository osticket
CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository
osticket/o ...)
NOT-FOR-US: osTicket
CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer
(<= ...)
- TODO: check
+ NOT-FOR-US: cloudflared's installer
CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub
repository c ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
@@ -2392,21 +2392,21 @@ CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
CVE-2023-1285
RESERVED
CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in
Custom Rep ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2023-27976
RESERVED
CVE-2023-27975
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b6aac201218726e88b4e1ee6eb77f6565c2d31c...9cd30a49dd01dea5c6087055ce7d2af635ab19ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
