Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3991c3f5 by Moritz Muehlenhoff at 2023-04-19T12:13:28+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -169,7 +169,7 @@ CVE-2023-2162
CVE-2023-2161
RESERVED
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa
prior ...)
- TODO: check
+ NOT-FOR-US: modoboa
CVE-2023-2159
RESERVED
CVE-2023-2158
@@ -235,7 +235,7 @@ CVE-2023-30794
CVE-2023-30793
RESERVED
CVE-2023-2138 (Use of Hard-coded Credentials in GitHub repository
nuxtlabs/github-mod ...)
- TODO: check
+ NOT-FOR-US: nuxtlabs/github-module
CVE-2023-2137 (Heap buffer overflow in sqlite in Google Chrome prior to
112.0.5615.13 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1096,7 +1096,7 @@ CVE-2023-30550
CVE-2023-30549
RESERVED
CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which
exposes ...)
- TODO: check
+ NOT-FOR-US: gatsby-plugin-sharp
CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
NOT-FOR-US: Node vm2
CVE-2023-30546
@@ -1106,13 +1106,13 @@ CVE-2023-30545
CVE-2023-30544
RESERVED
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In
affected ve ...)
- TODO: check
+ NOT-FOR-US: @web3-react
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2023-30541 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2023-30540 (Nextcloud Talk is a chat, video & audio call extension for
Nextclo ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Talk
CVE-2023-30539 (Nextcloud is a personal home server system. Depending on the
set up ta ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-30538 (Discourse is an open source platform for community discussion.
Due to ...)
@@ -2565,7 +2565,7 @@ CVE-2023-29889
CVE-2023-29888
RESERVED
CVE-2023-29887 (A Local File inclusion vulnerability in test.php in
spreadsheet-reader ...)
- TODO: check
+ NOT-FOR-US: spreadsheet-reader
CVE-2023-29886
RESERVED
CVE-2023-29885
@@ -3794,13 +3794,13 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a
in bzip3 before 1.3.0. A d
CVE-2023-29414
RESERVED
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-29409
RESERVED
CVE-2023-29408
@@ -4498,7 +4498,7 @@ CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message
library implementation i
NOTE:
https://github.com/Nyholm/psr7/security/advisories/GHSA-wjfc-pgfp-pv9c
NOTE:
https://github.com/Nyholm/psr7/commit/1029a2671cbdd3e075a21952082c2be7c8018426
(1.6.1)
CVE-2023-29196 (Discourse is an open source platform for community discussion.
This vu ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-29195
RESERVED
CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling
of MySQL ...)
@@ -5080,11 +5080,11 @@ CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0
lack rate limiting which
- flask-appbuilder <unfixed>
NOTE:
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
CVE-2023-29004 (hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx,
Apache ...)
- TODO: check
+ NOT-FOR-US: hap-wi/roxy-wi
CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit
framework offe ...)
NOT-FOR-US: SvelteKit
CVE-2023-29002 (Cilium is a networking, observability, and security solution
with an e ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2023-29001
RESERVED
CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files
from Nextc ...)
@@ -5171,9 +5171,9 @@ CVE-2023-28965 (An Improper Check or Handling of
Exceptional Conditions within t
CVE-2023-28964 (An Improper Handling of Length Parameter Inconsistency
vulnerability i ...)
NOT-FOR-US: Juniper
CVE-2023-28963 (An Improper Authentication vulnerability in cert-mgmt.php,
used by the ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-28962 (An Improper Authentication vulnerability in upload-file.php,
used by t ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2023-28961 (An Improper Handling of Unexpected Data Type vulnerability in
IPv6 fir ...)
NOT-FOR-US: Juniper
CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
@@ -5566,7 +5566,7 @@ CVE-2023-28865
CVE-2023-28864
RESERVED
CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient
Verification of ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak
session I ...)
- lemonldap-ng 2.16.1+ds-1
[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
@@ -5689,7 +5689,7 @@ CVE-2023-28840 (Moby is an open source container
framework developed by Docker I
NOTE: https://github.com/moby/moby/issues/43382
NOTE: https://github.com/moby/moby/pull/45118
CVE-2023-28839 (Shoppingfeed PrestaShop is an add-on to the PrestaShop
ecommerce platf ...)
- TODO: check
+ NOT-FOR-US: PrestaShop addon
CVE-2023-28838 (GLPI is a free asset and IT management software package.
Starting in v ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
@@ -6198,7 +6198,7 @@ CVE-2023-1550 (Insertion of Sensitive Information into
log file vulnerability in
CVE-2023-1549
RESERVED
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-1547
RESERVED
CVE-2023-1546
@@ -7065,7 +7065,7 @@ CVE-2023-28442 (GeoNode is an open source platform that
facilitates the creation
CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and
prior, a ...)
NOT-FOR-US: smartCARS
CVE-2023-28440 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor <unfixed> (bug #1034481)
- ckeditor3 <unfixed>
@@ -8151,13 +8151,13 @@ CVE-2023-1349 (A vulnerability, which was classified as
problematic, has been fo
CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has
been decl ...)
NOT-FOR-US: ICEPAY REST-API-NET
CVE-2023-28143 (Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)
installer ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2023-28142 (A Race Condition exists in the Qualys Cloud Agent for Windows
platform ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2023-28141 (An NTFS Junction condition exists in the Qualys Cloud Agent
for Window ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2023-28140 (An Executable Hijacking condition exists in the Qualys Cloud
Agent for ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2023-28139
RESERVED
CVE-2023-28138
@@ -8549,9 +8549,9 @@ CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0
allow a job submitter
CVE-2023-1298
RESERVED
CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability
exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-28002
RESERVED
CVE-2023-28001
@@ -8632,7 +8632,7 @@ CVE-2023-27978 (A CWE-502: Deserialization of Untrusted
Data vulnerability exist
CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity
vulnerabilit ...)
NOT-FOR-US: Schneider Electric
CVE-2023-27976 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-27975
RESERVED
CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password
auto-fill wh ...)
@@ -8806,17 +8806,17 @@ CVE-2023-27913 (A maliciously crafted X_B file when
parsed through Autodesk®
CVE-2023-27912 (A maliciously crafted X_B file when parsed through
Autodesk® Auto ...)
NOT-FOR-US: Autodesk
CVE-2023-27911 (A user may be tricked into opening a malicious FBX file that
may explo ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that
may explo ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk®
FBX® SDK v ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27908
RESERVED
CVE-2023-27907 (A malicious actor may convince a victim to open a malicious
USD file t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27906 (A malicious actor may convince a victim to open a malicious
USD file t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2023-27884
RESERVED
CVE-2023-27879
@@ -9411,7 +9411,7 @@ CVE-2023-27757 (An arbitrary file upload vulnerability in
the /admin/user/upload
CVE-2023-27756
RESERVED
CVE-2023-27755 (go-bbs v1 was discovered to contain an arbitrary file download
vulnera ...)
- TODO: check
+ NOT-FOR-US: go-bbs
CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is
stack-overflow ca ...)
NOT-FOR-US: vox2mesh
CVE-2023-27753
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3991c3f5f9a536d7dec33d257a396fa09c270457
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3991c3f5f9a536d7dec33d257a396fa09c270457
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
