[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 30 May 2023 08:26:04 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4882bbe4 by Moritz Muehlenhoff at 2023-05-30T17:25:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,52 +4,52 @@ CVE-2023-2650 [openssl Possible DoS translating ASN.1 object 
identifiers]
        NOTE: 
https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
 (OpenSSL_1_1_1u)
        NOTE: 
https://github.com/openssl/openssl/commit/423a2bc737a908ad0c77bda470b2b59dc879936b
 (openssl-3.0.9)
 CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as 
received) can ...)
-       TODO: check
+       NOT-FOR-US: Moov signedxml
 CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and 
/var/tmp  ...)
        - imapsync <removed>
        NOTE: https://github.com/imapsync/imapsync/issues/399
 CVE-2023-33955 (Minio Console is the UI for MinIO Object Storage. Unicode 
RIGHT-TO-LEF ...)
-       TODO: check
+       - minio <itp> (bug #859207)
 CVE-2023-33245 (Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) 
allow arb ...)
-       TODO: check
+       NOT-FOR-US: Minecraft
 CVE-2023-33198 (tgstation-server is a production scale tool for BYOND server 
managemen ...)
-       TODO: check
+       NOT-FOR-US: tgstation-server
 CVE-2023-33193 (Emby Server is a user-installable home media server which 
stores and o ...)
-       TODO: check
+       NOT-FOR-US: Emby Server
 CVE-2023-33191 (Kyverno is a policy engine designed for Kubernetes. Kyverno 
seccomp co ...)
-       TODO: check
+       NOT-FOR-US: Kyverno
 CVE-2023-33189 (Pomerium is an identity and context-aware access proxy. With 
specially ...)
-       TODO: check
+       NOT-FOR-US: Pomerium
 CVE-2023-33186 (Zulip is an open-source team collaboration tool with unique 
topic-base ...)
-       TODO: check
+       NOT-FOR-US: Zulip
 CVE-2023-33183 (Calendar app for Nextcloud easily sync events from various 
devices wit ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud addon
 CVE-2023-33182 (Contacts app for Nextcloud easily syncs contacts from various 
devices  ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud addon
 CVE-2023-33175 (ToUI is a Python package for creating user interfaces 
(websites and de ...)
-       TODO: check
+       NOT-FOR-US: ToUI
 CVE-2023-32698 (nFPM is an alternative to fpm. The file permissions on the 
checked-in  ...)
-       TODO: check
+       NOT-FOR-US: nFPM
 CVE-2023-32692 (CodeIgniter is a PHP full-stack web framework. This 
vulnerability allo ...)
-       TODO: check
+       NOT-FOR-US: CodeIgniter
 CVE-2023-32691 (gost (GO Simple Tunnel) is a simple tunnel written in golang. 
Sensitiv ...)
-       TODO: check
+       NOT-FOR-US: GO Simple Tunnel
 CVE-2023-32687 (tgstation-server is a toolset to manage production BYOND 
servers. Star ...)
-       TODO: check
+       NOT-FOR-US: tgstation-server
 CVE-2023-32072 (Tuleap is an open source tool for end to end traceability of 
applicati ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2023-2970 (A vulnerability classified as problematic was found in 
MindSpore 2.0.0 ...)
-       TODO: check
+       NOT-FOR-US: MindSpore
 CVE-2023-2962 (A vulnerability, which was classified as critical, has been 
found in S ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when 
determini ...)
-       TODO: check
+       - mattermost-server <itp> (bug #823556)
 CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 
does not s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not 
sanitize an ...)
        NOT-FOR-US: WordPress plugin
 CVE-2014-125102 (A vulnerability classified as problematic was found in 
Bestwebsoft Rel ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-2953 [potential null pointer dereference flaw]
        [experimental] - openldap 2.6.4+dfsg-1~exp1
        - openldap <unfixed>
@@ -81,7 +81,7 @@ CVE-2023-33291 (In ebankIT 6, the public endpoints 
/public/token/Email/generate
 CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when 
a crafte ...)
        NOT-FOR-US: Yank Note (YN)
 CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted 
file is op ...)
-       TODO: check
+       NOT-FOR-US: Gin Markdown Editor
 CVE-2023-2955 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Students Online Internship Timesheet System
 CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository 
liangliangyy/ ...)
@@ -230,7 +230,7 @@ CVE-2023-33247 (Talend Data Catalog remote harvesting 
server before 8.0-20230413
 CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the 
web. Cro ...)
        NOT-FOR-US: Craft CMS
 CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The 
django_ses librar ...)
-       TODO: check
+       NOT-FOR-US: Django-SES
 CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with 
Fuel Bett ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the 
session ...)
@@ -278,7 +278,7 @@ CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 
to 4.0.5 and 3.6.0 to
        NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19062
 CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. 
Authent ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud app
 CVE-2023-2903 (A vulnerability classified as problematic has been found in 
NFine Rapi ...)
        NOT-FOR-US: NFine Rapid Development Platform
 CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 
20230511 ...)
@@ -306,7 +306,7 @@ CVE-2023-33263 (In WFTPD 3.25, usernames and password 
hashes are stored in an op
 CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd 
generation an ...)
        NOT-FOR-US: Amazon Alexa
 CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's 
`validate ...)
-       TODO: check
+       NOT-FOR-US: Saleor
 CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
        NOT-FOR-US: ZLMediaKit
 CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect 
Access Contro ...)
@@ -2607,7 +2607,7 @@ CVE-2023-31130 (c-ares is an asynchronous resolver 
library. ares_inet_net_pton()
 CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be 
triggere ...)
        NOT-FOR-US: Contiki-NG
 CVE-2023-31128 (NextCloud Cookbook is a recipe library app. Prior to commit 
a46d9855 o ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud app
 CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM 
specific ...)
        NOT-FOR-US: libspdm
 CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used 
by the op ...)
@@ -4200,7 +4200,7 @@ CVE-2023-30617
 CVE-2023-30616 (Form block is a wordpress plugin designed to make form 
creation easier ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident 
responder ...)
-       TODO: check
+       NOT-FOR-US: Iris
 CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In 
versions ...)
        NOT-FOR-US: Pay (payments engine for Ruby on Rails)
 CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users 
to uplo ...)
@@ -4235,7 +4235,7 @@ CVE-2023-30603
 CVE-2023-30602
        RESERVED
 CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user 
with JMX ...)
-       TODO: check
+       - cassandra <itp> (bug #585905)
 CVE-2023-30600
        RESERVED
 CVE-2023-30599
@@ -5172,7 +5172,7 @@ CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 
V11.10.00.2211041355 was
 CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 
was discov ...)
        NOT-FOR-US: Tenda
 CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with 
guest access ...)
-       TODO: check
+       NOT-FOR-US: FS S3900-24T4S devices
 CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code 
execution (R ...)
        NOT-FOR-US: JFinal CMS
 CVE-2023-30348
@@ -5371,7 +5371,7 @@ CVE-2023-30255
 CVE-2023-30254
        RESERVED
 CVE-2023-30253 (Dolibarr before 17.0.1 allows remote code execution by an 
authenticate ...)
-       TODO: check
+       - dolibarr <removed>
 CVE-2023-30252
        RESERVED
 CVE-2023-30251
@@ -9527,7 +9527,7 @@ CVE-2023-28787
 CVE-2023-28786
        RESERVED
 CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-28784
        RESERVED
 CVE-2023-28783



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4882bbe4b538bab135de4591f663c1a13187c91e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4882bbe4b538bab135de4591f663c1a13187c91e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to