[Git][security-tracker-team/security-tracker][master] NFUs

Mon, 06 Mar 2023 09:13:30 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d7dcbff by Moritz Muehlenhoff at 2023-03-06T18:12:37+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -605,7 +605,7 @@ CVE-2023-27576
 CVE-2023-27575
        RESERVED
 CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with 
com.apple.security.get-task-allow en ...)
-       TODO: check
+       NOT-FOR-US: ShadowsocksX-NG
 CVE-2023-27573
        RESERVED
 CVE-2023-27572
@@ -665,7 +665,7 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
 CVE-2023-1169
        RESERVED
 CVE-2015-10089 (A vulnerability classified as problematic has been found in 
flame.js.  ...)
-       TODO: check
+       NOT-FOR-US: flame.js
 CVE-2023-1168
        RESERVED
 CVE-2023-1167
@@ -3269,7 +3269,7 @@ CVE-2023-26493
 CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
        NOT-FOR-US: Directus
 CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. 
When the U ...)
-       TODO: check
+       NOT-FOR-US: RSSHub
 CVE-2023-26490 (mailcow is a dockerized email package, with multiple 
containers linked ...)
        NOT-FOR-US: mailcow
 CVE-2023-26489
@@ -3289,7 +3289,7 @@ CVE-2023-26483 (gosaml2 is a Pure Go implementation of 
SAML 2.0. SAML Service Pr
 CVE-2023-26482
        RESERVED
 CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an 
insufficient  ...)
-       TODO: check
+       NOT-FOR-US: authentik
 CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 
12.10,  ...)
        NOT-FOR-US: XWiki
 CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 
6.0, us ...)
@@ -4291,9 +4291,9 @@ CVE-2023-26109
 CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are 
vulnerable to In ...)
        NOT-FOR-US: @nestjs/core
 CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to 
Arbitrary Code ...)
-       TODO: check
+       NOT-FOR-US: Node sketchsvg
 CVE-2023-26106 (All versions of the package dot-lens are vulnerable to 
Prototype Pollu ...)
-       TODO: check
+       NOT-FOR-US: Node dot-lens
 CVE-2023-26105 (All versions of the package utilities are vulnerable to 
Prototype Poll ...)
        NOT-FOR-US: mde JavaScript utilities
 CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to 
Denial o ...)
@@ -5117,7 +5117,7 @@ CVE-2023-25824 (Mod_gnutls is a TLS module for Apache 
HTTPD based on GnuTLS. Ver
        NOTE: 
https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8
        NOTE: 
https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec
 (mod_gnutls/0.12.1)
 CVE-2023-25823 (Gradio is an open-source Python library to build machine 
learning and  ...)
-       TODO: check
+       NOT-FOR-US: Gradio
 CVE-2023-25822
        RESERVED
 CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 
24.0.4 an ...)
@@ -20606,7 +20606,7 @@ CVE-2022-46975
 CVE-2022-46974
        RESERVED
 CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side 
Request Forger ...)
-       TODO: check
+       NOT-FOR-US: AJ-Report
 CVE-2022-46972
        RESERVED
 CVE-2022-46971
@@ -23764,7 +23764,7 @@ CVE-2022-45990 (A cross-site scripting (XSS) 
vulnerability in the component /sig
 CVE-2022-45989
        RESERVED
 CVE-2022-45988 (starsoftcomm CooCare 5.304 allows local attackers to escalate 
privileg ...)
-       TODO: check
+       NOT-FOR-US: starsoftcomm CooCare
 CVE-2022-45987
        RESERVED
 CVE-2022-45986
@@ -24694,7 +24694,7 @@ CVE-2022-45610
 CVE-2022-45609
        RESERVED
 CVE-2022-45608 (An issue was discovered in ThingsBoard 3.4.1, allows low 
privileged at ...)
-       TODO: check
+       NOT-FOR-US: ThingsBoard
 CVE-2022-45607
        RESERVED
 CVE-2022-45606
@@ -24804,11 +24804,11 @@ CVE-2022-45555
 CVE-2022-45554
        RESERVED
 CVE-2022-45553 (An issue discovered in Shenzhen Zhibotong Electronics WBT 
WE1626 Route ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Zhibotong Electronics
 CVE-2022-45552 (An Insecure Permissions vulnerability in Shenzhen Zhiboton 
Electronics ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Zhibotong Electronics
 CVE-2022-45551 (An issue discovered in Shenzhen Zhiboton Electronics ZBT 
WE1626 Router ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Zhibotong Electronics
 CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...)
        NOT-FOR-US: AyaCMS
 CVE-2022-45549
@@ -26530,7 +26530,7 @@ CVE-2022-45070
 CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in 
Crowdsignal ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado 
Pago Mercad ...)
-       TODO: check
+       NOT-FOR-US: Mercado
 CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability in DevsCred 
Exclusive  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in 
WooSwipe Wo ...)
@@ -27072,7 +27072,7 @@ CVE-2022-44877 (login/index.php in CWP (aka Control Web 
Panel or CentOS Web Pane
 CVE-2022-44876
        RESERVED
 CVE-2022-44875 (KioWare through 8.33 on Windows sets 
KioScriptingUrlACL.AclActions.All ...)
-       TODO: check
+       NOT-FOR-US: KioWare
 CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was 
discovered t ...)
        NOT-FOR-US: wasm3
 CVE-2022-44873
@@ -31958,7 +31958,7 @@ CVE-2023-20106
 CVE-2023-20105
        RESERVED
 CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco 
Webex App fo ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20103
        RESERVED
 CVE-2023-20102
@@ -31990,13 +31990,13 @@ CVE-2023-20090
 CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) 
feature fo ...)
        NOT-FOR-US: Cisco
 CVE-2023-20088 (A vulnerability in the nginx configurations that are provided 
as part  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20087
        RESERVED
 CVE-2023-20086
        RESERVED
 CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20084
        RESERVED
 CVE-2023-20083
@@ -32008,15 +32008,15 @@ CVE-2023-20081
 CVE-2023-20080
        RESERVED
 CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface 
of cert ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface 
of cert ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20077
        RESERVED
 CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting 
environment could ...)
        NOT-FOR-US: Cisco
 CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could 
allow an  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20074
        RESERVED
 CVE-2023-20073
@@ -32028,7 +32028,7 @@ CVE-2023-20071
 CVE-2023-20070
        RESERVED
 CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco 
Prime I ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20068
        RESERVED
 CVE-2023-20067
@@ -32042,9 +32042,9 @@ CVE-2023-20064
 CVE-2023-20063
        RESERVED
 CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center 
could al ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center 
could al ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20060
        RESERVED
 CVE-2023-20059
@@ -32060,7 +32060,7 @@ CVE-2023-20055
 CVE-2023-20054
        RESERVED
 CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco 
Nexus D ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV 
scanning li ...)
        {DLA-3328-1}
        - clamav 1.0.1+dfsg-1 (bug #1031509)
@@ -32145,7 +32145,7 @@ CVE-2023-20016 (A vulnerability in the backup 
configuration feature of Cisco UCS
 CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, 
Cisco Firep ...)
        NOT-FOR-US: Cisco
 CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus 
Dashboard Soft ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20013
        RESERVED
 CVE-2023-20012 (A vulnerability in the CLI console login authentication of 
Cisco Nexus ...)
@@ -32155,7 +32155,7 @@ CVE-2023-20011 (A vulnerability in the web-based 
management interface of Cisco A
 CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
        NOT-FOR-US: Cisco
 CVE-2023-20009 (A vulnerability in the Web UI and administrative CLI of the 
Cisco Secu ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS 
Softwar ...)
        NOT-FOR-US: Cisco
 CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco 
Small B ...)
@@ -41138,7 +41138,7 @@ CVE-2022-40131 (Cross-Site Request Forgery (CSRF) 
vulnerability in a3rev Softwar
 CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS 
premium p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-38468 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely 
WordPress G ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS 
premium p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io 
Image Opt ...)
@@ -42265,7 +42265,7 @@ CVE-2022-40225
 CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in 
wpForo Foru ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in 
StandaloneTech Tera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40197
        RESERVED
 CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)
@@ -44698,7 +44698,7 @@ CVE-2022-39230 (fhir-works-on-aws-authz-smart is an 
implementation of the author
 CVE-2022-39229 (Grafana is an open source data visualization platform for 
metrics, log ...)
        - grafana <removed>
 CVE-2022-39228 (vantage6 is a privacy preserving federated learning 
infrastructure for ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web 
Tokens. V ...)
        NOT-FOR-US: python-jwt (not the same as src:pyjwt)
 CVE-2022-39226 (Discourse is an open source discussion platform. In versions 
prior to  ...)
@@ -46201,7 +46201,7 @@ CVE-2022-38736
 CVE-2022-38735
        REJECTED
 CVE-2022-38734 (StorageGRID (formerly StorageGRID Webscale) versions prior to 
11.6.0.8 ...)
-       TODO: check
+       NOT-FOR-US: StorageGRID
 CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are 
susceptible to an  ...)
        NOT-FOR-US: NetApp
 CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content 
Security Poli ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7dcbff329f95758df8580bc34ccdd8f4e70e96

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7dcbff329f95758df8580bc34ccdd8f4e70e96
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to