Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79154c9f by Salvatore Bonaccorso at 2023-04-06T21:38:49+02:00
Make some some older glpi entries consistent with unimportant severity
Fundamentally this is not a real problem, as glpi is not supported in
any suite tracked by the security-tracker, it is only a comsmetic and
consistency change.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1846,13 +1846,15 @@ CVE-2023-28854 (nophp is a PHP web framework. Prior to
version 0.0.1, nophp is v
CVE-2023-28853 (Mastodon is a free, open-source social network server based on
Activit ...)
- mastodon <itp> (bug #859741)
CVE-2023-28852 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple
silverst ...)
NOT-FOR-US: Silverstripe
CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that
allows ...)
NOT-FOR-US: Pimcore Perspective Editor
CVE-2023-28849 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an
open sour ...)
NOT-FOR-US: user_oidc extension for NextCloud
CVE-2023-28847
@@ -1884,7 +1886,8 @@ CVE-2023-28840 (Moby is an open source container
framework developed by Docker I
CVE-2023-28839
RESERVED
CVE-2023-28838 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28837 (Wagtail is an open source content management system built on
Django. P ...)
NOT-FOR-US: Wagtail
CVE-2023-28836 (Wagtail is an open source content management system built on
Django. S ...)
@@ -2541,21 +2544,26 @@ CVE-2023-28641
CVE-2023-28640 (Apiman is a flexible and open source API Management platform.
Due to a ...)
NOT-FOR-US: Apiman
CVE-2023-28639 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy
compres ...)
NOT-FOR-US: Snappier
CVE-2023-28637 (DataEase is an open source data visualization analysis tool.
In Dataea ...)
NOT-FOR-US: DataEase
CVE-2023-28636 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28635
RESERVED
CVE-2023-28634 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28633 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28632 (GLPI is a free asset and IT management software package.
Starting in v ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and
renderer w ...)
NOT-FOR-US: comrak
CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD
versions fr ...)
@@ -147110,7 +147118,8 @@ CVE-2021-3487 (There's a flaw in the BFD library of
binutils in versions before
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
NOTE: binutils not covered by security support
CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its
possible to in ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24
has a buf ...)
[experimental] - aom 3.2.0-1~exp1
@@ -170984,16 +170993,20 @@ CVE-2021-21329 (RATCF is an open-source framework
for hosting Cyber-Security Cap
CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version
4.40.1, th ...)
NOT-FOR-US: Vapor
CVE-2021-21327 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw7-w2m4-rjwp
CVE-2021-21326 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh
CVE-2021-21325 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf
CVE-2021-21324 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-jvwm-gq36-3v7v
CVE-2021-21323 (Brave is an open source web browser with a focus on privacy
and securi ...)
- brave-browser <itp> (bug #864795)
@@ -171014,13 +171027,16 @@ CVE-2021-21316 (less-openui5 is an npm package
which enables building OpenUI5 th
CVE-2021-21315 (The System Information Library for Node.JS (npm package
"systeminforma ...)
NOT-FOR-US: Node systeminformation
CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire
Libre de Pa ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg
CVE-2021-21313 (GLPI is open source software which stands for Gestionnaire
Libre de Pa ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-h4hj-mrpg-xfgx
CVE-2021-21312 (GLPI is open source software which stands for Gestionnaire
Libre de Pa ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2
CVE-2021-21311 (Adminer is an open-source database management in a single PHP
file. In ...)
{DLA-2580-1}
@@ -171174,7 +171190,8 @@ CVE-2021-21260 (Online Invoicing System (OIS) is open
source software which is a
CVE-2021-21259 (HedgeDoc is open source software which lets you create
real-time colla ...)
NOT-FOR-US: HedgeDoc
CVE-2021-21258 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
NOTE:
https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
CVE-2021-21257 (Contiki-NG is an open-source, cross-platform operating system
for inte ...)
@@ -171182,7 +171199,8 @@ CVE-2021-21257 (Contiki-NG is an open-source,
cross-platform operating system fo
CVE-2021-21256
RESERVED
CVE-2021-21255 (GLPI is an open-source asset and IT management software
package that p ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j
NOTE:
https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc
CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a
modular ...)
@@ -186206,9 +186224,11 @@ CVE-2020-27665 (In Strapi before 3.2.5, there is no
admin::hasPermissions restri
CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in
Strapi befo ...)
NOT-FOR-US: Strapi
CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an
Insecure Direct ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct
Object ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-27661 (A divide-by-zero issue was found in dwc2_handle_packet in
hw/usb/hcd-d ...)
- qemu 1:5.2+dfsg-1 (bug #972864)
[buster] - qemu <not-affected> (Vulnerable code not present)
@@ -189582,7 +189602,8 @@ CVE-2020-26214 (In Alerta before version 8.1.0, users
may be able to bypass LDAP
CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a
Docker contai ...)
NOT-FOR-US: Alerta
CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it
is a Fr ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to
edit a ...)
NOT-FOR-US: BookStack app
CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to
edit a ...)
@@ -214338,7 +214359,8 @@ CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13,
2.2.10, 2.3.14, 2.4.16, 3.
- php-nette <removed>
NOTE:
https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the
API's se ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15225 (django-filter is a generic system for filtering Django
QuerySets based ...)
- django-filter 2.4.0-1
[buster] - django-filter <no-dsa> (Minor issue)
@@ -214360,7 +214382,8 @@ CVE-2020-15219 (Combodo iTop is a web based IT
Service Management tool. In iTop
CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In
iTop before ...)
NOT-FOR-US: Combodo iTop
CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user
information t ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go)
before ve ...)
- golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615)
[buster] - golang-github-russellhaering-goxmldsig <postponed> (Limited
support, minor issue, no build rdeps)
@@ -214451,11 +214474,14 @@ CVE-2020-15179 (The ScratchSig extension for
MediaWiki before version 1.0.1 allo
CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform)
before versi ...)
NOT-FOR-US: PrestaShop
CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php`
endpoint insec ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in
input that ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15175 (In GLPI before version 9.5.2, the
`​pluginimage.send.php​` ...)
- - glpi <removed>
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or
8.5.1 the ...)
- electron <itp> (bug #842420)
CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP),
there is a b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79154c9f0a69b2e400504b08866b39d722c0fb88
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79154c9f0a69b2e400504b08866b39d722c0fb88
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
