Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
163906db by Moritz Muehlenhoff at 2023-01-16T16:25:58+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2031,7 +2031,7 @@ CVE-2023-0124
CVE-2023-0123
RESERVED
CVE-2022-48251 (** DISPUTED ** The AES instructions on the ARMv8 platform do
not have ...)
- TODO: check
+ NOT-FOR-US: ARM hardware design issue
CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4
allows ...)
NOT-FOR-US: Phoenix.HTML
CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated
with the in ...)
@@ -2110,7 +2110,7 @@ CVE-2023-0119
CVE-2023-0118
RESERVED
CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32
and < ...)
- TODO: check
+ - check-mk <removed>
CVE-2022-4883
RESERVED
CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has
been r ...)
@@ -2292,7 +2292,7 @@ CVE-2015-10022 (A vulnerability was found in IISH nlgis2.
It has been declared a
CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been
classified ...)
NOT-FOR-US: ritterim
CVE-2015-10020 (A vulnerability has been found in ssn2013 cis450Project and
classified ...)
- TODO: check
+ NOT-FOR-US: cis450Project
CVE-2015-10019 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: MySimplifiedSQL
CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified
as critic ...)
@@ -3075,7 +3075,7 @@ CVE-2022-4873 (On Netcomm router models NF20MESH, NF20,
and NL1902 a stack based
CVE-2022-4872
RESERVED
CVE-2022-48217 (** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot
Operatin ...)
- TODO: check
+ NOT-FOR-US: ROS tf_remapper_node
CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy.
This woul ...)
NOT-FOR-US: Uniswap Universal Router
CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X and
classifi ...)
@@ -3525,11 +3525,11 @@ CVE-2023-22497 (Netdata is an open source option for
real-time infrastructure mo
CVE-2023-22496 (Netdata is an open source option for real-time infrastructure
monitori ...)
TODO: check
CVE-2023-22495 (Izanami is a shared configuration service well-suited for
micro-servic ...)
- TODO: check
+ NOT-FOR-US: Izanami
CVE-2023-22494
REJECTED
CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: RSSHub
CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens
is an OA ...)
NOT-FOR-US: ZITADEL
CVE-2023-22491 (Gatsby is a free and open source framework based on React that
helps d ...)
@@ -3555,11 +3555,11 @@ CVE-2023-22482
CVE-2023-22481
RESERVED
CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused
on help ...)
- TODO: check
+ NOT-FOR-US: KubeOperator
CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack
allows ...)
NOT-FOR-US: KubePi
CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with
unauthori ...)
- TODO: check
+ NOT-FOR-US: KubePi
CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of
Mercurius unt ...)
NOT-FOR-US: Mercurius
CVE-2023-22476
@@ -3673,9 +3673,9 @@ CVE-2023-22473 (Talk-Android enables users to have video
& audio calls throu
CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal
planning an ...)
NOT-FOR-US: Deck
CVE-2023-22471 (Deck is a kanban style organization tool aimed at personal
planning an ...)
- TODO: check
+ NOT-FOR-US: Deck
CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at
personal p ...)
- TODO: check
+ NOT-FOR-US: Deck
CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal
planning an ...)
NOT-FOR-US: Deck
CVE-2023-22468
@@ -3694,7 +3694,7 @@ CVE-2023-22463 (KubePi is a k8s panel. The jwt
authentication function of KubePi
CVE-2023-22462
RESERVED
CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent
cross-sit ...)
- TODO: check
+ NOT-FOR-US: sanitize-svg
CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary
Linked Data ( ...)
NOT-FOR-US: go-ipld-prime
CVE-2023-22458
@@ -7850,7 +7850,7 @@ CVE-2022-47373
CVE-2022-47372
RESERVED
CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP
client for ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Warp
CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified
as prob ...)
NOT-FOR-US: falling-fruit
CVE-2022-4455 (A vulnerability, which was classified as problematic, was found
in spr ...)
@@ -8790,27 +8790,27 @@ CVE-2022-46958
CVE-2022-46957
RESERVED
CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46954 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46953 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46952 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46951 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46950 (Dynamic Transaction Queuing System v1.0 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-46949 (Helmet Store Showroom Site v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46948
RESERVED
CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46945
RESERVED
CVE-2022-46944
@@ -8888,7 +8888,7 @@ CVE-2022-46909
CVE-2022-4429 (Avira Security for Windows contains an unquoted service path
which all ...)
NOT-FOR-US: Avira Security for Windows
CVE-2022-4428 (support_uri parameter in the WARP client local settings file
(mdm.xml) ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Warp
CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS
AG ((OTR ...)
- znuny 6.4.5-1
- otrs2 <removed>
@@ -9947,9 +9947,9 @@ CVE-2022-46625
CVE-2022-46624
RESERVED
CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a
SQL injec ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging
Management Syste ...)
- TODO: check
+ NOT-FOR-US: Judging Management System
CVE-2022-46621
RESERVED
CVE-2022-46620
@@ -10189,7 +10189,7 @@ CVE-2022-46504
CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component
/admin/reg ...)
NOT-FOR-US: Online Student Enrollment System
CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to
contain a SQL ...)
- TODO: check
+ NOT-FOR-US: Online Student Enrollment System
CVE-2022-46501
RESERVED
CVE-2022-46500
@@ -10243,7 +10243,7 @@ CVE-2022-46480
CVE-2022-46479
RESERVED
CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2
contains no ...)
- TODO: check
+ NOT-FOR-US: datax-web
CVE-2022-46477
RESERVED
CVE-2022-46476
@@ -10255,9 +10255,9 @@ CVE-2022-46474
CVE-2022-46473
RESERVED
CVE-2022-46472 (Helmet Store Showroom Site v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Helmet Store Showroom Site
CVE-2022-46471 (Online Health Care System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Online Health Care System
CVE-2022-46470
RESERVED
CVE-2022-46469
@@ -10273,7 +10273,7 @@ CVE-2022-46465
CVE-2022-46464 (ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath
injection ...)
NOT-FOR-US: ConcreteCMS
CVE-2022-46463 (An access control issue in Harbor v1.X.X to v2.5.3 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2022-46462
RESERVED
CVE-2022-46461
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/163906db241bc7c721e3d58cc4212c4e9a78fcf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/163906db241bc7c721e3d58cc4212c4e9a78fcf1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
