[Git][security-tracker-team/security-tracker][master] Move some NFUs for calibre-web to an itp'ed entry
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 16 05:13:47 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9456a010 by Salvatore Bonaccorso at 2023-04-16T06:13:15+02:00
Move some NFUs for calibre-web to an itp'ed entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-2107 (A vulnerability, which was classified as critical, was found in IBOS 4 ...)
NOT-FOR-US: IBOS
CVE-2023-2106 (Weak Password Requirements in GitHub repository janeczku/calibre-web p ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2023-2105 (Session Fixation in GitHub repository alextselegidis/easyappointments ...)
NOT-FOR-US: alextselegidis/easyappointments
CVE-2023-2104 (Improper Access Control in GitHub repository alextselegidis/easyappoin ...)
@@ -78063,7 +78063,7 @@ CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and
CVE-2022-30766
RESERVED
CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-30764
RESERVED
CVE-2022-30763 (Janet before 1.22.0 mishandles arrays. ...)
@@ -88594,7 +88594,7 @@ CVE-2022-0992 (The SiteGround Security plugin for WordPress is vulnerable to aut
CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...)
NOT-FOR-US: admidio
CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...)
NOT-FOR-US: Mimecast Email Security
CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -89331,7 +89331,7 @@ CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository s
CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
NOT-FOR-US: ShowDoc
CVE-2022-0939 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc prior ...)
NOT-FOR-US: ShowDoc
CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...)
@@ -91781,9 +91781,9 @@ CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Cen
CVE-2022-26132
RESERVED
CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0766 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...)
NOT-FOR-US: Tor Browser (on Windows)
CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...)
@@ -97937,9 +97937,9 @@ CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
NOT-FOR-US: Apache APISIX
CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web prior ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
@@ -98924,7 +98924,7 @@ CVE-2022-23866
CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/L ...)
NOT-FOR-US: Nyron
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
{DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
@@ -99342,7 +99342,7 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) th
CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 ...)
NOT-FOR-US: Devolutions Password Hub for iOS
CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
- loguru <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -100919,7 +100919,7 @@ CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_
CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
NOT-FOR-US: detekt for Kotlin
CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...)
@@ -106271,7 +106271,7 @@ CVE-2021-4173 (vim is vulnerable to Use After Free ...)
CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
NOT-FOR-US: ShowDoc
CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
@@ -106647,7 +106647,7 @@ CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to
CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
NOT-FOR-US: Netgear
CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-45492 (In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configu ...)
@@ -106719,7 +106719,7 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
CVE-2021-4165
RESERVED
CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-4163
RESERVED
CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9456a0103744baec98a462fe2a2cb4afe6e4f14f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9456a0103744baec98a462fe2a2cb4afe6e4f14f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230416/9eaa6323/attachment.htm>
More information about the debian-security-tracker-commits
mailing list