[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Apr 17 15:35:50 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93d9c01e by Moritz Muehlenhoff at 2023-04-17T16:35:24+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8108,7 +8108,7 @@ CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been clas
CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...)
NOT-FOR-US: Netgear
CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2023-1325
RESERVED
CVE-2023-1324
@@ -13299,7 +13299,7 @@ CVE-2023-26125
CVE-2023-26124
RESERVED
CVE-2023-26123 (Versions of the package raysan5/raylib before 4.5.0 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: raylib
CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...)
NOT-FOR-US: Node safe-eval
CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...)
@@ -16133,9 +16133,9 @@ CVE-2023-25196 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-25195 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...)
NOT-FOR-US: Apache Fineract
CVE-2022-48314 (The Bluetooth module has a vulnerability of bypassing the user confirm ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48313 (The Bluetooth module has a vulnerability of bypassing the user confirm ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48312 (The HwPCAssistant module has the out-of-bounds read/write vulnerabilit ...)
NOT-FOR-US: Huawei
CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...)
@@ -29037,7 +29037,7 @@ CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not vali
CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4463 (This candidate is unused by its CNA. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE
CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-4461
@@ -29962,7 +29962,7 @@ CVE-2022-47029
CVE-2022-47028
RESERVED
CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...)
- TODO: check
+ NOT-FOR-US: Timmystudios Fast Typing Keyboard
CVE-2022-47026
RESERVED
CVE-2022-47025
@@ -30374,7 +30374,7 @@ CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities i
CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow ...)
NOT-FOR-US: NexusPHP
CVE-2022-46886 (There exists an open redirect within the response list update function ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...)
- firefox 106.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885
@@ -32015,7 +32015,7 @@ CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are a
CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
NOT-FOR-US: Adobe
CVE-2023-21582 (Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-21580
@@ -33610,7 +33610,7 @@ CVE-2022-45851
CVE-2022-45850
RESERVED
CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gal ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45847
@@ -35232,7 +35232,7 @@ CVE-2022-45360
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45357
RESERVED
CVE-2022-45356
@@ -35698,27 +35698,27 @@ CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the m
CVE-2022-45181
RESERVED
CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45179
RESERVED
CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45177
RESERVED
CVE-2022-45176
RESERVED
CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45173 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45171
RESERVED
CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX
CVE-2022-45169
RESERVED
CVE-2022-45168
@@ -36246,7 +36246,7 @@ CVE-2022-45032
CVE-2022-45031
RESERVED
CVE-2022-45030 (A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHand ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2022-45029
RESERVED
CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
@@ -36880,7 +36880,7 @@ CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-44735
RESERVED
CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis
CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -38249,7 +38249,7 @@ CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Si
CVE-2022-44626
RESERVED
CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...)
@@ -38428,7 +38428,7 @@ CVE-2023-20868
CVE-2023-20867
RESERVED
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
- TODO: check
+ NOT-FOR-US: Spring Session
CVE-2023-20865
RESERVED
CVE-2023-20864
@@ -39902,7 +39902,7 @@ CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post w
CVE-2022-3749
RESERVED
CVE-2022-3748 (Improper Authorization vulnerability in ForgeRock Inc. Access Manageme ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: Becustom plugin for WordPress
CVE-2022-3746
@@ -41453,7 +41453,7 @@ CVE-2023-20120
CVE-2023-20119
RESERVED
CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20116
@@ -42372,13 +42372,13 @@ CVE-2022-43701
CVE-2022-43700
RESERVED
CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-43698 (OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 a ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-43697 (OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking a ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-43696 (OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-43695 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -42951,7 +42951,7 @@ CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calen
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43480 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a r ...)
NOT-FOR-US: SHIRASAGI
CVE-2022-43476
@@ -42971,7 +42971,7 @@ CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West Sli
CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43453
RESERVED
CVE-2022-43450
@@ -44044,7 +44044,7 @@ CVE-2022-43130
CVE-2022-43129
RESERVED
CVE-2022-43128 (Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml. ...)
- TODO: check
+ NOT-FOR-US: Dreamer CMS
CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-43126 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
@@ -46713,7 +46713,7 @@ CVE-2022-3406
CVE-2022-3405
RESERVED
CVE-2022-3404 (This candidate is unused by its CNA. ...)
- TODO: check
+ NOT-FOR-US: Unused CVE
CVE-2022-3403
RESERVED
CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...)
@@ -50124,7 +50124,7 @@ CVE-2022-40948
CVE-2022-40947
RESERVED
CVE-2022-40946 (On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, i ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40945
RESERVED
CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...)
@@ -55413,9 +55413,9 @@ CVE-2022-38843 (EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload
CVE-2022-38842
RESERVED
CVE-2022-38841 (Linksys AX3200 1.1.00 is vulnerable to OS command injection by authent ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2022-38840 (cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Gueralp MAN-EAM-0003
CVE-2022-38839
RESERVED
CVE-2022-38838
@@ -59901,7 +59901,7 @@ CVE-2022-37308 (OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-
CVE-2022-37307 (OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, ...)
NOT-FOR-US: OX App Suite
CVE-2022-37306 (OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicle ...)
NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles
CVE-2022-36426
@@ -60155,7 +60155,7 @@ CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in np
CVE-2022-37256
RESERVED
CVE-2022-37255 (TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed vi ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...)
NOT-FOR-US: DolphinPHP
CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 al ...)
@@ -62133,7 +62133,7 @@ CVE-2022-2526 (A use-after-free vulnerability was found in systemd. This issue o
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2109926
NOTE: https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c (v240)
CVE-2022-2525 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
- TODO: check
+ - calibre-web <itp> (bug #982690)
CVE-2022-2524
RESERVED
CVE-2017-20145 (A vulnerability was found in Tecrail Responsive Filemanger up to 9.10. ...)
@@ -63682,7 +63682,7 @@ CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVa
CVE-2022-2446
RESERVED
CVE-2022-2445 (Incorrectly assigned CVE. Not a valid issue. ...)
- TODO: check
+ NOT-FOR-US: Unvalid CVE
CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...)
@@ -68793,13 +68793,13 @@ CVE-2022-34130
CVE-2022-34129
RESERVED
CVE-2022-34128 (The Cartography (aka positions) plugin before 6.0.1 for GLPI allows re ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2022-34127 (The Managentities plugin before 4.0.2 for GLPI allows reading local fi ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2022-34126 (The Activity plugin before 3.1.1 for GLPI allows reading local files v ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2022-34125 (front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows at ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2022-34124
RESERVED
CVE-2022-34123
@@ -80136,7 +80136,7 @@ CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.
CVE-2022-30077
RESERVED
CVE-2022-30076 (ENTAB ERP 1.0 allows attackers to discover users' full names via a bru ...)
- TODO: check
+ NOT-FOR-US: ENTAB ERP
CVE-2022-30075 (In TP-Link Router AX50 firmware 210730 and older, import of a maliciou ...)
NOT-FOR-US: TP-Link
CVE-2022-30074
@@ -85091,7 +85091,7 @@ CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable value
CVE-2022-28354
RESERVED
CVE-2022-28353 (In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0. ...)
- tiff <unfixed> (unimportant)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -128119,7 +128119,7 @@ CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware
CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
NOT-FOR-US: OpenBMC
CVE-2021-39295 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a den ...)
- TODO: check
+ NOT-FOR-US: OpenBMC
CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...)
NOT-FOR-US: ohmyzsh
CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
@@ -135209,7 +135209,7 @@ CVE-2021-36522
CVE-2021-36521
RESERVED
CVE-2021-36520 (A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a ...)
- TODO: check
+ NOT-FOR-US: I-Tech Trainsmart
CVE-2021-36519
RESERVED
CVE-2021-36518
@@ -141226,7 +141226,7 @@ CVE-2021-33992
CVE-2021-33991
RESERVED
CVE-2021-33990 (Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&Curre ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2021-33989
RESERVED
CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93d9c01e0a767c7c524c185074ab199ee4bfe689
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93d9c01e0a767c7c524c185074ab199ee4bfe689
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230417/b1b97cb4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list