[Git][security-tracker-team/security-tracker][master] NFus
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 1 16:29:34 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
729057f5 by Moritz Muehlenhoff at 2023-02-01T17:29:17+01:00
NFus
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,7 +45,7 @@ CVE-2023-24958
CVE-2023-24957
RESERVED
CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Forget Heart Message Box
CVE-2023-24955
RESERVED
CVE-2023-24954
@@ -267,11 +267,11 @@ CVE-2023-22440
CVE-2023-22276
RESERVED
CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...)
- TODO: check
+ - ampache <removed>
CVE-2023-0605
RESERVED
CVE-2023-0604
@@ -341,11 +341,11 @@ CVE-2023-0595
CVE-2023-0594
RESERVED
CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...)
- TODO: check
+ NOT-FOR-US: ProjectSendyaffshiv
CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...)
- TODO: check
+ NOT-FOR-US: jefferson JFFS tool
CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...)
- TODO: check
+ NOT-FOR-US: UBI reader
CVE-2023-0590
RESERVED
- linux 6.0.6-1
@@ -370,7 +370,7 @@ CVE-2023-0586
CVE-2023-0585
RESERVED
CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...)
- TODO: check
+ NOT-FOR-US: SiteFusion
CVE-2023-24831
RESERVED
CVE-2023-24828
@@ -1064,7 +1064,7 @@ CVE-2023-22311
CVE-2023-0525
RESERVED
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2023-0523
RESERVED
CVE-2023-0522
@@ -1471,7 +1471,7 @@ CVE-2023-0456
CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...)
NOT-FOR-US: unilogies/bumsys
CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
- TODO: check
+ NOT-FOR-US: OrangeScrum
CVE-2023-0453
RESERVED
CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...)
@@ -1957,7 +1957,7 @@ CVE-2023-24243
CVE-2023-24242
RESERVED
CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Forget Heart Message Box
CVE-2023-24240
RESERVED
CVE-2023-24239
@@ -2113,9 +2113,9 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /go
CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...)
NOT-FOR-US: Tenda
CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...)
- TODO: check
+ NOT-FOR-US: Dromara hutool
CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...)
- TODO: check
+ NOT-FOR-US: Dromara hutool
CVE-2023-24161
RESERVED
CVE-2023-24160
@@ -2702,7 +2702,7 @@ CVE-2023-23930
CVE-2023-23929
RESERVED
CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...)
- TODO: check
+ NOT-FOR-US: reason-jose
CVE-2023-23927
RESERVED
CVE-2023-23926
@@ -7606,7 +7606,7 @@ CVE-2022-48163
CVE-2022-48162
RESERVED
CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...)
- TODO: check
+ NOT-FOR-US: Easy Images
CVE-2022-48160
RESERVED
CVE-2022-48159
@@ -8985,7 +8985,7 @@ CVE-2022-47875
CVE-2022-47874
RESERVED
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
- TODO: check
+ NOT-FOR-US: Netcad KEOS
CVE-2022-47872
RESERVED
CVE-2022-47871
@@ -9191,11 +9191,11 @@ CVE-2022-47772
CVE-2022-47771
RESERVED
CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...)
- TODO: check
+ NOT-FOR-US: Serenissima Informatica Fast Checkin
CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...)
- TODO: check
+ NOT-FOR-US: Serenissima Informatica Fast Checkin
CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...)
- TODO: check
+ NOT-FOR-US: Serenissima Informatica Fast Checkin
CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...)
NOT-FOR-US: Solar-Log
CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...)
@@ -12104,7 +12104,7 @@ CVE-2022-44454
CVE-2022-44450
RESERVED
CVE-2022-4441 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to 108.0.5359.124 al ...)
{DSA-5302-1}
- chromium 108.0.5359.124-1
@@ -12500,7 +12500,7 @@ CVE-2022-47037
CVE-2022-47036
RESERVED
CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-47034
RESERVED
CVE-2022-47033
@@ -13119,7 +13119,7 @@ CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subs
NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73
NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c
CVE-2022-46835 (IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 ...)
- TODO: check
+ NOT-FOR-US: IdentitylQ
CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...)
NOT-FOR-US: SICK
CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...)
@@ -13353,7 +13353,7 @@ CVE-2022-46758
CVE-2022-46757
RESERVED
CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-46755
RESERVED
CVE-2022-46754
@@ -13650,7 +13650,7 @@ CVE-2022-46681
CVE-2022-46680
RESERVED
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-46678
RESERVED
CVE-2022-46677
@@ -15576,7 +15576,7 @@ CVE-2022-46089
CVE-2022-46088
RESERVED
CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...)
- TODO: check
+ NOT-FOR-US: CloudSchool
CVE-2022-46086
RESERVED
CVE-2022-46085
@@ -15995,7 +15995,7 @@ CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel’
NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1
NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550
CVE-2022-45897 (On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attac ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload of arbi ...)
NOT-FOR-US: Planet eStream
CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive information, rela ...)
@@ -16288,9 +16288,9 @@ CVE-2022-45791
CVE-2022-45790
RESERVED
CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...)
NOT-FOR-US: Apache James
CVE-2022-45786
@@ -16716,7 +16716,7 @@ CVE-2022-45600
CVE-2022-45599
RESERVED
CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...)
- TODO: check
+ NOT-FOR-US: Joplin Desktop App
CVE-2022-45597
RESERVED
CVE-2022-45596
@@ -17064,7 +17064,7 @@ CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote
CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4062 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...)
NOT-FOR-US: drachtio-server
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
@@ -17147,7 +17147,7 @@ CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unseri
CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-4040
RESERVED
CVE-2022-4039
@@ -17297,7 +17297,7 @@ CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint an
NOTE: https://www.openssl.org/news/secadv/20221213.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7
CVE-2022-45435 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...)
- TODO: check
+ NOT-FOR-US: IdentitylQ
CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...)
NOT-FOR-US: Dahua
CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...)
@@ -18224,7 +18224,7 @@ CVE-2022-45174
CVE-2022-45173
RESERVED
CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45171
RESERVED
CVE-2022-45170
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729057f5a4773b0ec1b3da4a3b2a91bb5369531c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729057f5a4773b0ec1b3da4a3b2a91bb5369531c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/73bb931f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list