[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 8 16:38:38 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5029,7 +5029,7 @@ CVE-2023-23698
CVE-2023-23697
RESERVED
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-23695
RESERVED
CVE-2023-23694
@@ -6885,7 +6885,7 @@ CVE-2023-23028
CVE-2023-23027
RESERVED
CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2023-23025
RESERVED
CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
@@ -6915,7 +6915,7 @@ CVE-2023-23013
CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...)
NOT-FOR-US: craigrodway classroombookings
CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2023-23009
@@ -7322,7 +7322,7 @@ CVE-2023-22902
CVE-2023-22901
RESERVED
CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
- TODO: check
+ NOT-FOR-US: Efence
CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...)
- zip4j 2.11.2-3 (bug #1029038)
[bullseye] - zip4j <no-dsa> (Minor issue)
@@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...)
NOT-FOR-US: Shopware
CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...)
@@ -9281,7 +9281,7 @@ CVE-2022-48168
CVE-2022-48167
RESERVED
CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
NOT-FOR-US: Wavlink
CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
@@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution
CVE-2022-48115
RESERVED
CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
NOT-FOR-US: TOTOLINK
CVE-2022-48112
@@ -9443,7 +9443,7 @@ CVE-2022-48087
CVE-2022-48086
RESERVED
CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: Softr
CVE-2022-48084
RESERVED
CVE-2022-48083
@@ -10895,7 +10895,7 @@ CVE-2022-47764
CVE-2022-47763
RESERVED
CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2022-47761
RESERVED
CVE-2022-47760
@@ -12906,11 +12906,11 @@ CVE-2022-47454
CVE-2022-47453
RESERVED
CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...)
NOT-FOR-US: GE Digital
CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...)
@@ -13008,21 +13008,21 @@ CVE-2022-47421
CVE-2022-47420
RESERVED
CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...)
- TODO: check
+ NOT-FOR-US: Mayan EDMS DMS
CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
NOT-FOR-US: TYPO3 extension
CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
@@ -13449,41 +13449,41 @@ CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser
NOTE: https://github.com/manugarg/pacparser/issues/99
NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0)
CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47362
RESERVED
CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47353
RESERVED
CVE-2022-47352
@@ -13495,25 +13495,25 @@ CVE-2022-47350
CVE-2022-47349
RESERVED
CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47340
RESERVED
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47338
RESERVED
CVE-2022-47337
@@ -13525,29 +13525,29 @@ CVE-2022-47335
CVE-2022-47334
RESERVED
CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47310
RESERVED
CVE-2022-47309
@@ -13963,11 +13963,11 @@ CVE-2022-47134
CVE-2022-47133
RESERVED
CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47129
RESERVED
CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...)
@@ -14121,9 +14121,9 @@ CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket
CVE-2022-47072
RESERVED
CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...)
- TODO: check
+ NOT-FOR-US: NVS365 V01
CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
- TODO: check
+ NOT-FOR-US: NVS365 V01
CVE-2022-47069
RESERVED
CVE-2022-47068
@@ -14343,7 +14343,7 @@ CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows
CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Revenue Collection System
CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was discover ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2022-46964
RESERVED
CVE-2022-46963
@@ -15582,7 +15582,7 @@ CVE-2022-46606
CVE-2022-46605
RESERVED
CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below allows att ...)
- TODO: check
+ NOT-FOR-US: Tecrail Responsive FileManager
CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...)
NOT-FOR-US: Inkdrop
CVE-2022-46602
@@ -15686,7 +15686,7 @@ CVE-2022-46554
CVE-2022-46553
RESERVED
CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
NOT-FOR-US: Tenda
CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
@@ -15798,7 +15798,7 @@ CVE-2022-46498
CVE-2022-46497
RESERVED
CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...)
- TODO: check
+ NOT-FOR-US: BTicino Door Entry HOMETOUCH
CVE-2022-46495
RESERVED
CVE-2022-46494
@@ -16123,7 +16123,7 @@ CVE-2022-45124
CVE-2022-45115
RESERVED
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
- TODO: check
+ NOT-FOR-US: ESTsoft Alyac
CVE-2022-46378
RESERVED
CVE-2022-46377
@@ -17832,7 +17832,7 @@ CVE-2022-45856
CVE-2022-45855
RESERVED
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45853
RESERVED
CVE-2022-45852
@@ -17926,7 +17926,7 @@ CVE-2022-45809
CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45807 (Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45806
RESERVED
CVE-2022-45805
@@ -18034,9 +18034,9 @@ CVE-2022-45785
CVE-2022-45784
RESERVED
CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...)
NOT-FOR-US: WordPress theme
CVE-2022-4113
@@ -18082,7 +18082,7 @@ CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adgu
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2022-45767
RESERVED
CVE-2022-45766
@@ -18177,7 +18177,7 @@ CVE-2022-45724
CVE-2022-45723
RESERVED
CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...)
- TODO: check
+ NOT-FOR-US: ezEIP
CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
NOT-FOR-US: IP-COM M50
CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...)
@@ -18447,9 +18447,9 @@ CVE-2022-45591
CVE-2022-45590
RESERVED
CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT th ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2022-45587
RESERVED
CVE-2022-45586
@@ -18537,7 +18537,7 @@ CVE-2022-45546
CVE-2022-45545
RESERVED
CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...)
- TODO: check
+ NOT-FOR-US: Schlix Web Inc SCHLIX CMS
CVE-2022-45543
RESERVED
CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/fe98c328/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list