[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 8 16:38:38 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5029,7 +5029,7 @@ CVE-2023-23698
 CVE-2023-23697
 	RESERVED
 CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-23695
 	RESERVED
 CVE-2023-23694
@@ -6885,7 +6885,7 @@ CVE-2023-23028
 CVE-2023-23027
 	RESERVED
 CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2023-23025
 	RESERVED
 CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
@@ -6915,7 +6915,7 @@ CVE-2023-23013
 CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...)
 	NOT-FOR-US: craigrodway classroombookings
 CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...)
-	TODO: check
+	NOT-FOR-US: InvoicePlane
 CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...)
 	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2023-23009
@@ -7322,7 +7322,7 @@ CVE-2023-22902
 CVE-2023-22901
 	RESERVED
 CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
-	TODO: check
+	NOT-FOR-US: Efence
 CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not  ...)
 	- zip4j 2.11.2-3 (bug #1029038)
 	[bullseye] - zip4j <no-dsa> (Minor issue)
@@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic
 CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip  ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...)
 	NOT-FOR-US: Shopware
 CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...)
@@ -9281,7 +9281,7 @@ CVE-2022-48168
 CVE-2022-48167
 	RESERVED
 CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
 	NOT-FOR-US: Wavlink
 CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
@@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution
 CVE-2022-48115
 	RESERVED
 CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-48112
@@ -9443,7 +9443,7 @@ CVE-2022-48087
 CVE-2022-48086
 	RESERVED
 CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: Softr
 CVE-2022-48084
 	RESERVED
 CVE-2022-48083
@@ -10895,7 +10895,7 @@ CVE-2022-47764
 CVE-2022-47763
 	RESERVED
 CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal  ...)
-	TODO: check
+	NOT-FOR-US: gin-vue-admin
 CVE-2022-47761
 	RESERVED
 CVE-2022-47760
@@ -12906,11 +12906,11 @@ CVE-2022-47454
 CVE-2022-47453
 	RESERVED
 CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...)
 	NOT-FOR-US: GE Digital
 CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...)
@@ -13008,21 +13008,21 @@ CVE-2022-47421
 CVE-2022-47420
 	RESERVED
 CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful  ...)
-	TODO: check
+	NOT-FOR-US: Mayan EDMS DMS
 CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
-	TODO: check
+	NOT-FOR-US: LogicalDOC
 CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
-	TODO: check
+	NOT-FOR-US: LogicalDOC
 CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type  ...)
-	TODO: check
+	NOT-FOR-US: LogicalDOC
 CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...)
-	TODO: check
+	NOT-FOR-US: LogicalDOC
 CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...)
-	TODO: check
+	NOT-FOR-US: OpenKM
 CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is  ...)
-	TODO: check
+	NOT-FOR-US: OpenKM
 CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE
 CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
@@ -13449,41 +13449,41 @@ CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser
 	NOTE: https://github.com/manugarg/pacparser/issues/99
 	NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0)
 CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47362
 	RESERVED
 CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47353
 	RESERVED
 CVE-2022-47352
@@ -13495,25 +13495,25 @@ CVE-2022-47350
 CVE-2022-47349
 	RESERVED
 CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47340
 	RESERVED
 CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47338
 	RESERVED
 CVE-2022-47337
@@ -13525,29 +13525,29 @@ CVE-2022-47335
 CVE-2022-47334
 	RESERVED
 CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2022-47310
 	RESERVED
 CVE-2022-47309
@@ -13963,11 +13963,11 @@ CVE-2022-47134
 CVE-2022-47133
 	RESERVED
 CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Academy LMS
 CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Academy LMS
 CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
-	TODO: check
+	NOT-FOR-US: Academy LMS
 CVE-2022-47129
 	RESERVED
 CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via  ...)
@@ -14121,9 +14121,9 @@ CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket
 CVE-2022-47072
 	RESERVED
 CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...)
-	TODO: check
+	NOT-FOR-US: NVS365 V01
 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...)
-	TODO: check
+	NOT-FOR-US: NVS365 V01
 CVE-2022-47069
 	RESERVED
 CVE-2022-47068
@@ -14343,7 +14343,7 @@ CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows
 CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: Revenue Collection System
 CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was discover ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2022-46964
 	RESERVED
 CVE-2022-46963
@@ -15582,7 +15582,7 @@ CVE-2022-46606
 CVE-2022-46605
 	RESERVED
 CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below allows att ...)
-	TODO: check
+	NOT-FOR-US: Tecrail Responsive FileManager
 CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...)
 	NOT-FOR-US: Inkdrop
 CVE-2022-46602
@@ -15686,7 +15686,7 @@ CVE-2022-46554
 CVE-2022-46553
 	RESERVED
 CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
 	NOT-FOR-US: Tenda
 CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...)
@@ -15798,7 +15798,7 @@ CVE-2022-46498
 CVE-2022-46497
 	RESERVED
 CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...)
-	TODO: check
+	NOT-FOR-US: BTicino Door Entry HOMETOUCH
 CVE-2022-46495
 	RESERVED
 CVE-2022-46494
@@ -16123,7 +16123,7 @@ CVE-2022-45124
 CVE-2022-45115
 	RESERVED
 CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
-	TODO: check
+	NOT-FOR-US: ESTsoft Alyac
 CVE-2022-46378
 	RESERVED
 CVE-2022-46377
@@ -17832,7 +17832,7 @@ CVE-2022-45856
 CVE-2022-45855
 	RESERVED
 CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2022-45853
 	RESERVED
 CVE-2022-45852
@@ -17926,7 +17926,7 @@ CVE-2022-45809
 CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45807 (Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <=  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45806
 	RESERVED
 CVE-2022-45805
@@ -18034,9 +18034,9 @@ CVE-2022-45785
 CVE-2022-45784
 	RESERVED
 CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...)
 	NOT-FOR-US: WordPress theme
 CVE-2022-4113
@@ -18082,7 +18082,7 @@ CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adgu
 CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...)
 	NOT-FOR-US: ClicShopping_V3
 CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2022-45767
 	RESERVED
 CVE-2022-45766
@@ -18177,7 +18177,7 @@ CVE-2022-45724
 CVE-2022-45723
 	RESERVED
 CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: ezEIP
 CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...)
 	NOT-FOR-US: IP-COM M50
 CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...)
@@ -18447,9 +18447,9 @@ CVE-2022-45591
 CVE-2022-45590
 	RESERVED
 CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT th ...)
-	TODO: check
+	NOT-FOR-US: Talend
 CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2  ...)
-	TODO: check
+	NOT-FOR-US: Talend
 CVE-2022-45587
 	RESERVED
 CVE-2022-45586
@@ -18537,7 +18537,7 @@ CVE-2022-45546
 CVE-2022-45545
 	RESERVED
 CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...)
-	TODO: check
+	NOT-FOR-US: Schlix Web Inc SCHLIX CMS
 CVE-2022-45543
 	RESERVED
 CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/fe98c328/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list