[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jan 17 09:01:44 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8af4c6e4 by Moritz Muehlenhoff at 2023-01-17T10:01:16+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -314,25 +314,25 @@ CVE-2022-4890 (A vulnerability, which was classified as critical, has been found
CVE-2021-4313 (A vulnerability was found in NethServer phonenehome. It has been rated ...)
NOT-FOR-US: NethServer phonenehome
CVE-2018-25076 (A vulnerability classified as critical was found in Events Extension. ...)
- TODO: check
+ NOT-FOR-US: BigTree CMS addon
CVE-2016-15020 (A vulnerability was found in liftkit database up to 2.13.1. It has bee ...)
- TODO: check
+ NOT-FOR-US: liftkit database
CVE-2015-10057 (A vulnerability was found in Little Apps Little Software Stats. It has ...)
NOT-FOR-US: Little Apps Little Software Stats
CVE-2015-10056 (A vulnerability was found in 2071174A vinylmap. It has been classified ...)
- TODO: check
+ NOT-FOR-US: 2071174A vinylmap
CVE-2015-10055 (A vulnerability was found in PictureThisWebServer and classified as cr ...)
- TODO: check
+ NOT-FOR-US: PictureThisWebServer
CVE-2015-10054 (A vulnerability, which was classified as critical, was found in githui ...)
- TODO: check
+ NOT-FOR-US: P2Manage
CVE-2015-10053 (A vulnerability classified as critical has been found in prodigasistem ...)
- TODO: check
+ NOT-FOR-US: prodigasistemas curupira
CVE-2014-125080 (A vulnerability has been found in frontaccounting faplanet and classif ...)
- TODO: check
+ NOT-FOR-US: frontaccounting faplanet
CVE-2013-10012 (A vulnerability, which was classified as critical, was found in antonb ...)
- TODO: check
+ NOT-FOR-US: antonbolling clan7ups
CVE-2010-10005 (A vulnerability was found in msmania poodim. It has been declared as c ...)
- TODO: check
+ NOT-FOR-US: msmania poodim
CVE-2023-23596
RESERVED
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...)
@@ -8562,7 +8562,7 @@ CVE-2022-43493
CVE-2022-41834
RESERVED
CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2023-0011
RESERVED
CVE-2022-47193
@@ -10615,7 +10615,7 @@ CVE-2022-46440
CVE-2022-46439
RESERVED
CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...)
- TODO: check
+ NOT-FOR-US: DouPHP
CVE-2022-46437
RESERVED
CVE-2022-46436
@@ -10917,31 +10917,31 @@ CVE-2023-21601
CVE-2023-21600
RESERVED
CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21598 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21597 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21596 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21593
RESERVED
CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21590 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21589 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-21586
RESERVED
CVE-2023-21585
@@ -11079,7 +11079,7 @@ CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and e
CVE-2022-4259
RESERVED
CVE-2022-4258 (In multiple versions of HIMA PC based Software an unquoted Windows sea ...)
- TODO: check
+ NOT-FOR-US: HIMA
CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...)
NOT-FOR-US: C-DATA Web Management System
CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does ...)
@@ -11540,7 +11540,7 @@ CVE-2022-46260
CVE-2022-46259
RESERVED
CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46257
RESERVED
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -11743,7 +11743,7 @@ CVE-2022-46165
CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...)
NOT-FOR-US: NodeBB
CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...)
- TODO: check
+ NOT-FOR-US: Travel support program
CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...)
NOT-FOR-US: BBCode plugin for Discourse
CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...)
@@ -11955,7 +11955,7 @@ CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was
CVE-2022-46094
RESERVED
CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection. Attack ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-46092
RESERVED
CVE-2022-46091
@@ -12839,9 +12839,9 @@ CVE-2022-45731
CVE-2022-45730
RESERVED
CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
- TODO: check
+ NOT-FOR-US: Doctor Appointment Management System
CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Doctor Appointment Management System
CVE-2022-45727
RESERVED
CVE-2022-45726
@@ -13656,9 +13656,9 @@ CVE-2022-45442 (Sinatra is a domain-specific language for creating web applicati
CVE-2022-45441
RESERVED
CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmwa ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration file o ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...)
NOT-FOR-US: Apache Superset
CVE-2022-45437
@@ -14147,7 +14147,7 @@ CVE-2022-45355
CVE-2022-45354
RESERVED
CVE-2022-45353 (Broken Access Control in Betheme theme <= 26.6.1 on WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45352
RESERVED
CVE-2022-45351
@@ -17448,7 +17448,7 @@ CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to autho
CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3792 (This issue affects: Terminal Operating System versions before 5.0.13 ...)
- TODO: check
+ NOT-FOR-US: GullsEye
CVE-2022-3791
REJECTED
CVE-2022-3790
@@ -19459,27 +19459,27 @@ CVE-2023-20534
CVE-2023-20533
RESERVED
CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20530 (Insufficient input validation of BIOS mailbox messages in SMU may resu ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20529 (Insufficient bound checks in the SMU may allow an attacker to update t ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical attacker ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20526
RESERVED
CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20524
RESERVED
CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20521
RESERVED
CVE-2023-20520
@@ -21033,7 +21033,7 @@ CVE-2022-3695
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3693 (The File Management System developed by FileOrbis before version 10.6. ...)
- TODO: check
+ NOT-FOR-US: FileOrbis
CVE-2022-3692
REJECTED
CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.5 dis ...)
@@ -21708,9 +21708,9 @@ CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintai
[bullseye] - zabbix <ignored> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22050
CVE-2022-43514 (A vulnerability has been identified in Automation License Manager V5 ( ...)
- TODO: check
+ NOT-FOR-US: Automation License Manager
CVE-2022-43513 (A vulnerability has been identified in Automation License Manager V5 ( ...)
- TODO: check
+ NOT-FOR-US: Automation License Manager
CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI versions prior ...)
NOT-FOR-US: SHIRASAGI
CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerabi ...)
@@ -21740,7 +21740,7 @@ CVE-2022-43469
CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...)
- TODO: check
+ NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-43461
RESERVED
CVE-2022-43459
@@ -21786,7 +21786,7 @@ CVE-2022-42485
CVE-2022-42479
RESERVED
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's ...)
- TODO: check
+ NOT-FOR-US: Adeel Ahmed's IP Blacklist
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
@@ -22195,15 +22195,15 @@ CVE-2022-43395
CVE-2022-43394
RESERVED
CVE-2022-43393 (An improper check for unusual or exceptional conditions in the HTTP re ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-43392 (A buffer overflow vulnerability in the parameter of web server in Zyxe ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-43391 (A buffer overflow vulnerability in the parameter of the CGI program in ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-43390 (A command injection vulnerability in the CGI program of Zyxel NR7101 f ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-43389 (A buffer overflow vulnerability in the library of the web server in Zy ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-43388
RESERVED
CVE-2022-43387
@@ -23209,7 +23209,7 @@ CVE-2022-42981
CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
NOT-FOR-US: go-admin (aka GO Admin)
CVE-2022-42979 (Information disclosure due to an insecure hostname validation in the R ...)
- TODO: check
+ NOT-FOR-US: RYDE
CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...)
NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af4c6e4fd6fd7f32511626d27e1562104dd18f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8af4c6e4fd6fd7f32511626d27e1562104dd18f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230117/e371411c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list