[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jan 20 19:13:13 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ab1482e by Moritz Muehlenhoff at 2023-01-20T20:12:29+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -111,7 +111,7 @@ CVE-2023-0412
CVE-2023-0411
RESERVED
CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...)
- TODO: check
+ NOT-FOR-US: builderio/qwik
CVE-2023-0409
RESERVED
CVE-2023-0408
@@ -530,11 +530,11 @@ CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge
CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions Plugin ...)
NOT-FOR-US: bastianallgeier Kirby Webmentions Plugin
CVE-2015-10070 (A vulnerability was found in copperwall Twiddit. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: copperwall Twiddit
CVE-2015-10069 (A vulnerability was found in viakondratiuk cash-machine. It has been d ...)
- TODO: check
+ NOT-FOR-US: viakondratiuk cash-machine
CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise-connect ...)
- TODO: check
+ NOT-FOR-US: Anant Labs google-enterprise-connect
CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
CVE-2023-23774
@@ -780,7 +780,7 @@ CVE-2012-10006 (A vulnerability classified as critical has been found in ale7714
CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been declared ...)
NOT-FOR-US: iamdroppy phoenixcf
CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...)
- TODO: check
+ NOT-FOR-US: simplesamlphp-module-openidprovider
CVE-2023-XXXX [RUSTSEC-2023-0002]
- rust-git2 0.16.0-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0002.html
@@ -1166,7 +1166,7 @@ CVE-2013-10012 (A vulnerability, which was classified as critical, was found in
CVE-2010-10005 (A vulnerability was found in msmania poodim. It has been declared as c ...)
NOT-FOR-US: msmania poodim
CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. W ...)
- TODO: check
+ NOT-FOR-US: jc21 NGINX Proxy Manager
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...)
NOT-FOR-US: BlueCat Device Registration Portal
CVE-2023-23594
@@ -3135,7 +3135,7 @@ CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS pri
CVE-2023-0127
RESERVED
CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000 firmware ve ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been declared as ...)
NOT-FOR-US: Control iD Panel
CVE-2023-0124
@@ -4279,7 +4279,7 @@ CVE-2023-22578
CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
- TODO: check
+ NOT-FOR-US: AsyncHTTPClient
CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to auth ...)
NOT-FOR-US: User Post Gallery - UPG plugin for WordPress
CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...)
@@ -4649,7 +4649,7 @@ CVE-2021-46869
CVE-2023-22500
RESERVED
CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2023-22498
REJECTED
CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...)
@@ -6227,13 +6227,13 @@ CVE-2023-22381
CVE-2023-22380
RESERVED
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22334 (Use of password hash instead of password for authentication vulnerabil ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI System (CHS) ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-0020
RESERVED
CVE-2023-0019
@@ -9611,7 +9611,7 @@ CVE-2022-47107
CVE-2022-47106
RESERVED
CVE-2022-47105 (Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-47104
RESERVED
CVE-2022-47103
@@ -10192,15 +10192,15 @@ CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1
CVE-2022-46892
RESERVED
CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...)
- TODO: check
+ NOT-FOR-US: Arm Mali
CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote authenti ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46889 (A persistent cross-site scripting (XSS) vulnerability in NexusPHP befo ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities in Nexu ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46886
RESERVED
CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...)
@@ -11344,7 +11344,7 @@ CVE-2022-46507
CVE-2022-46506
RESERVED
CVE-2022-46505 (An issue in MatrixSSL 4.5.1-open and earlier leads to failure to secur ...)
- TODO: check
+ - matrixssl <removed>
CVE-2022-46504
RESERVED
CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...)
@@ -11408,7 +11408,7 @@ CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 conta
CVE-2022-46477
RESERVED
CVE-2022-46476 (D-Link DIR-859 A1 1.05 was discovered to contain a command injection v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack over ...)
NOT-FOR-US: D-Link
CVE-2022-46474
@@ -12036,7 +12036,7 @@ CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not val
CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4235 (RushBet version 2022.23.1-b490616d allows a remote attacker to steal c ...)
- TODO: check
+ NOT-FOR-US: RushBet
CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...)
@@ -18296,7 +18296,7 @@ CVE-2022-3808
CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...)
NOT-FOR-US: Bento4
CVE-2022-3806 (Inconsistent handling of error cases in bluetooth hci may lead to a do ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...)
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has been cl ...)
@@ -19637,7 +19637,7 @@ CVE-2022-3740
CVE-2022-3739
RESERVED
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...)
NOT-FOR-US: PHOENIX
CVE-2023-20851
@@ -21283,9 +21283,9 @@ CVE-2023-20060
CVE-2023-20059
RESERVED
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco AsyncOS Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20056
RESERVED
CVE-2023-20055
@@ -21305,27 +21305,27 @@ CVE-2023-20049
CVE-2023-20048
RESERVED
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20046
RESERVED
CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20042
RESERVED
CVE-2023-20041
RESERVED
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20039
RESERVED
CVE-2023-20038 (A vulnerability in the monitoring application of Cisco Industrial Netw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20036
RESERVED
CVE-2023-20035
@@ -21347,9 +21347,9 @@ CVE-2023-20028
CVE-2023-20027
RESERVED
CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20024
RESERVED
CVE-2023-20023
@@ -21359,11 +21359,11 @@ CVE-2023-20022
CVE-2023-20021
RESERVED
CVE-2023-20020 (A vulnerability in the Device Management Servlet application of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20017
RESERVED
CVE-2023-20016
@@ -21379,13 +21379,13 @@ CVE-2023-20012
CVE-2023-20011
RESERVED
CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20009
RESERVED
CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20006
RESERVED
CVE-2023-20005
@@ -21395,7 +21395,7 @@ CVE-2023-20004
CVE-2023-20003
RESERVED
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20001
RESERVED
CVE-2023-0010
@@ -24167,7 +24167,7 @@ CVE-2022-42969 (The py library through 1.11.0 for Python allows remote attackers
CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git backe ...)
- gitea <removed>
CVE-2022-42967 (Caret is vulnerable to an XSS attack when the user opens a crafted Mar ...)
- TODO: check
+ NOT-FOR-US: Caret
CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- python-cleo <not-affected> (Vulnerable code introduced later; cf #1024018)
NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
@@ -25068,7 +25068,7 @@ CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2
CVE-2022-42704 (A cross-site scripting (XSS) vulnerability in Employee Service Center ...)
- TODO: check
+ NOT-FOR-US: Employee Service Center
CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba within t ...)
{DSA-5287-1 DLA-3206-1}
- samba 2:4.16.6+dfsg-1
@@ -27912,7 +27912,7 @@ CVE-2022-40700
CVE-2022-40699
RESERVED
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab1482e65c384d267289bb4e34ad6964166a605
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab1482e65c384d267289bb4e34ad6964166a605
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230120/bb9d327a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list