[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 10 10:01:38 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ecb5fc41 by Moritz Muehlenhoff at 2023-07-10T11:01:13+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29377,7 +29377,7 @@ CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange me
CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
- gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -130527,15 +130527,15 @@ CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with
CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
NOT-FOR-US: CoreNLP
CVE-2021-42083 (An authenticated attacker is able to create alerts that trigger a stor ...)
- TODO: check
+ NOT-FOR-US: QuantaStor
CVE-2021-42082 (Local users are able to execute scripts under root privileges.)
- TODO: check
+ NOT-FOR-US: QuantaStor
CVE-2021-42081 (An authenticated administrator is allowed to remotely execute arbitrar ...)
- TODO: check
+ NOT-FOR-US: QuantaStor
CVE-2021-42080 (An attacker is able to launch a Reflected XSS attack using a crafted U ...)
- TODO: check
+ NOT-FOR-US: QuantaStor
CVE-2021-42079 (An authenticated administrator is able to prepare an alert that is abl ...)
- TODO: check
+ NOT-FOR-US: QuantaStor
CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...)
NOT-FOR-US: PHP Event Calendar
CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...)
@@ -212261,11 +212261,11 @@ CVE-2020-22155
CVE-2020-22154
RESERVED
CVE-2020-22153 (File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2020-22152 (Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4. ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2020-22151 (Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2020-22150 (A cross site scripting (XSS) vulnerability in /admin.php?page=permalin ...)
- piwigo <removed>
CVE-2020-22149
@@ -212974,9 +212974,9 @@ CVE-2020-21864
CVE-2020-21863
RESERVED
CVE-2020-21862 (Directory traversal vulnerability in DuxCMS 2.1 allows attackers to de ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2020-21861 (File upload vulnerability in DuxCMS 2.1 allows attackers to execute ar ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2020-21860
RESERVED
CVE-2020-21859
@@ -213857,15 +213857,15 @@ CVE-2020-21491
CVE-2020-21490
RESERVED
CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: Feehicms
CVE-2020-21488
RESERVED
CVE-2020-21487 (Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ...)
NOT-FOR-US: pfSense
CVE-2020-21486 (SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker t ...)
- TODO: check
+ NOT-FOR-US: PHPOK
CVE-2020-21485 (Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Alluxio
CVE-2020-21484
RESERVED
CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...)
@@ -213887,7 +213887,7 @@ CVE-2020-21476
CVE-2020-21475
RESERVED
CVE-2020-21474 (File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: NucleusCMS
CVE-2020-21473
RESERVED
CVE-2020-21472
@@ -214037,7 +214037,7 @@ CVE-2020-21402
CVE-2020-21401
RESERVED
CVE-2020-21400 (SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a rem ...)
- TODO: check
+ NOT-FOR-US: PHPMyWind
CVE-2020-21399
RESERVED
CVE-2020-21398
@@ -214105,7 +214105,7 @@ CVE-2020-21368
CVE-2020-21367
RESERVED
CVE-2020-21366 (Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an a ...)
- TODO: check
+ NOT-FOR-US: GreenCMS
CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows ...)
{DLA-3158-1}
- wkhtmltopdf 0.12.6-1
@@ -214190,7 +214190,7 @@ CVE-2020-21327
CVE-2020-21326
RESERVED
CVE-2020-21325 (An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbi ...)
- TODO: check
+ NOT-FOR-US: WUZHI CMS
CVE-2020-21324
RESERVED
CVE-2020-21323
@@ -214304,7 +214304,7 @@ CVE-2020-21270
CVE-2020-21269
RESERVED
CVE-2020-21268 (Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows ...)
- TODO: check
+ NOT-FOR-US: EasySoft ZenTao
CVE-2020-21267
RESERVED
CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...)
@@ -214336,7 +214336,7 @@ CVE-2020-21254
CVE-2020-21253
RESERVED
CVE-2020-21252 (Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows ...)
- TODO: check
+ NOT-FOR-US: Neeke HongCMS
CVE-2020-21251
RESERVED
CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...)
@@ -214348,7 +214348,7 @@ CVE-2020-21248
CVE-2020-21247
RESERVED
CVE-2020-21246 (Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: YiiCMS
CVE-2020-21245
RESERVED
CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...)
@@ -214492,7 +214492,7 @@ CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.dec
CVE-2020-21175
RESERVED
CVE-2020-21174 (File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: liufee CMS
CVE-2020-21173
RESERVED
CVE-2020-21172
@@ -214724,7 +214724,7 @@ CVE-2020-21060 (SQL injection vulnerability found in PHPMyWind v.5.6 allows a re
CVE-2020-21059
RESERVED
CVE-2020-21058 (Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...)
NOT-FOR-US: FusionPBX
CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...)
@@ -214736,7 +214736,7 @@ CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allo
CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...)
NOT-FOR-US: FusionPBX
CVE-2020-21052 (Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a rem ...)
- TODO: check
+ NOT-FOR-US: zrlog
CVE-2020-21051
RESERVED
CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...)
@@ -214920,7 +214920,7 @@ CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0
CVE-2020-20970
RESERVED
CVE-2020-20969 (File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: PluckCMS
CVE-2020-20968
RESERVED
CVE-2020-20967
@@ -215020,9 +215020,9 @@ CVE-2020-20921
CVE-2020-20920
RESERVED
CVE-2020-20919 (File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: PluckCMS
CVE-2020-20918 (An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: PluckCMS
CVE-2020-20917
RESERVED
CVE-2020-20916
@@ -215425,7 +215425,7 @@ CVE-2020-20737
CVE-2020-20736
RESERVED
CVE-2020-20735 (File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attack ...)
- TODO: check
+ NOT-FOR-US: LJCMS
CVE-2020-20734
RESERVED
CVE-2020-20733
@@ -215443,9 +215443,9 @@ CVE-2020-20728
CVE-2020-20727
RESERVED
CVE-2020-20726 (Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allo ...)
- TODO: check
+ NOT-FOR-US: GilaCMS
CVE-2020-20725 (Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 all ...)
- TODO: check
+ NOT-FOR-US: taoCMS
CVE-2020-20724
RESERVED
CVE-2020-20723
@@ -215459,7 +215459,7 @@ CVE-2020-20720
CVE-2020-20719
RESERVED
CVE-2020-20718 (File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a r ...)
- TODO: check
+ NOT-FOR-US: PluckCMS
CVE-2020-20717
RESERVED
CVE-2020-20716
@@ -215501,7 +215501,7 @@ CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 all
CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...)
NOT-FOR-US: S-CMS PHP
CVE-2020-20697 (Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a ...)
- TODO: check
+ NOT-FOR-US: NodCMS
CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...)
NOT-FOR-US: GilaCMS
CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...)
@@ -215623,7 +215623,7 @@ CVE-2020-20638
CVE-2020-20637
RESERVED
CVE-2020-20636 (SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remo ...)
- TODO: check
+ NOT-FOR-US: Joyplus-cms
CVE-2020-20635
RESERVED
CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...)
@@ -215892,7 +215892,7 @@ CVE-2020-20504
CVE-2020-20503
RESERVED
CVE-2020-20502 (Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attack ...)
- TODO: check
+ NOT-FOR-US: yzCMS
CVE-2020-20501
RESERVED
CVE-2020-20500
@@ -215915,7 +215915,7 @@ CVE-2020-20493
CVE-2020-20492
RESERVED
CVE-2020-20491 (SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...)
NOT-FOR-US: libiec_iccp_mod
NOTE: https://github.com/fcovatti/libiec_iccp_mod
@@ -216103,7 +216103,7 @@ CVE-2020-20415
CVE-2020-20414
RESERVED
CVE-2020-20413 (SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: WUZHICMS
CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...)
NOT-FOR-US: StepMania integration of libvorbis
CVE-2020-20411
@@ -216259,7 +216259,7 @@ CVE-2020-20337
CVE-2020-20336
RESERVED
CVE-2020-20335 (Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8 ...)
- TODO: check
+ NOT-FOR-US: kilo editor
CVE-2020-20334
RESERVED
CVE-2020-20333
@@ -216509,7 +216509,7 @@ CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory
CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...)
NOT-FOR-US: Mikrotik
CVE-2020-20210 (Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/a ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2020-20209
RESERVED
CVE-2020-20208
@@ -216789,13 +216789,13 @@ CVE-2020-20072
CVE-2020-20071
RESERVED
CVE-2020-20070 (Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allow ...)
- TODO: check
+ NOT-FOR-US: DWSurvey
CVE-2020-20069
RESERVED
CVE-2020-20068
RESERVED
CVE-2020-20067 (File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: ebCMS
CVE-2020-20066
RESERVED
CVE-2020-20065
@@ -217125,7 +217125,7 @@ CVE-2020-19904
CVE-2020-19903
RESERVED
CVE-2020-19902 (Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 all ...)
- TODO: check
+ NOT-FOR-US: Cryptoprof WCMS
CVE-2020-19901
RESERVED
CVE-2020-19900
@@ -218993,7 +218993,7 @@ CVE-2020-19030
CVE-2020-19029
RESERVED
CVE-2020-19028 (*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a re ...)
- TODO: check
+ NOT-FOR-US: EmlogCMS
CVE-2020-19027
RESERVED
CVE-2020-19026
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecb5fc416656bebd52db89562038912932f95afa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecb5fc416656bebd52db89562038912932f95afa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230710/10cf15cc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list