[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 30 12:36:58 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53ed6df0 by Salvatore Bonaccorso at 2023-03-30T12:44:44+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1664,23 +1664,23 @@ CVE-2023-28511
CVE-2023-28510
RESERVED
CVE-2023-28509 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28508 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28507 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28506 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28505 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28504 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28503 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
- TODO: check
+ NOT-FOR-US: Rocket Software UniData
CVE-2023-28500
RESERVED
CVE-2023-28499
@@ -2895,7 +2895,7 @@ CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering
CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-28158 (Privilege escalation via stored XSS using the file upload service to u ...)
- TODO: check
+ NOT-FOR-US: Apache Archiva
CVE-2023-28157
RESERVED
CVE-2023-28156
@@ -5046,7 +5046,7 @@ CVE-2023-27491
CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...)
NOT-FOR-US: NextAuth.js
CVE-2023-27489 (Kiwi TCMS is an open source test management system for both manual and ...)
- TODO: check
+ NOT-FOR-US: Kiwi TCMS
CVE-2023-27488
RESERVED
CVE-2023-27487
@@ -5922,7 +5922,7 @@ CVE-2023-27169
CVE-2023-27168
RESERVED
CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Suprema BioStar
CVE-2023-27166
RESERVED
CVE-2023-27165
@@ -6313,7 +6313,7 @@ CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 all
CVE-2023-26983
RESERVED
CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2023-26981
RESERVED
CVE-2023-26980
@@ -6341,7 +6341,7 @@ CVE-2023-26970
CVE-2023-26969
RESERVED
CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyph ...)
- TODO: check
+ NOT-FOR-US: Atrocore
CVE-2023-26967
RESERVED
CVE-2023-26966
@@ -7810,65 +7810,65 @@ CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Unt
CVE-2023-26357
RESERVED
CVE-2023-26356 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26355 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26354 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26353 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26352 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26351 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26350 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26349 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26348 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26347
RESERVED
CVE-2023-26346 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26345 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26344 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26343 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26342 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26341 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26340 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26339 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26338 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26337 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-ba ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26336 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26335 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26334 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26333 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26332 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26331 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26330 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26329 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26328 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26327 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin version ...)
@@ -9137,63 +9137,63 @@ CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload
CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2023-25907 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25906 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25905 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25904 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25903 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25902 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25901 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25900 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25899 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25898 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25897 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25896 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25895 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25894 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25893 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25892 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25891 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25890 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25889 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25888 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25887 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25886 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25885 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25884 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25883 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25882 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25881 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25880 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25879 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
NOT-FOR-US: Adobe
CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
@@ -9744,9 +9744,9 @@ CVE-2023-25724
CVE-2023-25723
REJECTED
CVE-2023-25722 (A credential-leak issue was discovered in related Veracode products be ...)
- TODO: check
+ NOT-FOR-US: Veracode
CVE-2023-25721 (Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using ...)
- TODO: check
+ NOT-FOR-US: Veracode
CVE-2023-25720
RESERVED
CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...)
@@ -11789,9 +11789,9 @@ CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability
NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1
CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient filtering f ...)
- TODO: check
+ NOT-FOR-US: RIFARTEK IOT Wall
CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An a ...)
- TODO: check
+ NOT-FOR-US: RIFARTEK IOT Wall
CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...)
NOT-FOR-US: Couchbase Server
CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
@@ -12242,23 +12242,23 @@ CVE-2023-24844
CVE-2023-24843
RESERVED
CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...)
- TODO: check
+ NOT-FOR-US: HGiga MailSherlock
CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HGiga MailSherlock
CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of insufficie ...)
- TODO: check
+ NOT-FOR-US: HGiga MailSherlock
CVE-2023-24839 (HGiga MailSherlock’s specific function has insufficient filterin ...)
- TODO: check
+ NOT-FOR-US: HGiga MailSherlock
CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. An unau ...)
- TODO: check
+ NOT-FOR-US: HGiga PowerStation
CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...)
- TODO: check
+ NOT-FOR-US: HGiga
CVE-2023-24836
RESERVED
CVE-2023-24835 (Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Co ...)
- TODO: check
+ NOT-FOR-US: Softnext
CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...)
- TODO: check
+ NOT-FOR-US: WisdomGarden Tronclass
CVE-2023-0600
RESERVED
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
@@ -13872,7 +13872,7 @@ CVE-2023-24306
CVE-2023-24305
RESERVED
CVE-2023-24304 (Improper input validation in the PDF.dll plugin of IrfanView v4.60 all ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2023-24303
RESERVED
CVE-2023-24302
@@ -14932,7 +14932,7 @@ CVE-2023-23863
CVE-2023-23862
RESERVED
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23550
RESERVED
CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
@@ -16642,7 +16642,7 @@ CVE-2023-23357
CVE-2023-23356
RESERVED
CVE-2023-23355 (A vulnerability has been reported to affect multiple QNAP operating sy ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-23354
RESERVED
CVE-2023-23353
@@ -17241,7 +17241,7 @@ CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used fo
CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...)
NOT-FOR-US: Skyhigh SWG
CVE-2023-0213 (Elevation of privilege issue in M-Files Installer versions before 22.6 ...)
- TODO: check
+ NOT-FOR-US: M-Files
CVE-2023-0212 (The Advanced Recent Posts WordPress plugin through 0.6.14 does not val ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0211
@@ -17872,7 +17872,7 @@ CVE-2023-22904
CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...)
NOT-FOR-US: LibrePhotos
CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...)
- TODO: check
+ NOT-FOR-US: Openfind Mail2000
CVE-2023-22901
RESERVED
CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
@@ -18644,7 +18644,7 @@ CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpso
CVE-2023-22706
RESERVED
CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22703
@@ -21800,19 +21800,19 @@ CVE-2022-47615 (Local File Inclusion vulnerability in LearnPress – WordPre
CVE-2022-47614
RESERVED
CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47611
RESERVED
CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47609
RESERVED
CVE-2022-47608
RESERVED
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47606
RESERVED
CVE-2022-47605
@@ -21820,9 +21820,9 @@ CVE-2022-47605
CVE-2022-47604
RESERVED
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47601
RESERVED
CVE-2022-47600
@@ -21834,7 +21834,7 @@ CVE-2022-47598
CVE-2022-47597
RESERVED
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47594
@@ -22124,7 +22124,7 @@ CVE-2022-47531
CVE-2022-47530
RESERVED
CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...)
- TODO: check
+ NOT-FOR-US: NetWitness
CVE-2022-47528
RESERVED
CVE-2022-47527
@@ -23529,7 +23529,7 @@ CVE-2022-47446
CVE-2022-47445
RESERVED
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47442
@@ -23541,7 +23541,7 @@ CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dols
CVE-2022-47439
RESERVED
CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47437
RESERVED
CVE-2022-47436
@@ -23551,7 +23551,7 @@ CVE-2022-47435
CVE-2022-47434
RESERVED
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47432
RESERVED
CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor inter ...)
@@ -24459,7 +24459,7 @@ CVE-2022-47172
CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47169
RESERVED
CVE-2022-47168
@@ -24507,7 +24507,7 @@ CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight
CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47144
@@ -25292,7 +25292,7 @@ CVE-2022-46865
CVE-2022-46864
RESERVED
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46861
@@ -25308,7 +25308,7 @@ CVE-2022-46857
CVE-2022-46856
RESERVED
CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46853
@@ -25332,7 +25332,7 @@ CVE-2022-46845
CVE-2022-46844
RESERVED
CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin ...)
NOT-FOR-US: Wordpress plugin
CVE-2022-46841
@@ -26586,9 +26586,9 @@ CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTE
CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...)
NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate term ...)
- TODO: check
+ NOT-FOR-US: Parrot Bebop
CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent legitimate ter ...)
- TODO: check
+ NOT-FOR-US: DJI Spark
CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...)
NOT-FOR-US: Veritas
CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...)
@@ -28463,7 +28463,7 @@ CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <=
CVE-2022-45832
RESERVED
CVE-2022-45831 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob01 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45830
RESERVED
CVE-2022-45829 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 ...)
@@ -28475,7 +28475,7 @@ CVE-2022-45827
CVE-2022-45826
RESERVED
CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45823
@@ -28542,7 +28542,7 @@ CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kern
- linux <not-affected> (Vulnerable code only in 5.19-rcX versions)
NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, ...)
- TODO: check
+ NOT-FOR-US: ABB RCCMD
CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
@@ -29421,7 +29421,7 @@ CVE-2022-45462 (Alarm instance management has command injection when there is a
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
NOT-FOR-US: Veritas NetBackup
CVE-2022-45460 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...)
- TODO: check
+ NOT-FOR-US: Xiongmai
CVE-2022-4053 (A vulnerability was found in Student Attendance Management System. It ...)
NOT-FOR-US: Student Attendance Management System
CVE-2022-4052 (A vulnerability was found in Student Attendance Management System and ...)
@@ -30055,7 +30055,7 @@ CVE-2022-45357
CVE-2022-45356
RESERVED
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45354
RESERVED
CVE-2022-45353 (Broken Access Control in Betheme theme <= 26.6.1 on WordPress. ...)
@@ -37027,15 +37027,15 @@ CVE-2022-43747 (baramundi Management Agent (bMA) in baramundi Management Suite (
CVE-2022-3687
RESERVED
CVE-2022-3686 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...)
- TODO: check
+ NOT-FOR-US: ABB SDM600 endpoint
CVE-2022-3685 (A vulnerability exists in the SDM600 software. The software operates a ...)
- TODO: check
+ NOT-FOR-US: ABB SDM600 endpoint
CVE-2022-3684 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...)
- TODO: check
+ NOT-FOR-US: ABB SDM600 endpoint
CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorization va ...)
- TODO: check
+ NOT-FOR-US: ABB SDM600
CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An at ...)
- TODO: check
+ NOT-FOR-US: ABB SDM600
CVE-2022-3681
RESERVED
CVE-2022-43746
@@ -37318,67 +37318,67 @@ CVE-2022-43651
CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
TODO: check
CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43648 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43647 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43646 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43645 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43644 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43643 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43642 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43641 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43640 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43637 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-43636 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
TODO: check
CVE-2022-43633 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43632 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43631 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43630 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43629 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43628 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43627 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43626 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43625 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43624 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43623 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43622 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43621 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43620 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43619 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-43618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
TODO: check
CVE-2022-43617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ed6df051e5dd75c40bd96aa80a9c2cb71dc53c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ed6df051e5dd75c40bd96aa80a9c2cb71dc53c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/7e32172d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list