[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 31 05:41:07 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e46a9a68 by Salvatore Bonaccorso at 2023-03-31T06:40:41+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...)
- TODO: check
+ NOT-FOR-US: 3CX DesktopApp
CVE-2023-29058
RESERVED
CVE-2023-29057
@@ -67,7 +67,7 @@ CVE-2023-1736
CVE-2023-1735
RESERVED
CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
CVE-2023-1733
RESERVED
CVE-2023-1732
@@ -85,7 +85,7 @@ CVE-2023-1727
CVE-2023-1726
RESERVED
CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Project M ...)
- TODO: check
+ NOT-FOR-US: Infoline Project Management System
CVE-2023-1724
RESERVED
CVE-2023-1723
@@ -285,7 +285,7 @@ CVE-2023-1701 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
CVE-2023-1700
RESERVED
CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsin ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose
CVE-2023-1698
RESERVED
CVE-2023-1697
@@ -544,7 +544,7 @@ CVE-2023-1658
CVE-2023-1657
RESERVED
CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
@@ -810,7 +810,7 @@ CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. lib/nlat
CVE-2016-15030 (A vulnerability classified as problematic has been found in Arno0x Two ...)
NOT-FOR-US: Arno0x
CVE-2015-10097 (A vulnerability was found in grinnellplans-php up to 3.0. It has been ...)
- TODO: check
+ NOT-FOR-US: grinnellplans-php
CVE-2023-28821
RESERVED
CVE-2023-28820
@@ -1046,11 +1046,11 @@ CVE-2023-28735
CVE-2023-28734
RESERVED
CVE-2023-28733 (AnyMailing Joomla Plugin is vulnerable to stored cross site scripting ...)
- TODO: check
+ NOT-FOR-US: Joomla Plugin
CVE-2023-28732 (Missing access control in AnyMailing Joomla Plugin allows to list and ...)
- TODO: check
+ NOT-FOR-US: Joomla Plugin
CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code ...)
- TODO: check
+ NOT-FOR-US: Joomla Plugin
CVE-2023-27882
RESERVED
CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in io_uring ...)
@@ -1371,9 +1371,9 @@ CVE-2023-28652 (An authenticated malicious user could successfully upload a mali
CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...)
NOT-FOR-US: SAUTER
CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the nextclo ...)
- TODO: check
+ NOT-FOR-US: Nextcloud iOS application
CVE-2023-28646 (Nextcloud android is an android app for interfacing with the nextcloud ...)
- TODO: check
+ NOT-FOR-US: Nextcloud android application
CVE-2023-28645
RESERVED
CVE-2023-28644 (Nextcloud server is an open source home cloud implementation. In relea ...)
@@ -6430,7 +6430,7 @@ CVE-2023-26986
CVE-2023-26985
RESERVED
CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...)
- TODO: check
+ NOT-FOR-US: Peppermint
CVE-2023-26983
RESERVED
CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scripting ...)
@@ -7309,7 +7309,7 @@ CVE-2023-26551
CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...)
NOT-FOR-US: BMC Control-M
CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app restart due to ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserialization. ...)
NOT-FOR-US: Huawei
CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...)
@@ -7515,9 +7515,9 @@ CVE-2023-1016
CVE-2023-1015 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
NOT-FOR-US: Rejected CVE
CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
- TODO: check
+ NOT-FOR-US: Virames Vira-Investing
CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: Virames Vira-Investing
CVE-2023-1012
RESERVED
CVE-2023-1011
@@ -11819,7 +11819,7 @@ CVE-2023-25042
CVE-2023-25041
RESERVED
CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25039
RESERVED
CVE-2023-25038
@@ -13754,7 +13754,7 @@ CVE-2023-24401
CVE-2023-24400
RESERVED
CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24398
RESERVED
CVE-2023-24397
@@ -15680,7 +15680,7 @@ CVE-2023-23683
CVE-2023-23682
RESERVED
CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23680
RESERVED
CVE-2023-23679
@@ -15692,7 +15692,7 @@ CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix G
CVE-2023-23676
RESERVED
CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23674
RESERVED
CVE-2023-23673
@@ -26196,7 +26196,7 @@ CVE-2022-43666
CVE-2022-43496
RESERVED
CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the Add UCS ...)
- TODO: check
+ NOT-FOR-US: ZoHo ManageEngine
CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46644
@@ -61438,7 +61438,7 @@ CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore W
CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30705 (Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plu ...)
@@ -68628,7 +68628,7 @@ CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check
NOTE: https://github.com/davea42/libdwarf-code/issues/116
NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001
CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrar ...)
- TODO: check
+ NOT-FOR-US: ScriptCase
CVE-2022-32198
RESERVED
CVE-2022-32197
@@ -74124,9 +74124,9 @@ CVE-2022-30353
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
NOT-FOR-US: phpABook
CVE-2022-30351 (PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having w ...)
- TODO: check
+ NOT-FOR-US: PDFZorro PDFZorro Online
CVE-2022-30350 (Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Avanquest Software RAD PDF (PDFEscape Online)
CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: siteserver SSCMS
CVE-2022-30348
@@ -78938,13 +78938,13 @@ CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for Python
CVE-2022-28694
RESERVED
CVE-2022-28688 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-28687 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-28686 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-28685 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-28684 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: DevExpress
CVE-2022-28683 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -79233,19 +79233,19 @@ CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to inc
CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2022-28647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28645 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28640 (A potential local adjacent arbitrary code execution vulnerability that ...)
NOT-FOR-US: HPE
CVE-2022-28639 (A remote potential adjacent denial of service (DoS) and potential adja ...)
@@ -79319,9 +79319,9 @@ CVE-2022-26838
CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
NOT-FOR-US: plantuml
CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary code on ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-1229 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows an a ...)
@@ -80071,47 +80071,47 @@ CVE-2022-28321 (The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed a
- pam <not-affected> (Vulnerability introduced to SUSE-specific patch)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197654
CVE-2022-28320 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28319 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28318 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28317 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28316 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28315 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28314 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28313 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28312 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28311 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28310 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28309 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28308 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28307 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28306 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28305 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28304 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28303 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28302 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28301 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-28300 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4. ...)
NOT-FOR-US: CENTUM
CVE-2022-26034 (Improper authentication vulnerability in the communication protocol pr ...)
@@ -82241,21 +82241,21 @@ CVE-2022-27649 (A flaw was found in Podman, where containers were started incorr
NOTE: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main)
NOTE: https://github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13 (v4.0.3)
CVE-2022-27648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: KOYO Screen Creator
CVE-2022-27647 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27646 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27645 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27644 (This vulnerability allows network-adjacent attackers to compromise the ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27643 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27642 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27641 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-27640 (A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versi ...)
NOT-FOR-US: Siemens
CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...)
@@ -82372,9 +82372,9 @@ CVE-2022-27600
CVE-2022-27599
RESERVED
CVE-2022-27598 (A vulnerability have been reported to affect multiple QNAP operating s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27597 (A vulnerability have been reported to affect multiple QNAP operating s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...)
NOT-FOR-US: QNAP
CVE-2022-27595
@@ -86462,7 +86462,7 @@ CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, a
CVE-2022-26150
RESERVED
CVE-2022-26080 (Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus S ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...)
NOT-FOR-US: Mind Workbench
CVE-2022-0812 (An information leak flaw was found in NFS over RDMA in the net/sunrpc/ ...)
@@ -89025,7 +89025,7 @@ CVE-2022-0652 (Confd log files contain local users', including root’s, SHA
CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0650 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
@@ -89971,9 +89971,9 @@ CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not menti
CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...)
NOT-FOR-US: Proofpoint email-isolation
CVE-2022-24973 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-24972 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2022-24970
@@ -90143,9 +90143,9 @@ CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow a
CVE-2022-24916 (Optimism before @eth-optimism/l2geth at 0.5.11 allows economic griefing b ...)
NOT-FOR-US: Optimism
CVE-2022-24908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-24907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-24906 (Nextcloud Deck is a Kanban-style project & personal management too ...)
NOT-FOR-US: Nextcloud Deck
CVE-2022-24905 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -90989,11 +90989,11 @@ CVE-2022-24675 (encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
NOTE: https://go.dev/issue/51853
CVE-2022-24674 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2022-24673 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2022-24672 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2022-24383 (The affected product is vulnerable to an out-of-bounds read, which may ...)
NOT-FOR-US: Fuji Electric
CVE-2022-21228 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
@@ -91930,9 +91930,9 @@ CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute
CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: TP-Link
CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-24351
RESERVED
CVE-2022-24350
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46a9a68420f217b4d038d902c631a4645cae096
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46a9a68420f217b4d038d902c631a4645cae096
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230331/a3c5b2fe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list