Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ab1482e by Moritz Muehlenhoff at 2023-01-20T20:12:29+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -111,7 +111,7 @@ CVE-2023-0412
CVE-2023-0411
RESERVED
CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository
builderio/qw ...)
- TODO: check
+ NOT-FOR-US: builderio/qwik
CVE-2023-0409
RESERVED
CVE-2023-0408
@@ -530,11 +530,11 @@ CVE-2021-4314 (It is possible to manipulate the JWT token
without the knowledge
CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions
Plugin ...)
NOT-FOR-US: bastianallgeier Kirby Webmentions Plugin
CVE-2015-10070 (A vulnerability was found in copperwall Twiddit. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: copperwall Twiddit
CVE-2015-10069 (A vulnerability was found in viakondratiuk cash-machine. It
has been d ...)
- TODO: check
+ NOT-FOR-US: viakondratiuk cash-machine
CVE-2014-125083 (A vulnerability has been found in Anant Labs
google-enterprise-connect ...)
- TODO: check
+ NOT-FOR-US: Anant Labs google-enterprise-connect
CVE-2013-10014 (A vulnerability classified as critical has been found in
oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
CVE-2023-23774
@@ -780,7 +780,7 @@ CVE-2012-10006 (A vulnerability classified as critical has
been found in ale7714
CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been
declared ...)
NOT-FOR-US: iamdroppy phoenixcf
CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
simplesam ...)
- TODO: check
+ NOT-FOR-US: simplesamlphp-module-openidprovider
CVE-2023-XXXX [RUSTSEC-2023-0002]
- rust-git2 0.16.0-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0002.html
@@ -1166,7 +1166,7 @@ CVE-2013-10012 (A vulnerability, which was classified as
critical, was found in
CVE-2010-10005 (A vulnerability was found in msmania poodim. It has been
declared as c ...)
NOT-FOR-US: msmania poodim
CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command
injection. W ...)
- TODO: check
+ NOT-FOR-US: jc21 NGINX Proxy Manager
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that
exfiltr ...)
NOT-FOR-US: BlueCat Device Registration Portal
CVE-2023-23594
@@ -3135,7 +3135,7 @@ CVE-2023-0128 (Use after free in Overview Mode in Google
Chrome on Chrome OS pri
CVE-2023-0127
RESERVED
CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000
firmware ve ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been
declared as ...)
NOT-FOR-US: Control iD Panel
CVE-2023-0124
@@ -4279,7 +4279,7 @@ CVE-2023-22578
CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to
a form ...)
- TODO: check
+ NOT-FOR-US: AsyncHTTPClient
CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable
to auth ...)
NOT-FOR-US: User Post Gallery - UPG plugin for WordPress
CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin
for Wor ...)
@@ -4649,7 +4649,7 @@ CVE-2021-46869
CVE-2023-22500
RESERVED
CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8
and is bu ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2023-22498
REJECTED
CVE-2023-22497 (Netdata is an open source option for real-time infrastructure
monitori ...)
@@ -6227,13 +6227,13 @@ CVE-2023-22381
CVE-2023-22380
RESERVED
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System
(CHS) Ver.3 ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System
(CHS) Ve ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22334 (Use of password hash instead of password for authentication
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI
System (CHS) ...)
- TODO: check
+ NOT-FOR-US: CONPROSYS
CVE-2023-0020
RESERVED
CVE-2023-0019
@@ -9611,7 +9611,7 @@ CVE-2022-47107
CVE-2022-47106
RESERVED
CVE-2022-47105 (Jeecg-boot v3.4.4 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-47104
RESERVED
CVE-2022-47103
@@ -10192,15 +10192,15 @@ CVE-2022-4392 (The iPanorama 360 WordPress Virtual
Tour Builder plugin through 1
CVE-2022-46892
RESERVED
CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver.
There is a ...)
- TODO: check
+ NOT-FOR-US: Arm Mali
CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote
authenti ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46889 (A persistent cross-site scripting (XSS) vulnerability in
NexusPHP befo ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities
in Nexu ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before
1.7.33 allow ...)
- TODO: check
+ NOT-FOR-US: NexusPHP
CVE-2022-46886
RESERVED
CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the
Mozilla Fuzzin ...)
@@ -11344,7 +11344,7 @@ CVE-2022-46507
CVE-2022-46506
RESERVED
CVE-2022-46505 (An issue in MatrixSSL 4.5.1-open and earlier leads to failure
to secur ...)
- TODO: check
+ - matrixssl <removed>
CVE-2022-46504
RESERVED
CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component
/admin/reg ...)
@@ -11408,7 +11408,7 @@ CVE-2022-46478 (The RPC interface in datax-web v1.0.0
and v2.0.0 to v2.1.2 conta
CVE-2022-46477
RESERVED
CVE-2022-46476 (D-Link DIR-859 A1 1.05 was discovered to contain a command
injection v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a
stack over ...)
NOT-FOR-US: D-Link
CVE-2022-46474
@@ -12036,7 +12036,7 @@ CVE-2022-4237 (The Welcart e-Commerce WordPress plugin
before 2.8.6 does not val
CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4235 (RushBet version 2022.23.1-b490616d allows a remote attacker to
steal c ...)
- TODO: check
+ NOT-FOR-US: RushBet
CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4233 (A vulnerability has been found in SourceCodester Event
Registration Sy ...)
@@ -18296,7 +18296,7 @@ CVE-2022-3808
CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been
rated as pr ...)
NOT-FOR-US: Bento4
CVE-2022-3806 (Inconsistent handling of error cases in bluetooth hci may lead
to a do ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
authorizat ...)
NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has
been cl ...)
@@ -19637,7 +19637,7 @@ CVE-2022-3740
CVE-2022-3739
RESERVED
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to
download ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 me ...)
NOT-FOR-US: PHOENIX
CVE-2023-20851
@@ -21283,9 +21283,9 @@ CVE-2023-20060
CVE-2023-20059
RESERVED
CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco
AsyncOS Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20056
RESERVED
CVE-2023-20055
@@ -21305,27 +21305,27 @@ CVE-2023-20049
CVE-2023-20048
RESERVED
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20046
RESERVED
CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco
Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an
authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an
authenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20042
RESERVED
CVE-2023-20041
RESERVED
CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network
Services Orche ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20039
RESERVED
CVE-2023-20038 (A vulnerability in the monitoring application of Cisco
Industrial Netw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could
allow an au ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20036
RESERVED
CVE-2023-20035
@@ -21347,9 +21347,9 @@ CVE-2023-20028
CVE-2023-20027
RESERVED
CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco
Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco
Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20024
RESERVED
CVE-2023-20023
@@ -21359,11 +21359,11 @@ CVE-2023-20022
CVE-2023-20021
RESERVED
CVE-2023-20020 (A vulnerability in the Device Management Servlet application
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20017
RESERVED
CVE-2023-20016
@@ -21379,13 +21379,13 @@ CVE-2023-20012
CVE-2023-20011
RESERVED
CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20009
RESERVED
CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco
Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20006
RESERVED
CVE-2023-20005
@@ -21395,7 +21395,7 @@ CVE-2023-20004
CVE-2023-20003
RESERVED
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software
could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20001
RESERVED
CVE-2023-0010
@@ -24167,7 +24167,7 @@ CVE-2022-42969 (The py library through 1.11.0 for
Python allows remote attackers
CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the
git backe ...)
- gitea <removed>
CVE-2022-42967 (Caret is vulnerable to an XSS attack when the user opens a
crafted Mar ...)
- TODO: check
+ NOT-FOR-US: Caret
CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
- python-cleo <not-affected> (Vulnerable code introduced later; cf
#1024018)
NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/
@@ -25068,7 +25068,7 @@ CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c
in Sangoma Asterisk 16.28
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
NOTE:
https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2
CVE-2022-42704 (A cross-site scripting (XSS) vulnerability in Employee Service
Center ...)
- TODO: check
+ NOT-FOR-US: Employee Service Center
CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba
within t ...)
{DSA-5287-1 DLA-3206-1}
- samba 2:4.16.6+dfsg-1
@@ -27912,7 +27912,7 @@ CVE-2022-40700
CVE-2022-40699
RESERVED
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in 3com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in News ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat
Apps Analyt ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab1482e65c384d267289bb4e34ad6964166a605
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab1482e65c384d267289bb4e34ad6964166a605
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
