Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfb157c8 by Salvatore Bonaccorso at 2023-02-08T22:14:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2023-0750
CVE-2023-0749
RESERVED
CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver
prior to ...)
- TODO: check
+ NOT-FOR-US: btcpayserver
CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
- TODO: check
+ NOT-FOR-US: btcpayserver
CVE-2023-0746
RESERVED
CVE-2023-0745
@@ -73,15 +73,15 @@ CVE-2023-25590
CVE-2023-25589
RESERVED
CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer
prior to ...)
- TODO: check
+ NOT-FOR-US: Answer
CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository
answerdev/an ...)
- TODO: check
+ NOT-FOR-US: Answer
CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
- TODO: check
+ NOT-FOR-US: Answer
CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository
answerdev/answer ...)
- TODO: check
+ NOT-FOR-US: Answer
CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
- TODO: check
+ NOT-FOR-US: Answer
CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer
prior t ...)
NOT-FOR-US: Answer
CVE-2023-0738
@@ -386,7 +386,7 @@ CVE-2023-0692
CVE-2023-0691
RESERVED
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue
where w ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Boundary
CVE-2023-0689
RESERVED
CVE-2023-0688
@@ -598,7 +598,7 @@ CVE-2023-25398
CVE-2023-25397
RESERVED
CVE-2023-25396 (Privilege escalation in the MSI repair functionality in
Caphyon Advanc ...)
- TODO: check
+ NOT-FOR-US: Caphyon Advanced Installer
CVE-2023-25395
RESERVED
CVE-2023-25394
@@ -4554,7 +4554,7 @@ CVE-2023-23848
CVE-2023-23847
RESERVED
CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP
library versi ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2023-23845
RESERVED
CVE-2023-23844
@@ -5878,7 +5878,7 @@ CVE-2023-23477 (IBM WebSphere Application Server 8.5 and
9.0 traditional could a
CVE-2023-23476
RESERVED
CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-23474
RESERVED
CVE-2023-23473
@@ -9516,7 +9516,7 @@ CVE-2022-48076
CVE-2022-48075
RESERVED
CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: NoMachine
CVE-2022-48073 (Phicomm K2 v22.6.534.263 was discovered to store the root and
admin pa ...)
NOT-FOR-US: Phicomm
CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command
injection v ...)
@@ -14455,7 +14455,7 @@ CVE-2022-46936
CVE-2022-46935
RESERVED
CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site
scripting (XS ...)
- TODO: check
+ NOT-FOR-US: kkFileView
CVE-2022-46933
RESERVED
CVE-2022-46932
@@ -14813,7 +14813,7 @@ CVE-2022-46844
CVE-2022-46843
RESERVED
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help
Desk plugin ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2022-46841
RESERVED
CVE-2022-46840
@@ -14927,7 +14927,7 @@ CVE-2022-46817
CVE-2022-46816
RESERVED
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri
Karisola / WP ...)
- TODO: check
+ NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for
WooCommerce plugin
CVE-2022-46814
RESERVED
CVE-2022-46813
@@ -18156,7 +18156,7 @@ CVE-2022-45757
CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: SENS
CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0
allows atta ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2022-45754
RESERVED
CVE-2022-45753
@@ -18619,9 +18619,9 @@ CVE-2022-45529 (AeroCMS v0.0.1 was discovered to
contain a SQL Injection vulnera
CVE-2022-45528
RESERVED
CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional
Management Web ...)
- TODO: check
+ NOT-FOR-US: Future-Depth Institutional Management Website (IMS)
CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional
Management W ...)
- TODO: check
+ NOT-FOR-US: Future-Depth Institutional Management Website (IMS)
CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack
overflow v ...)
NOT-FOR-US: Tenda
CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack
overflow v ...)
@@ -19027,7 +19027,7 @@ CVE-2022-45442 (Sinatra is a domain-specific language
for creating web applicati
NOTE:
https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b
(v3.0.4)
NOTE:
https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a
(v2.2.3)
CVE-2022-45441 (A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N
v2 firmwa ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel
AX7501-B0 firmwa ...)
NOT-FOR-US: Zyxel
CVE-2022-45439 (A pair of spare WiFi credentials is stored in the
configuration file o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb157c85fc863417acc0e309d1a2d8429f62c05
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb157c85fc863417acc0e309d1a2d8429f62c05
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
