Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f5cab46 by Moritz Muehlenhoff at 2023-02-10T12:23:15+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2023-25643
CVE-2023-25642
RESERVED
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to
5.5.7,deve ...)
- TODO: check
+ - ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
TODO: check
CVE-2023-0769
@@ -177,7 +177,7 @@ CVE-2023-0755
CVE-2023-0754
RESERVED
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It
has bee ...)
- TODO: check
+ NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611
RESERVED
CVE-2023-25610
@@ -205,7 +205,7 @@ CVE-2023-0753
CVE-2023-0752
RESERVED
CVE-2023-0751 (When GELI reads a key file from standard input, it does not
reuse the ...)
- TODO: check
+ NOT-FOR-US: FreeBSD GELI
CVE-2023-0750
RESERVED
CVE-2023-0749
@@ -217,7 +217,7 @@ CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in
GitHub repository btcpayse
CVE-2023-0746
RESERVED
CVE-2023-0745 (Relative Path Traversal vulnerability in YugaByte, Inc.
Yugabyte Manag ...)
- TODO: check
+ - yugabyte-db <itp> (bug #989673)
CVE-2022-48321
RESERVED
CVE-2022-48320
@@ -2229,7 +2229,7 @@ CVE-2023-24817
CVE-2023-24816
RESERVED
CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web
applications i ...)
- TODO: check
+ NOT-FOR-US: Vert.x-Web
CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework
released ...)
NOT-FOR-US: Typo3
CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the
differen ...)
@@ -2272,9 +2272,9 @@ CVE-2023-0577
CVE-2023-0576 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- yugabyte-db <itp> (bug #989673)
CVE-2023-0575 (External Control of Critical State Data, Improper Control of
Generatio ...)
- TODO: check
+ - yugabyte-db <itp> (bug #989673)
CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled
Modification ...)
- TODO: check
+ - yugabyte-db <itp> (bug #989673)
CVE-2022-48305
RESERVED
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
@@ -2508,19 +2508,19 @@ CVE-2023-24692
CVE-2023-24691
RESERVED
CVE-2023-24690 (ChurchCRM 4.5.3 and below was discovered to contain a stored
cross-sit ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-24689 (An issue in Mojoportal v2.7.0.0 and below allows an
authenticated atta ...)
- TODO: check
+ NOT-FOR-US: Mojoportal
CVE-2023-24688 (An issue in Mojoportal v2.7.0.0 allows an unauthenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: Mojoportal
CVE-2023-24687 (Mojoportal v2.7.0.0 was discovered to contain a stored
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Mojoportal
CVE-2023-24686 (An issue in the CSV Import function of ChurchCRM v4.5.3 and
below allo ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-24685 (ChurchCRM v4.5.3 and below was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-24684 (ChurchCRM v4.5.3 and below was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2023-24683
RESERVED
CVE-2023-24682
@@ -2699,39 +2699,39 @@ CVE-2023-0568
CVE-2023-0567
RESERVED
CVE-2022-48302 (The AMS module has a vulnerability of lacking permission
verification ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48301 (The bundle management module lacks permission verification in
some API ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48300 (The WMS module lacks the authentication mechanism in some
APIs. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48299 (The WMS module lacks the authentication mechanism in some
APIs. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48298 (The geofencing kernel code does not verify the length of the
input dat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48297 (The geofencing kernel code has a vulnerability of not
verifying the le ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48296 (The SystemUI has a vulnerability in permission management.
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification.
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48294 (The IHwAttestationService interface has a defect in
authentication. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48291
RESERVED
CVE-2022-48290 (The phone-PC collaboration module has a logic bypass
vulnerability. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48289 (The bundle management module lacks authentication and control
mechanis ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48288 (The bundle management module lacks authentication and control
mechanis ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability.
Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48286 (The multi-screen collaboration module has a privilege
escalation vulne ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-24607
RESERVED
CVE-2023-24606
@@ -3628,9 +3628,9 @@ CVE-2023-24325
CVE-2023-24324
RESERVED
CVE-2023-24323 (Mojoportal v2.7 was discovered to contain an authenticated XML
externa ...)
- TODO: check
+ NOT-FOR-US: Mojoportal
CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the
FileDialog ...)
- TODO: check
+ NOT-FOR-US: Mojoportal
CVE-2023-24321
RESERVED
CVE-2023-24320
@@ -4603,7 +4603,7 @@ CVE-2023-23914
CVE-2023-23913
RESERVED
CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5
and earli ...)
- TODO: check
+ NOT-FOR-US: EdgeRouters
CVE-2023-23911
RESERVED
CVE-2023-23900
@@ -5432,7 +5432,7 @@ CVE-2023-23633
CVE-2023-23632
RESERVED
CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that
wraps go- ...)
- TODO: check
+ NOT-FOR-US: github.com/ipfs/go-unixfsnode
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside
Node, Deno, ...)
NOT-FOR-US: Eta
CVE-2023-23629 (Metabase is an open source data analytics platform. Affected
versions ...)
@@ -5666,7 +5666,7 @@ CVE-2023-23594
CVE-2023-23593
RESERVED
CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote
attacker to ac ...)
- TODO: check
+ NOT-FOR-US: WALLIX Access Manager
CVE-2023-23591
RESERVED
CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane
(Special E ...)
@@ -7272,7 +7272,7 @@ CVE-2023-22955
CVE-2023-22954
RESERVED
CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be
achieve ...)
- TODO: check
+ NOT-FOR-US: ExpressionEngine
CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can
inject cu ...)
NOT-FOR-US: SugarCRM
CVE-2023-22951
@@ -7843,7 +7843,7 @@ CVE-2023-0117
CVE-2023-0116
RESERVED
CVE-2023-0115 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- TODO: check
+ NOT-FOR-US: REJECTED
CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated
as prob ...)
NOT-FOR-US: CapsAdmin PAC3
CVE-2021-4309 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -8109,7 +8109,7 @@ CVE-2023-22799 (A ReDoS based DoS vulnerability in the
GlobalID <1.0.1 which
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
NOTE:
https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b
(v1.1.0)
CVE-2023-22798 (Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0,
https://gith ...)
- TODO: check
+ NOT-FOR-US: Brave adblock-lists
CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with
the new ...)
- rails <not-affected> (Only affects 7.x)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120
@@ -15078,7 +15078,7 @@ CVE-2022-4368 (The WP CSV WordPress plugin through
1.8.0.0 does not sanitize and
CVE-2022-4367
RESERVED
CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates
ISNs(Initial Seq ...)
- TODO: check
+ NOT-FOR-US: Zuken Elmic
CVE-2022-43460
RESERVED
CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting
to AWS ...)
@@ -18458,7 +18458,7 @@ CVE-2022-45701
CVE-2022-45700
RESERVED
CVE-2022-45699 (Command injection in the administration interface in APSystems
ECU-R v ...)
- TODO: check
+ NOT-FOR-US: APSystems
CVE-2022-45698
RESERVED
CVE-2022-45697
@@ -19419,71 +19419,71 @@ CVE-2023-21453
CVE-2023-21452
RESERVED
CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList
in SECRI ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation +
prior to v ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21449
RESERVED
CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version
5.3.0.3 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09
in Andro ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to
versions 12. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC
4.9.14.0 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for
Android prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21442 (Improper access control vulnerability in Runestone application
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability
in Routin ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21440 (Improper access control vulnerability in WindowManagerService
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21439 (Improper input validation vulnerability in
UwbDataTxStatusEvent prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1
allows ph ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21437 (Improper access control vulnerability in Phone application
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR
Feb-2023 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint
TA prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior
to 1.7.9 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21431 (Improper input validation in Bixby Vision prior to version
3.7.70.17 a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in
libSDKRe ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior
to SMR Ja ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR
Jan-2023 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior
to SMR Ja ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21425 (Improper access control vulnerability in telecom application
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior
to SMR J ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in
WifiSev ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in
STST TA ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR
Jan-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto
reported memor ...)
{DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1}
- firefox 107.0-1
@@ -20034,7 +20034,7 @@ CVE-2022-3992 (A vulnerability classified as
problematic was found in SourceCode
CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: Photospace Gallery plugin for WordPress
CVE-2022-3990 (HPSFViewer might allow Escalation of Privilege. This potential
vulnera ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly
validate up ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as
problematic. ...)
@@ -20133,11 +20133,11 @@ CVE-2022-45194 (CBRN-Analysis before 22 allows XXE
attacks via am mws XML docume
CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public
Profile ...)
NOT-FOR-US: CBRN-Analysis
CVE-2022-45192 (An issue was discovered on Microchip RN4870 1.43 devices. An
attacker ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2022-45191 (An issue was discovered on Microchip RN4870 1.43 devices. An
attacker ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An
attacker ...)
- TODO: check
+ NOT-FOR-US: Microchip
CVE-2022-45189
RESERVED
CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer
overflow ...)
@@ -20412,19 +20412,19 @@ CVE-2022-45103 (Dell Unisphere for PowerMax vApp,
VASA Provider vApp, and Soluti
CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7,
contains ...)
NOT-FOR-US: EMC
CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper
Handling ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an
Improper Cert ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45099 (Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak
encoding f ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45098 (Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext
storage of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45097 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect
User Manag ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45096 (Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User
Interface ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45095 (Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
NOT-FOR-US: Siemens
CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
@@ -20480,7 +20480,7 @@ CVE-2022-45069 (Auth. (contributor+) Privilege
Escalation vulnerability in Crowd
CVE-2022-45068
RESERVED
CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability in DevsCred
Exclusive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in
WooSwipe Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45065
@@ -20490,7 +20490,7 @@ CVE-2022-45064
CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3918 (A program using FoundationNetworking in
swift-corelibs-foundation is p ...)
- TODO: check
+ NOT-FOR-US: swift-corelibs-foundation
CVE-2022-3917 (Improper access control of bootloader function was discovered
in Motor ...)
NOT-FOR-US: Motorola
CVE-2022-3916
@@ -20501,7 +20501,7 @@ CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6
does not properly sanitis
CVE-2022-3914
RESERVED
CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177
fail to v ...)
- TODO: check
+ NOT-FOR-US: Rapid7
CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie
Consent + m ...)
@@ -20973,7 +20973,7 @@ CVE-2022-44899
CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79
does not p ...)
NOT-FOR-US: Asus Aura Sync
CVE-2022-44897 (A cross-site scripting (XSS) vulnerability in ApolloTheme AP
PageBuild ...)
- TODO: check
+ NOT-FOR-US: ApolloTheme AP PageBuilder
CVE-2022-44896
RESERVED
CVE-2022-44895
@@ -21416,13 +21416,13 @@ CVE-2022-44720
CVE-2022-44719
RESERVED
CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build
904. Open R ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build
904. Open R ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44716
RESERVED
CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build
904 allow ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object
Injection ...)
@@ -22891,11 +22891,11 @@ CVE-2023-20858
CVE-2023-20857
RESERVED
CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-20855
RESERVED
CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-44605
RESERVED
CVE-2022-44604
@@ -22937,7 +22937,7 @@ CVE-2022-44587
CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub
Media AM-HiL ...)
NOT-FOR-US: Ayoub Media
CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab
Sà ...)
- TODO: check
+ NOT-FOR-US: Magneticlab
CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ
plugin & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ
plugin & ...)
@@ -23344,9 +23344,9 @@ CVE-2023-20853
CVE-2023-20852
RESERVED
CVE-2022-44448 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference
issue due ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This
could l ...)
NOT-FOR-US: Unisoc
CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This
could l ...)
@@ -23398,7 +23398,7 @@ CVE-2022-44423 (In music service, there is a missing
permission check. This coul
CVE-2022-44422 (In music service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-44421 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-44420
RESERVED
CVE-2022-44419
@@ -23560,7 +23560,7 @@ CVE-2022-44345 (Sanitization Management System v1.0 is
vulnerable to SQL Injecti
CVE-2022-44344
RESERVED
CVE-2022-44343 (CRMEB 4.4.4 is vulnerable to Any File download. ...)
- TODO: check
+ NOT-FOR-US: CRMEB
CVE-2022-44342
RESERVED
CVE-2022-44341
@@ -23650,7 +23650,7 @@ CVE-2022-44300
CVE-2022-44299
RESERVED
CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the
background. ...)
NOT-FOR-US: SiteServer CMS
CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
@@ -23722,9 +23722,9 @@ CVE-2022-44266
CVE-2022-44265
RESERVED
CVE-2022-44264 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted
Service Pa ...)
- TODO: check
+ NOT-FOR-US: Dentsply Sirona Sidexis
CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect
Access Co ...)
- TODO: check
+ NOT-FOR-US: Dentsply Sirona Sidexis
CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
NOT-FOR-US: ff4j
CVE-2022-44261
@@ -24205,17 +24205,17 @@ CVE-2022-44030 (Redmine 5.x before 5.0.4 allows
downloading of file attachments
NOTE:
https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909
NOTE:
https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833
CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before
P10. It al ...)
- TODO: check
+ NOT-FOR-US: NetScout
CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify
disabled ...)
NOT-FOR-US: PwnDoc
CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify
valid us ...)
@@ -24279,7 +24279,7 @@ CVE-2022-3754 (Weak Password Requirements in GitHub
repository thorsten/phpmyfaq
CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed
Aternity before ...)
- TODO: check
+ NOT-FOR-US: Riverbed Aternity
CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a
crafted CSAF d ...)
NOT-FOR-US: csaf_provider
CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
contains ...)
@@ -24319,11 +24319,11 @@ CVE-2022-43982 (In Apache Airflow versions prior to
2.4.2, the "Trigger DAG with
CVE-2022-43981
RESERVED
CVE-2022-43980 (There is a stored cross-site scripting vulnerability in
Pandora FMS v7 ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion
in Pand ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-43978 (There is an improper authentication vulnerability in Pandora
FMS v764. ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post
withou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3749
@@ -24817,41 +24817,41 @@ CVE-2023-20621
CVE-2023-20620
RESERVED
CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper
locking. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper
locking. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20617
RESERVED
CVE-2023-20616 (In ion, there is a possible out of bounds read due to type
confusion. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20615 (In ril, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20614 (In ril, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20613 (In ril, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20612 (In ril, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20611 (In gpu, there is a possible use after free due to a race
condition. Th ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20610 (In display drm, there is a possible memory corruption due to a
race co ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20609 (In ccu, there is a possible out of bounds read due to a logic
error. T ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20608 (In display drm, there is a possible use after free due to a
race condi ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20607 (In ccu, there is a possible memory corruption due to a race
condition. ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20606 (In apusys, there is a possible out of bounds read due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20605 (In keyinstall, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20604 (In ged, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20603
RESERVED
CVE-2023-20602 (In ged, there is a possible out of bounds write due to an
integer over ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices
before 3.7 ...)
NOT-FOR-US: GE
CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions
MS3000 ...)
@@ -26128,11 +26128,11 @@ CVE-2023-0005
CVE-2023-0004
RESERVED
CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks
Cortex XSOAR ...)
- TODO: check
+ NOT-FOR-US: Palo Alto
CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto
CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto
CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All
versions). ...)
NOT-FOR-US: QMS Automotive
CVE-2022-43957
@@ -26553,7 +26553,7 @@ CVE-2022-43781 (There is a command injection
vulnerability using environment var
CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be
vulnerable to ...)
NOT-FOR-US: HP
CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-43778
RESERVED
CVE-2022-43777
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5cab46ac7b854f48342b63da965f376a059712
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5cab46ac7b854f48342b63da965f376a059712
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
