Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3bca77a by Moritz Muehlenhoff at 2023-02-13T10:51:13+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135,9 +135,9 @@ CVE-2022-4907
CVE-2022-4906
RESERVED
CVE-2022-48323 (Sunlogin Sunflower Simplified (aka Sunflower Simple and
Personal) 1.0. ...)
- TODO: check
+ NOT-FOR-US: Sunlogin Sunflower Simplified
CVE-2022-48322 (NETGEAR Nighthawk WiFi Mesh systems and routers are affected
by a stac ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2021-4324
RESERVED
CVE-2021-4323
@@ -213,15 +213,15 @@ CVE-2023-0782 (A vulnerability was found in Tenda AC23
16.03.07.45 and classifie
CVE-2023-0781 (A vulnerability was found in SourceCodester Canteen Management
System ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2020-36661 (A vulnerability was found in Kong lua-multipart 0.5.8-1. It
has been d ...)
- TODO: check
+ NOT-FOR-US: lua-multipart
CVE-2019-25103 (A vulnerability has been found in simple-markdown 0.5.1 and
classified ...)
- TODO: check
+ NOT-FOR-US: simple-markdown
CVE-2019-25102 (A vulnerability, which was classified as problematic, was
found in sim ...)
- TODO: check
+ NOT-FOR-US: simple-markdown
CVE-2015-10078 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Resend Welcome Email Plugin
CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
- TODO: check
+ NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0779
RESERVED
CVE-2023-0778
@@ -4066,7 +4066,7 @@ CVE-2023-24232 (A stored cross-site scripting (XSS)
vulnerability in the compone
CVE-2023-24231 (A stored cross-site scripting (XSS) vulnerability in the
component /ph ...)
NOT-FOR-US: Inventory Management System
CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the
component /fo ...)
- TODO: check
+ NOT-FOR-US: Formwork
CVE-2023-24229
RESERVED
CVE-2023-24228
@@ -7924,7 +7924,7 @@ CVE-2023-0128 (Use after free in Overview Mode in Google
Chrome on Chrome OS pri
- chromium 109.0.5414.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0127 (A command injection vulnerability in the firmware_update
command, in t ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000
firmware ve ...)
NOT-FOR-US: SonicWall
CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been
declared as ...)
@@ -10277,23 +10277,23 @@ CVE-2023-22369
CVE-2023-22368
RESERVED
CVE-2023-22367 (Ichiran App for iOS versions prior to 3.1.0 and Ichiran App
for Androi ...)
- TODO: check
+ NOT-FOR-US: Ichiran
CVE-2023-22362 (SUSHIRO App for Android outputs sensitive information to the
log file, ...)
- TODO: check
+ NOT-FOR-US: SUSHIRO
CVE-2023-22360 (Use-after free vulnerability exists in Screen Creator Advance
2 Ver.0. ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22353 (Out-of-bound read vulnerability exists in Screen Creator
Advance 2 Ver ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22350 (Out-of-bound read vulnerability exists in Screen Creator
Advance 2 Ver ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22349 (Out-of-bound read vulnerability exists in Screen Creator
Advance 2 Ver ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22347 (Out-of-bound read vulnerability exists in Screen Creator
Advance 2 Ver ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator
Advance 2 Ver ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator
Advance 2 Ve ...)
- TODO: check
+ NOT-FOR-US: Screen Creator Advance
CVE-2023-22344
RESERVED
CVE-2023-22336
@@ -13160,7 +13160,7 @@ CVE-2022-4558 (A vulnerability was found in Alinto SOGo
up to 5.7.1. It has been
[buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
(SOGo-5.8.0)
CVE-2022-4557 (Improper Input Validation vulnerability in Group Arge Energy
and Contr ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
- sogo 5.8.0-1
[bullseye] - sogo <no-dsa> (Minor issue)
@@ -15312,7 +15312,7 @@ CVE-2022-4367
CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates
ISNs(Initial Seq ...)
NOT-FOR-US: Zuken Elmic
CVE-2022-43460 (Driver Distributor v2.2.3.1 and earlier contains a
vulnerability where ...)
- TODO: check
+ NOT-FOR-US: Driver Distributor
CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting
to AWS ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom
STS endpo ...)
@@ -20663,19 +20663,19 @@ CVE-2022-45093 (A vulnerability has been identified
in SINEC INS (All versions &
CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions
< V1 ...)
NOT-FOR-US: Siemens
CVE-2022-45091 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45090 (Improper Input Validation vulnerability in Group Arge Energy
and Contr ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45089 (Improper Input Validation vulnerability in Group Arge Energy
and Contr ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45088 (Improper Input Validation vulnerability in Group Arge Energy
and Contr ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45087 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge
Energy ...)
- TODO: check
+ NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45084
RESERVED
CVE-2022-45083
@@ -26193,7 +26193,7 @@ CVE-2023-20078
CVE-2023-20077
RESERVED
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting
environment could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20075
RESERVED
CVE-2023-20074
@@ -31047,7 +31047,7 @@ CVE-2022-42294
CVE-2022-42293
RESERVED
CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the
NVContainer ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the
installer, w ...)
NOT-FOR-US: NVIDIA
CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an
authoriz ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3bca77acedfc23f5b3229d48c695d85e6757457
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3bca77acedfc23f5b3229d48c695d85e6757457
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
