Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f5c3bb8c by Moritz Muehlenhoff at 2023-02-28T11:09:08+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2023-22848
CVE-2023-22390
RESERVED
CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2023-1080
RESERVED
CVE-2023-27291
@@ -1668,7 +1668,7 @@ CVE-2020-36662
CVE-2015-10087
RESERVED
CVE-2015-10086 (A vulnerability, which was classified as critical, was found
in OpenCy ...)
- TODO: check
+ NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in
net/mpls/ ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2)
@@ -2466,7 +2466,7 @@ CVE-2023-0936 (A vulnerability was found in TP-Link
Archer C50 V2_160801. It has
CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has
been decla ...)
NOT-FOR-US: DolphinPHP
CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading
arbitrary ...)
- TODO: check
+ NOT-FOR-US: php-saml-sp
CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working
director ...)
- aflplusplus <unfixed>
[bullseye] - aflplusplus <no-dsa> (Minor issue)
@@ -2868,13 +2868,13 @@ CVE-2023-26107
CVE-2023-26106
RESERVED
CVE-2023-26105 (All versions of the package utilities are vulnerable to
Prototype Poll ...)
- TODO: check
+ NOT-FOR-US: mde JavaScript utilities
CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to
Denial o ...)
- TODO: check
+ NOT-FOR-US: Node lite-web-server
CVE-2023-26103 (Versions of the package deno before 1.31.0 are vulnerable to
Regular E ...)
NOT-FOR-US: Deno
CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype
Pollutio ...)
- TODO: check
+ NOT-FOR-US: Node rangy
CVE-2023-0926
RESERVED
CVE-2023-0925
@@ -2991,9 +2991,9 @@ CVE-2022-48328
(app/Controller/Component/IndexFilterComponent.php in MISP before
CVE-2021-4325 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: NHN TOAST UI Chart
CVE-2017-20179 (A vulnerability was found in InSTEDD Pollit 2.3.1. It has been
rated a ...)
- TODO: check
+ NOT-FOR-US: InSTEDD Pollit
CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared
as probl ...)
- TODO: check
+ NOT-FOR-US: GoPistolet
CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and
classifie ...)
NOT-FOR-US: irontec klear-library
CVE-2015-10083 (A vulnerability has been found in harrystech Dynosaur-Rails
and classi ...)
@@ -3013,7 +3013,7 @@ CVE-2017-20178 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability was found in Cod
CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator
Plugin 2.1 ...)
NOT-FOR-US: meta4creations Post Duplicator Plugin
CVE-2015-10082 (A vulnerability classified as problematic has been found in
UIKit0 lib ...)
- TODO: check
+ NOT-FOR-US: UIKit0
CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin
1.0b2.9 and c ...)
NOT-FOR-US: arnoldle submitByMailPlugin
CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It
has been ...)
@@ -3093,11 +3093,11 @@ CVE-2023-26045
CVE-2023-26044
RESERVED
CVE-2023-26043 (GeoNode is an open source platform that facilitates the
creation, shar ...)
- TODO: check
+ NOT-FOR-US: GeoNode
CVE-2023-26042 (Part-DB is an open source inventory management system for your
electro ...)
- TODO: check
+ NOT-FOR-US: Part-DB
CVE-2023-26041 (Nextcloud Talk is a fully on-premises audio/video and chat
communicati ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Talk
CVE-2023-26040
RESERVED
CVE-2023-26039 (ZoneMinder is a free, open source Closed-circuit television
software a ...)
@@ -3113,7 +3113,7 @@ CVE-2023-26035 (ZoneMinder is a free, open source
Closed-circuit television soft
CVE-2023-26034 (ZoneMinder is a free, open source Closed-circuit television
software a ...)
TODO: check
CVE-2023-26033 (Gentoo soko is the code that powers packages.gentoo.org.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: Gentoo soko
CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television
software a ...)
TODO: check
CVE-2023-26031
@@ -3663,7 +3663,7 @@ CVE-2023-25823 (Gradio is an open-source Python library
to build machine learnin
CVE-2023-25822
RESERVED
CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions
24.0.4 an ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-25820
RESERVED
CVE-2023-25819
@@ -3673,13 +3673,13 @@ CVE-2023-25818
CVE-2023-25817
RESERVED
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions
25.0.0 an ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-25815
RESERVED
CVE-2023-25814
RESERVED
CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Sequelize
CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected
versions do ...)
- minio <itp> (bug #859207)
CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions
prior to 1.2 ...)
@@ -4517,9 +4517,9 @@ CVE-2023-24014
CVE-2023-0756
RESERVED
CVE-2023-0755 (The affected products are vulnerable to an improper validation
of arra ...)
- TODO: check
+ NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or
wraparo ...)
- TODO: check
+ NOT-FOR-US: PTC
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It
has bee ...)
NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611
@@ -6547,7 +6547,7 @@ CVE-2023-0597 (A flaw possibility of memory leak in the
Linux kernel cpu_entry_a
CVE-2023-0596
RESERVED
CVE-2023-0595 (A CWE-117: Improper Output Neutralization for Logs
vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2023-0594
RESERVED
CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS
filesystem extra ...)
@@ -6664,7 +6664,7 @@ CVE-2023-0575 (External Control of Critical State Data,
Improper Control of Gene
CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled
Modification ...)
- yugabyte-db <itp> (bug #989673)
CVE-2022-48305 (There is an identity authentication bypass vulnerability in
Huawei Chi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software
Foundation Ap ...)
@@ -6964,17 +6964,17 @@ CVE-2023-24658
CVE-2023-24657
RESERVED
CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24655
RESERVED
CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24652 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24651 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24650
RESERVED
CVE-2023-24649
@@ -7208,9 +7208,9 @@ CVE-2023-0551
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0
and class ...)
NOT-FOR-US: NYUCCL psiTurk
CVE-2023-24595
@@ -7954,7 +7954,7 @@ CVE-2023-0437
CVE-2023-0436
RESERVED
CVE-2022-48282 (Under very specific circumstances (see Required configuration
section ...)
- TODO: check
+ NOT-FOR-US: MongoDB .NET/C# Driver
CVE-2023-24371
RESERVED
CVE-2023-24370
@@ -7970,7 +7970,7 @@ CVE-2023-24366
CVE-2023-24365
RESERVED
CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24363
RESERVED
CVE-2023-24362
@@ -8201,15 +8201,15 @@ CVE-2023-24255
CVE-2023-24254
RESERVED
CVE-2023-24253 (Domotica Labs srl Ikon Server before v2.8.6 was discovered to
contain ...)
- TODO: check
+ NOT-FOR-US: Domotica Labs srl Ikon Server
CVE-2023-24252
RESERVED
CVE-2023-24251 (WangEditor v5 was discovered to contain a cross-site scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: WangEditor
CVE-2023-24250
RESERVED
CVE-2023-24249 (An arbitrary file upload vulnerability in laravel-admin
v1.8.19 allows ...)
- TODO: check
+ NOT-FOR-US: laravel-admin
CVE-2023-24248
RESERVED
CVE-2023-24247
@@ -8295,7 +8295,7 @@ CVE-2023-24208
CVE-2023-24207
RESERVED
CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Davinci
CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote
code exe ...)
NOT-FOR-US: Clash for Windows
CVE-2023-24204
@@ -8591,7 +8591,7 @@ CVE-2023-24060 (Haven 5d15944 allows Server-Side Request
Forgery (SSRF) via the
CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload
prior to 0 ...)
- pyload <itp> (bug #1001980)
CVE-2022-4895 (Improper Certificate Validation vulnerability in Hitachi
Infrastructur ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through
4.5.0 has ...)
{DSA-5333-1 DLA-3297-1}
- tiff 4.5.0-4 (bug #1029653)
@@ -9868,9 +9868,9 @@ CVE-2023-0330
CVE-2023-0329
RESERVED
CVE-2022-48261 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi
Automation Dire ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and
classifi ...)
NOT-FOR-US: youngerheart nodeserver
CVE-2018-25077 (A vulnerability was found in melnaron mel-spintax. It has been
rated a ...)
@@ -10349,9 +10349,9 @@ CVE-2023-23533
CVE-2023-23532
RESERVED
CVE-2023-23531 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23530 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23529 (A type confusion issue was addressed with improved checks.
This issue ...)
{DSA-5352-1 DSA-5351-1 DLA-3320-1}
- webkit2gtk 2.38.5-1
@@ -10366,17 +10366,17 @@ CVE-2023-23526
CVE-2023-23525
RESERVED
CVE-2023-23524 (A denial-of-service issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23523
RESERVED
CVE-2023-23522 (A privacy issue was addressed with improved handling of
temporary file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23521
RESERVED
CVE-2023-23520 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23519 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23518 (The issue was addressed with improved memory handling. This
issue is f ...)
{DSA-5341-1 DSA-5340-1 DLA-3308-1}
- webkit2gtk 2.38.4-1
@@ -10392,49 +10392,49 @@ CVE-2023-23516
CVE-2023-23515
RESERVED
CVE-2023-23514 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23513 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23512 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23511 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23510 (A permissions issue was addressed with improved validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23509
RESERVED
CVE-2023-23508 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23507 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23506 (A permissions issue was addressed with improved validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23505 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23504 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23503 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23502 (An information disclosure issue was addressed by removing the
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23501 (The issue was addressed with improved memory handling This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23500 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23499 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23498 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23497 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23496 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23495
RESERVED
CVE-2023-23494
RESERVED
CVE-2023-23493 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before
15.1.8.1, 14. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before
16.1.3.3, 15. ...)
@@ -10494,9 +10494,9 @@ CVE-2023-0257 (A vulnerability was found in
SourceCodester Online Food Ordering
CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
NOT-FOR-US: SourceCodester
CVE-2022-48260 (There is a buffer overflow vulnerability in BiSheng-WNM FW
3.0.0.325. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48259 (There is a system command injection vulnerability in
BiSheng-WNM FW 3. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have
world-readable l ...)
- eternal-terminal <itp> (bug #861635)
CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have
predictable logf ...)
@@ -10886,9 +10886,9 @@ CVE-2023-0223
CVE-2022-4886
RESERVED
CVE-2022-48255 (There is a system command injection vulnerability in
BiSheng-WNM FW 3. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29
2.0.0.49(M0 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-23348
RESERVED
CVE-2023-23347
@@ -11270,13 +11270,13 @@ CVE-2023-23160
CVE-2023-23159
RESERVED
CVE-2023-23158 (A stored cross-site scripting (XSS) vulnerability in Art
Gallery Manag ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23157 (A stored cross-site scripting (XSS) vulnerability in Art
Gallery Manag ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23156 (Art Gallery Management System Project in PHP 1.0 was
discovered to con ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23155 (Art Gallery Management System Project in PHP 1.0 was
discovered to con ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23154
RESERVED
CVE-2023-23153
@@ -12294,7 +12294,7 @@ CVE-2022-48232
CVE-2022-48231
RESERVED
CVE-2022-48230 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a
file with ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
@@ -13017,7 +13017,7 @@ CVE-2023-22638 (Several improper neutralization of
inputs during web page genera
CVE-2023-22637
RESERVED
CVE-2023-22636 (An unauthorized configuration download vulnerability in
FortiWeb 6.3.6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-22635
RESERVED
CVE-2023-22634
@@ -14495,9 +14495,9 @@ CVE-2023-22432
CVE-2023-22429
RESERVED
CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching
function ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function
of SHIR ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2023-22424
RESERVED
CVE-2023-22421
@@ -19693,11 +19693,11 @@ CVE-2022-46788
CVE-2022-46787
RESERVED
CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
XSS (is ...)
- TODO: check
+ NOT-FOR-US: SquaredUp Dashboard Server
CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
XSS (is ...)
- TODO: check
+ NOT-FOR-US: SquaredUp Dashboard Server
CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
open re ...)
- TODO: check
+ NOT-FOR-US: SquaredUp Dashboard Server
CVE-2022-46783
RESERVED
CVE-2022-46782
@@ -19957,7 +19957,7 @@ CVE-2022-46725
CVE-2022-46724
RESERVED
CVE-2022-46723 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46722
RESERVED
CVE-2022-46721
@@ -19977,9 +19977,9 @@ CVE-2022-46715
CVE-2022-46714
RESERVED
CVE-2022-46713 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46712 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46711
RESERVED
CVE-2022-46710
@@ -19993,9 +19993,9 @@ CVE-2022-46707
CVE-2022-46706
RESERVED
CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46704 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-46703
RESERVED
CVE-2022-46702 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -22945,7 +22945,7 @@ CVE-2022-45699 (Command injection in the administration
interface in APSystems E
CVE-2022-45698
RESERVED
CVE-2022-45697 (Arbitrary File Delete vulnerability in Razer Central before
v7.8.0.381 ...)
- TODO: check
+ NOT-FOR-US: Razer Central
CVE-2022-45696
RESERVED
CVE-2022-45695
@@ -24801,13 +24801,13 @@ CVE-2022-45141
- samba 2:4.16.0+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
CVE-2022-45140 (The configuration backend allows an unauthenticated user to
write arbi ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-45139 (A CORS Misconfiguration in the web-based management allows a
malicious ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-45138 (The configuration backend of the web-based management can be
used by u ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-45137 (The configuration backend of the web-based management is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and
earlier is ...)
- apache-jena 4.5.0-1 (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
@@ -25130,7 +25130,7 @@ CVE-2022-3885 (Use after free in V8 in Google Chrome
prior to 107.0.5304.106 all
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3884 (Incorrect Default Permissions vulnerability in Hitachi Ops
Center Anal ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD85
devices (CPU v ...)
NOT-FOR-US: Siemens
CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and
Anti Spa ...)
@@ -28113,7 +28113,7 @@ CVE-2022-44312 (PicoC Version 3.2.2 was discovered to
contain a heap buffer over
CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds
read in the ...)
NOT-FOR-US: html2xhtml
CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an
invalid p ...)
- TODO: check
+ NOT-FOR-US: Development IL ecdh
CVE-2022-44309
RESERVED
CVE-2022-44308
@@ -30428,7 +30428,7 @@ CVE-2023-20091
CVE-2023-20090
RESERVED
CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20088
RESERVED
CVE-2023-20087
@@ -30510,7 +30510,7 @@ CVE-2023-20052
CVE-2023-20051
RESERVED
CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20049
RESERVED
CVE-2023-20048
@@ -30583,17 +30583,17 @@ CVE-2023-20018 (A vulnerability in the web-based
management interface of Cisco I
CVE-2023-20017
RESERVED
CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco
UCS Manag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series,
Cisco Firep ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20014
RESERVED
CVE-2023-20013
RESERVED
CVE-2023-20012 (A vulnerability in the CLI console login authentication of
Cisco Nexus ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco
Applica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20009
@@ -33962,7 +33962,7 @@ CVE-2022-42840 (The issue was addressed with improved
memory handling. This issu
CVE-2022-42839
RESERVED
CVE-2022-42838 (An issue with app access to camera data was addressed with
improved lo ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42837 (An issue existed in the parsing of URLs. This issue was
addressed with ...)
NOT-FOR-US: Apple
CVE-2022-42836
@@ -33972,7 +33972,7 @@ CVE-2022-42835
CVE-2022-42834
RESERVED
CVE-2022-42833 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42832 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42831 (A race condition was addressed with improved locking. This
issue is fi ...)
@@ -34056,7 +34056,7 @@ CVE-2022-42799 (The issue was addressed with improved
UI handling. This issue is
CVE-2022-42798 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-42797 (An injection issue was addressed with improved input
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-42796 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2022-42795 (A memory consumption issue was addressed with improved memory
handling ...)
@@ -37063,7 +37063,7 @@ CVE-2022-3349 (A vulnerability was found in Sony PS4
and PS5. It has been classi
CVE-2022-3348 (Just like in the previous report, an attacker could steal the
account ...)
NOT-FOR-US: ToolJet
CVE-2021-46841 (This issue was addressed by using HTTPS when sending
information over ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-41676 (Raiden MAILD Mail Server website mail field has insufficient
filtering ...)
NOT-FOR-US: Raiden MAILD Mail Server
CVE-2022-41675 (A remote attacker with general user privilege can inject
malicious cod ...)
@@ -37340,9 +37340,9 @@ CVE-2022-41568 (LINE client for iOS before 12.17.0
might be crashed by sharing a
CVE-2022-41567 (The BusinessConnect UI component of TIBCO Software Inc.'s
TIBCO Busine ...)
NOT-FOR-US: BusinessConnect UI component of TIBCO
CVE-2022-41566 (The server component of TIBCO Software Inc.'s TIBCO EBX
Add-ons contai ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41565 (The Web Application component of TIBCO Software Inc.'s TIBCO
EBX and T ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk
and TIB ...)
NOT-FOR-US: TIBCO
CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO
JasperReports S ...)
@@ -38341,9 +38341,9 @@ CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in
the Linux kernel through 5
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
NOTE:
https://git.kernel.org/linus/fd3d91ab1c6ab0628fe642dd570b56302c30a792
CVE-2022-41217 (Cloudflow contains a unauthenticated file upload
vulnerability, which ...)
- TODO: check
+ NOT-FOR-US: Cloudflow
CVE-2022-41216 (Local File Inclusion vulnerability within Cloudflow allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Cloudflow
CVE-2022-41215 (SAP NetWeaver ABAP Server and ABAP Platform allows an
unauthenticated ...)
NOT-FOR-US: SAP
CVE-2022-41214 (Due to insufficient input validation, SAP NetWeaver
Application Server ...)
@@ -41309,7 +41309,7 @@ CVE-2022-39985
CVE-2022-39984
RESERVED
CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500,
allows at ...)
- TODO: check
+ NOT-FOR-US: Instantdeveloper RD3
CVE-2022-39982
RESERVED
CVE-2022-39981
@@ -279987,13 +279987,10 @@ CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2
mishandles suspicious files.
CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in
the PH ...)
NOT-FOR-US: elFinder
CVE-2019-9193 (** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY
TO/FROM PROGR ...)
- - postgresql-11 <unfixed> (unimportant)
- - postgresql-9.6 <removed> (unimportant)
- - postgresql-9.4 <removed> (unimportant)
+ NOTE: Disputed PostgreSQL issue. Issue is not considered a
vulnerability:
+ NOTE: Upstream statement: https://www.postgresql.org/about/news/1935/
NOTE:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
NOTE:
https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/
- NOTE: Upstream statement: https://www.postgresql.org/about/news/1935/
- NOTE: Issue is not to be considered a vulnerability and disupted to be
valid.
CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as
eTLS) p ...)
NOT-FOR-US: ETSI protocol
CVE-2019-9190
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c3bb8cf352c3ddf315a135c67d2b5513f34167
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5c3bb8cf352c3ddf315a135c67d2b5513f34167
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
