Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9456a010 by Salvatore Bonaccorso at 2023-04-16T06:13:15+02:00
Move some NFUs for calibre-web to an itp'ed entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-2107 (A vulnerability, which was classified as critical, was found in
IBOS 4 ...)
NOT-FOR-US: IBOS
CVE-2023-2106 (Weak Password Requirements in GitHub repository
janeczku/calibre-web p ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2023-2105 (Session Fixation in GitHub repository
alextselegidis/easyappointments ...)
NOT-FOR-US: alextselegidis/easyappointments
CVE-2023-2104 (Improper Access Control in GitHub repository
alextselegidis/easyappoin ...)
@@ -78063,7 +78063,7 @@ CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das
U-Boot through 2022.04 (and
CVE-2022-30766
RESERVED
CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-30764
RESERVED
CVE-2022-30763 (Janet before 1.22.0 mishandles arrays. ...)
@@ -88594,7 +88594,7 @@ CVE-2022-0992 (The SiteGround Security plugin for
WordPress is vulnerable to aut
CVE-2022-0991 (Insufficient Session Expiration in GitHub repository
admidio/admidio p ...)
NOT-FOR-US: admidio
CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository
janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to
spoof an ...)
NOT-FOR-US: Mimecast Email Security
CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -89331,7 +89331,7 @@ CVE-2022-0941 (Stored XSS due to Unrestricted File
Upload in GitHub repository s
CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository
star7t ...)
NOT-FOR-US: ShowDoc
CVE-2022-0939 (Server-Side Request Forgery (SSRF) in GitHub repository
janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc
prior ...)
NOT-FOR-US: ShowDoc
CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php
newRows para ...)
@@ -91781,9 +91781,9 @@ CVE-2022-26133 (SharedSecretClusterAuthenticator in
Atlassian Bitbucket Data Cen
CVE-2022-26132
RESERVED
CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository
janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0766 (Server-Side Request Forgery (SSRF) in GitHub repository
janeczku/calib ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to
informati ...)
NOT-FOR-US: Tor Browser (on Windows)
CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11.
The mixed ...)
@@ -97937,9 +97937,9 @@ CVE-2022-0407 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send
requests to by ...)
NOT-FOR-US: Apache APISIX
CVE-2022-0406 (Improper Authorization in GitHub repository
janeczku/calibre-web prior ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0405 (Improper Access Control in GitHub repository
janeczku/calibre-web prio ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through
2.6.4 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using
an out ...)
@@ -98924,7 +98924,7 @@ CVE-2022-23866
CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through
Nyron/L ...)
NOT-FOR-US: Nyron
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior
to 0.6 ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub
repository ...)
{DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
@@ -99342,7 +99342,7 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in
epub2txt (aka epub2txt2) th
CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before
2021.3.4 ...)
NOT-FOR-US: Devolutions Password Hub for iOS
CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to
0.6.16. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3.
...)
- loguru <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -100919,7 +100919,7 @@ CVE-2022-21796 (A memory corruption vulnerability
exists in the netserver parse_
CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet
OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub
reposi ...)
NOT-FOR-US: detekt for Kotlin
CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise
and esc ...)
@@ -106271,7 +106271,7 @@ CVE-2021-4173 (vim is vulnerable to Use After Free
...)
CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository
star7th/showd ...)
NOT-FOR-US: ShowDoc
CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation.
This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by
insecure code. ...)
@@ -106647,7 +106647,7 @@ CVE-2021-45494 (Certain NETGEAR devices are affected
by an attacker's ability to
CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
NOT-FOR-US: Netgear
CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input
During W ...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-45492 (In Sage 300 ERP (formerly accpac) through 6.8.x, the installer
configu ...)
@@ -106719,7 +106719,7 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds
Read ...)
CVE-2021-4165
RESERVED
CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
...)
- NOT-FOR-US: calibre-web
+ - calibre-web <itp> (bug #982690)
CVE-2021-4163
RESERVED
CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9456a0103744baec98a462fe2a2cb4afe6e4f14f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9456a0103744baec98a462fe2a2cb4afe6e4f14f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
