Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e59814ae by Moritz Muehlenhoff at 2023-04-26T12:24:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated
author user ...)
- TODO: check
+ NOT-FOR-US: Dradis
CVE-2023-2295
RESERVED
CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified
as pro ...)
@@ -1053,7 +1053,7 @@ CVE-2023-30844
CVE-2023-30843
RESERVED
CVE-2023-30842 (AVideo is an open-source video platform. Prior to version
12.4, AVideo ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-30841
RESERVED
CVE-2023-30840
@@ -1723,7 +1723,7 @@ CVE-2023-30629 (Vyper is a Pythonic Smart Contract
Language for the ethereum vir
CVE-2023-30628 (Kiwi TCMS is an open source test management system. In
kiwitcms/Kiwi v ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software
media sys ...)
- TODO: check
+ NOT-FOR-US: jellyfin-web
CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting
with 10.8. ...)
- jellyfin <itp> (bug #994189)
CVE-2023-30625
@@ -1733,7 +1733,7 @@ CVE-2023-30624
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to
version 2, ...)
NOT-FOR-US: embano1/wip GitHub Action
CVE-2023-30622 (Clusternet is a general-purpose system for controlling
Kubernetes clus ...)
- TODO: check
+ NOT-FOR-US: Clusternet
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as
modular and us ...)
NOT-FOR-US: Gipsy
CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers
build AI sol ...)
@@ -2531,7 +2531,7 @@ CVE-2023-30419
CVE-2023-30418
RESERVED
CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot
up to v2 ...)
- TODO: check
+ NOT-FOR-US: Pear-Admin-Boot
CVE-2023-30416
RESERVED
CVE-2023-30415
@@ -2557,7 +2557,7 @@ CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered
to contain a segmentat
CVE-2023-30405
RESERVED
CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router
CVE-2023-30403
RESERVED
CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the
function ...)
@@ -3145,7 +3145,7 @@ CVE-2023-30113
CVE-2023-30112
RESERVED
CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross
Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Medicine Tracker System
CVE-2023-30110
RESERVED
CVE-2023-30109
@@ -3155,7 +3155,7 @@ CVE-2023-30108
CVE-2023-30107
RESERVED
CVE-2023-30106 (Sourcecodester Medicine Tracker System in PHP 1.0.0 is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: Medicine Tracker System
CVE-2023-30105
RESERVED
CVE-2023-30104
@@ -4220,7 +4220,7 @@ CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to
contain a stack overflow
- yasm <unfixed>
NOTE: https://github.com/yasm/yasm/issues/214
CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow
via the ...)
- TODO: check
+ NOT-FOR-US: MP4v2
CVE-2023-29577
RESERVED
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation
violation v ...)
@@ -4236,7 +4236,7 @@ CVE-2023-29572
CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
NOT-FOR-US: Cesenta MJS
CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
- TODO: check
+ NOT-FOR-US: Cesenta MJS
CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
NOT-FOR-US: Cesenta MJS
CVE-2023-29568
@@ -4244,7 +4244,7 @@ CVE-2023-29568
CVE-2023-29567
RESERVED
CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to
0.4.1 w ...)
- TODO: check
+ NOT-FOR-US: huedawn-tesseract / dawnsparks-node-tesseract
CVE-2023-29565
RESERVED
CVE-2023-29564
@@ -4461,7 +4461,7 @@ CVE-2014-125096 (A vulnerability was found in Fancy
Gallery Plugin 1.5.12. It ha
CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7.
It has be ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations.
In versio ...)
- TODO: check
+ NOT-FOR-US: Laminas Diactoros
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript
and TypeS ...)
NOT-FOR-US: matrix-js-sdk
CVE-2023-29528 (XWiki Commons are technical libraries common to several other
top leve ...)
@@ -5522,7 +5522,7 @@ CVE-2023-29202 (XWiki Commons are technical libraries
common to several other to
CVE-2023-29201 (XWiki Commons are technical libraries common to several other
top leve ...)
NOT-FOR-US: XWiki
CVE-2023-29200 (Contao is an open source content management system. Prior to
versions ...)
- TODO: check
+ NOT-FOR-US: Contao
CVE-2023-29199 (There exists a vulnerability in source code transformer
(exception san ...)
NOT-FOR-US: Node vm2
CVE-2023-29198
@@ -6106,9 +6106,9 @@ CVE-2023-29014 (The Goobi viewer is a web application
that allows digitised mate
CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy
and load b ...)
- traefik <itp> (bug #983289)
CVE-2023-29012 (Git for Windows is the Windows port of Git. Prior to version
2.40.1, a ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an
executable cal ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2023-29010 (Budibase is a low code platform for creating internal tools,
workflows ...)
NOT-FOR-US: budibase
CVE-2023-29009
@@ -10269,9 +10269,9 @@ CVE-2023-XXXX [Transaction cache overrides the current
user]
NOTE: Fixed by:
https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7
NOTE: Fixed by:
https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0
(trytond-6.0.29)
CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote
code ex ...)
- TODO: check
+ NOT-FOR-US: rails-routes-to-json
CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote
code execut ...)
- TODO: check
+ NOT-FOR-US: broccoli-compass
CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog
v.2.0.1 and be ...)
NOT-FOR-US: PrestaShop
CVE-2023-27846
@@ -10281,7 +10281,7 @@ CVE-2023-27845
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite
v.1.0 and ...)
NOT-FOR-US: PrestaShop
CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote
v.5.4.2 a ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File
manager eXt ...)
- extplorer <removed>
CVE-2023-27841
@@ -13391,7 +13391,7 @@ CVE-2023-26562
CVE-2023-26561
RESERVED
CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a
subset of aut ...)
- TODO: check
+ NOT-FOR-US: CFEngine Enterprise
CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author
before 25 ...)
NOT-FOR-US: Oxygen XML Web Author
CVE-2023-26558
@@ -13700,7 +13700,7 @@ CVE-2023-26496 (An issue was discovered in Samsung
Baseband Modem Chipset for Ex
CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK
before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: lorawan-stack
CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D &
3D real ...)
NOT-FOR-US: Cocos Engine
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
@@ -16991,7 +16991,7 @@ CVE-2023-25463
CVE-2023-25462
RESERVED
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nami ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25460
RESERVED
CVE-2023-25459
@@ -17301,9 +17301,9 @@ CVE-2023-25316
CVE-2023-25315
RESERVED
CVE-2023-25314 (Cross Site Scripting (XSS) vulnerability in World Wide
Broadcast Netwo ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-25313 (OS injection vulnerability in World Wide Broadcast Network
AVideo vers ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2023-25312
RESERVED
CVE-2023-25311
@@ -17786,11 +17786,11 @@ CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an
unauthenticated remote atta
CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an
adversary (with ...)
NOT-FOR-US: McAfee
CVE-2023-25133 (Improper privilege management vulnerability in default.cmd
file in Pow ...)
- TODO: check
+ NOT-FOR-US: PowerPanel
CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability
in defau ...)
- TODO: check
+ NOT-FOR-US: PowerPanel
CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business
Local/Rem ...)
- TODO: check
+ NOT-FOR-US: PowerPanel
CVE-2023-25130
REJECTED
CVE-2023-25129
@@ -18628,17 +18628,17 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark,
a CommonMark parsing and re
NOTE:
https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
NOTE:
https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59
(0.29.0.gfm.10)
CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
- TODO: check
+ NOT-FOR-US: RIOT-OS
CVE-2023-24817
RESERVED
CVE-2023-24816 (IPython (Interactive Python) is a command shell for
interactive comput ...)
@@ -19647,7 +19647,7 @@ CVE-2022-4897 (The BackupBuddy WordPress plugin before
8.8.3 does not sanitise a
CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the
Software ...)
NOT-FOR-US: Arista
CVE-2023-24512 (On affected platforms running Arista EOS, an authorized
attacker with ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured,
a speci ...)
NOT-FOR-US: Arista
CVE-2023-24510
@@ -20949,7 +20949,7 @@ CVE-2023-24007
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Link Softwa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Winw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24004 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24003 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -20969,7 +20969,7 @@ CVE-2023-23997
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prof ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23993
@@ -21282,13 +21282,13 @@ CVE-2023-23894
CVE-2023-23893
RESERVED
CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23890
RESERVED
CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23888
RESERVED
CVE-2023-23887
@@ -21334,7 +21334,7 @@ CVE-2023-23868
CVE-2023-23867
RESERVED
CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout
Plugins St ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Micha ...)
@@ -21412,11 +21412,11 @@ CVE-2023-23841
CVE-2023-23840
RESERVED
CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of
Sensitive I ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23838 (Directory traversal and file enumeration vulnerability which
allowed u ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23837 (No exception handling vulnerability which revealed sensitive
or excess ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be
susceptible to th ...)
NOT-FOR-US: SolarWinds
CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of
Servic ...)
@@ -21858,7 +21858,7 @@ CVE-2023-23712
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting
A2 Optim ...)
NOT-FOR-US: A2 Hosting
CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in mini ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23709
RESERVED
CVE-2023-23708
@@ -24398,17 +24398,17 @@ CVE-2023-22920 (A security misconfiguration
vulnerability exists in the Zyxel LT
CVE-2023-22919
RESERVED
CVE-2023-22918 (A post-authentication information exposure vulnerability in
the CGI pr ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22917 (A buffer overflow vulnerability in the
“sdwan_iface_ipc” b ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions
5.10 th ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22915 (A buffer overflow vulnerability in the
“fbwifi_forward.cgi” ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22914 (A path traversal vulnerability in the
“account_print.cgi” ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22913 (A post-authentication command injection vulnerability in the
“ac ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
@@ -25784,7 +25784,7 @@ CVE-2023-22583
CVE-2023-22582
RESERVED
CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it
possible f ...)
- TODO: check
+ NOT-FOR-US: White Rabbit Switch
CVE-2023-22580 (Due to improper input filtering in the sequalize js library,
can malic ...)
NOT-FOR-US: DIVD
CVE-2023-22579 (Due to improper parameter filtering in the sequalize js
library, can a ...)
@@ -25792,7 +25792,7 @@ CVE-2023-22579 (Due to improper parameter filtering in
the sequalize js library,
CVE-2023-22578 (Due to improper artibute filtering in the sequalize js
library, can a ...)
NOT-FOR-US: DIVD
CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated
user to ...)
- TODO: check
+ NOT-FOR-US: White Rabbit Switch
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to
a form ...)
NOT-FOR-US: AsyncHTTPClient
CVE-2023-0039 (Duplicate. Please use CVE-2022-4060 instead. ...)
@@ -28466,7 +28466,7 @@ CVE-2022-47610 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-47609
RESERVED
CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Full ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in User ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47606
@@ -28486,7 +28486,7 @@ CVE-2022-47600
CVE-2022-47599
RESERVED
CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47597
RESERVED
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
@@ -31153,7 +31153,7 @@ CVE-2022-47160
CVE-2022-47159
RESERVED
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47157
RESERVED
CVE-2022-47156
@@ -35124,7 +35124,7 @@ CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Repute Info ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45837 (Reflected Cross-Site Scripting (XSS) vulnerability in Denis
微&# ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
W3 Eden, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45835
@@ -36859,7 +36859,7 @@ CVE-2022-45293
CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire
after bein ...)
NOT-FOR-US: Funkwhale
CVE-2022-45291 (PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS
December 20 ...)
- TODO: check
+ NOT-FOR-US: PWS Personal Weather Station Dashboard
CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file
deletion vu ...)
NOT-FOR-US: Kbase Doc
CVE-2022-45289
@@ -37475,7 +37475,7 @@ CVE-2022-45086 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge
Energy ...)
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Softacul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45083
RESERVED
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
@@ -49773,7 +49773,7 @@ CVE-2022-41616
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Shar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41608
@@ -52110,13 +52110,13 @@ CVE-2022-40727
CVE-2022-40726
RESERVED
CVE-2022-40725 (PingID Desktop prior to the latest released version 1.7.4
contains a v ...)
- TODO: check
+ NOT-FOR-US: PingID
CVE-2022-40724 (The PingFederate Local Identity Profiles '/pf/idprofile.ping'
endpoint ...)
- TODO: check
+ NOT-FOR-US: PingID
CVE-2022-40723 (The PingID RADIUS PCV adapter for PingFederate, which supports
RADIUS ...)
- TODO: check
+ NOT-FOR-US: PingID
CVE-2022-40722 (A misconfiguration of RSA padding implemented in the PingID
Adapter fo ...)
- TODO: check
+ NOT-FOR-US: PingID
CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader ...)
NOT-FOR-US: php uploader
CVE-2022-40720 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
@@ -52776,7 +52776,7 @@ CVE-2022-40484 (Wedding Planner v1.0 was discovered to
contain a SQL injection v
CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection
vulnera ...)
NOT-FOR-US: Wedding Planner
CVE-2022-40482 (The authentication method in Laravel 8.x through 9.x before
9.32.0 was ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2022-40481
RESERVED
CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112
was dis ...)
@@ -78068,7 +78068,7 @@ CVE-2022-31246 (paymentrequest.py in Electrum before
4.2.2 allows a file:// URL
CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to
inject O ...)
NOT-FOR-US: mailcow
CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that
allows f ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-31243 (Update description and links DMA transactions which are
targeted at in ...)
NOT-FOR-US: Insyde
CVE-2022-31242
@@ -86577,7 +86577,7 @@ CVE-2022-28356 (In the Linux kernel before 5.17.1, a
refcount leak bug was found
CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable
values. ...)
NOT-FOR-US: Scala.js
CVE-2022-28354 (In the Active Threads Plugin 1.3.0 for MyBB, the
activethreads.php dat ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2022-28353 (In the External Redirect Warning Plugin 1.3 for MyBB, the
redirect URL ...)
NOT-FOR-US: MyBB plugin
CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF
4.3.0. ...)
@@ -101305,7 +101305,7 @@ CVE-2022-23723 (An MFA bypass vulnerability exists in
the PingFederate PingOne M
CVE-2022-23722 (When a password reset mechanism is configured to use the
Authenticatio ...)
NOT-FOR-US: pingidentity
CVE-2022-23721 (PingID integration for Windows login prior to 2.9 does not
handle dupl ...)
- TODO: check
+ NOT-FOR-US: PingID
CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt
operation if ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate
communication ...)
@@ -526116,9 +526116,9 @@ CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows
remote attackers to cause
CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1)
update_whosonline_re ...)
NOT-FOR-US: Elite Bulletin Board
CVE-2012-5873 (ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the
end_poi ...)
- TODO: check
+ NOT-FOR-US: ARC
CVE-2012-5872 (ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in
getTri ...)
- TODO: check
+ NOT-FOR-US: ARC
CVE-2012-5871
RESERVED
CVE-2012-5870
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59814ae6970ab07aec1068b3b1c722284e3a822
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e59814ae6970ab07aec1068b3b1c722284e3a822
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
