Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db990a52 by Salvatore Bonaccorso at 2023-09-20T22:42:22+02:00
Unify some naming for D-Link NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,27 +45,27 @@ CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain
a SQL injection vuln
CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection
vulnerabil ...)
- hoteldruid <unfixed>
CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43204 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43203 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
stack ov ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43202 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a
command ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43201 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to
contain a st ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43200 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to
contain a st ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43199 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to
contain a st ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43198 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to
contain a st ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43197 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to
contain a st ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43196 (D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a
stack ove ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a
command inje ...)
NOT-FOR-US: TP-Link
CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a
command inje ...)
@@ -614,7 +614,7 @@ CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was
discovered to contai
CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL
injectio ...)
NOT-FOR-US: LeoTheme leoblog
CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to
contain ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script
v.3.6 all ...)
NOT-FOR-US: Super Store Finder PHP Script
CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a
remote auth ...)
@@ -8406,7 +8406,7 @@ CVE-2023-37788 (goproxy v1.1 was discovered to contain an
issue which can lead t
[buster] - golang-github-elazarl-goproxy <postponed> (Limited support,
minor issue, follow bullseye DSAs/point-releases)
NOTE: https://github.com/elazarl/goproxy/issues/502
CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer
overflow via t ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-37481 (Fides is an open-source privacy engineering platform for
managing data ...)
NOT-FOR-US: Fides
CVE-2023-37480 (Fides is an open-source privacy engineering platform for
managing data ...)
@@ -30536,7 +30536,7 @@ CVE-2023-26927
CVE-2023-26926
RESERVED
CVE-2023-26925 (An information disclosure vulnerability exists in the Syslog
functiona ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in
mlir::outlineSingleBlockReg ...)
- llvm-toolchain-14 <unfixed> (unimportant)
- llvm-toolchain-15 <unfixed> (unimportant)
@@ -80623,9 +80623,9 @@ CVE-2022-37136
CVE-2022-37135
RESERVED
CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer
Overflow via ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without
authentica ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2022-37132
RESERVED
CVE-2022-37131
@@ -81944,9 +81944,9 @@ CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and
earlier was discovered to
CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered
to contai ...)
NOT-FOR-US: Samsung Electronics mTower
CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is
vulnera ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset
without a ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2022-36618
RESERVED
CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption
passwords using ...)
@@ -84616,9 +84616,9 @@ CVE-2022-35622
CVE-2022-35621 (Access control vulnerability in Evoh NFT EvohClaimable
contract with s ...)
NOT-FOR-US: Evoh NFT EvohClaimable contract
CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain
a remot ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain
a remot ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2022-35618
RESERVED
CVE-2022-35617
@@ -102688,7 +102688,7 @@ CVE-2022-29334 (An issue in H v1.0 allows attackers
to bypass authentication via
CVE-2022-29333 (A vulnerability in CyberLink Power Director v14 allows
attackers to es ...)
NOT-FOR-US: CyberLink PowerDirector
CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal.
An atta ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2022-29331
RESERVED
CVE-2022-29330 (Missing access control in the backup system of Telesoft
VitalPBX befor ...)
@@ -163640,7 +163640,7 @@ CVE-2021-33348 (An issue was discovered in JFinal
framework v4.9.10 and below. T
CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are
XSS vuln ...)
NOT-FOR-US: JPress
CVE-2021-33346 (There is an arbitrary password modification vulnerability in a
D-LINK ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-33345
RESERVED
CVE-2021-33344
@@ -180797,7 +180797,7 @@ CVE-2021-26812 (Cross Site Scripting (XSS) in the
Jitsi Meet 2.7 through 2.8.3 p
CVE-2021-26811
RESERVED
CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection
vulnera ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a
remote shell ...)
NOT-FOR-US: PHPGurukul Car Rental Project
CVE-2021-26808
@@ -192596,7 +192596,7 @@ CVE-2021-21915 (An exploitable SQL injection
vulnerability exist in the \u2018gr
CVE-2021-21914 (A heap-based buffer overflow vulnerability exists in the
DecoderStream ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi
Smart Mesh ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows
version of ...)
NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows
version of ...)
@@ -192975,15 +192975,15 @@ CVE-2021-21822 (A use-after-free vulnerability
exists in the JavaScript engine o
CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF
process_ ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test
Environm ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test
Environment f ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP
Routing Man ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP
Routing ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog
functiona ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the
command-line ...)
NOT-FOR-US: Xmill (AT&T Labs)
CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is
under co ...)
@@ -244891,7 +244891,7 @@ CVE-2020-13152 (A remote user can create a specially
crafted M3U file, media pla
CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated
submiss ...)
NOT-FOR-US: Aerospike
CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately
90 secon ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center"
folder in Dr ...)
NOT-FOR-US: Dragon Center
CVE-2020-13148
@@ -299737,11 +299737,11 @@ CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer
C2 V1 devices have Insufficie
CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have
Insufficient Com ...)
NOT-FOR-US: TP-Link
CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient
Compartmentalization bet ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient
Compartmentalization bet ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient
Compartmentalization bet ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at
xnview+0x0000 ...)
NOT-FOR-US: XnView
CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at
xnview+0x0000 ...)
@@ -498190,7 +498190,7 @@ CVE-2014-9519 (SQL injection vulnerability in
login.php in InfiniteWP Admin Pane
CVE-2014-9518 (Cross-site scripting (XSS) vulnerability in login.cgi in D-Link
router ...)
NOT-FOR-US: login.cgi in D-Link router DIR-655 (rev Bx) with firmware
before 2.12b01
CVE-2014-9517 (Cross-site scripting (XSS) vulnerability in D-link IP camera
DCS-2103 ...)
- NOT-FOR-US: D-link IP camera DCS-2103
+ NOT-FOR-US: D-Link IP camera DCS-2103
CVE-2014-9516 (Cross-site scripting (XSS) vulnerability in Social
Microblogging PRO 1 ...)
NOT-FOR-US: Social Microblogging PRO
CVE-2014-9515 (Dozer improperly uses a reflection-based approach to type
conversion, ...)
@@ -499617,7 +499617,7 @@ CVE-2014-9240 (SQL injection vulnerability in
member.php in MyBB (aka MyBulletin
CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service
(interface/ipsc ...)
NOT-FOR-US: Invision Power Board
CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote
attackers ...)
- NOT-FOR-US: D-link DCS-2103
+ NOT-FOR-US: D-Link DCS-2103
CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows
remote ...)
NOT-FOR-US: Proticaret E-Commerce
CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php
in Zop ...)
@@ -499631,7 +499631,7 @@ CVE-2014-9235 (Multiple SQL injection vulnerabilities
in Zoph (aka Zoph Organize
NOTE: https://github.com/jeroenrnl/zoph/issues/59
NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in
D-link ...)
- NOT-FOR-US: D-link DCS-2103
+ NOT-FOR-US: D-Link DCS-2103
CVE-2014-9233
REJECTED
CVE-2014-9232
@@ -539844,11 +539844,11 @@ CVE-2013-1605 (Buffer overflow in MayGion IP
Cameras with firmware before 2013.0
CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with
firmware ...)
NOT-FOR-US: MayGion IP Cameras
CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02,
TESCO ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2013-1602 (An Information Disclosure vulnerability exists due to
insufficient val ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure
to res ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2013-1600 (An Authentication Bypass vulnerability exists in
upnp/asf-mp4.asf when ...)
NOT-FOR-US: D-Link
CVE-2013-1599 (A Command Injection vulnerability exists in the
/var/www/cgi-bin/rtpd. ...)
@@ -547165,7 +547165,7 @@ CVE-2012-5321 (tiki-featured_link.php in TikiWiki
CMS/Groupware 8.3 allows remot
CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi
in Sag ...)
NOT-FOR-US: Sagem
CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in
setup/security.cgi ...)
- NOT-FOR-US: D-link
+ NOT-FOR-US: D-Link
CVE-2012-5318 (Unrestricted file upload vulnerability in
uploadify/scripts/uploadify. ...)
NOT-FOR-US: WP Kish
CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware
Shop bef ...)
@@ -586482,7 +586482,7 @@ CVE-2010-0938 (Cross-site scripting (XSS)
vulnerability in todooforum.php in Tod
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library
before 2 ...)
NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the
D-LINK DKV ...)
- NOT-FOR-US: D-LINK firmware
+ NOT-FOR-US: D-Link firmware
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF
Portfolio Nex ...)
NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn
Guestboo ...)
@@ -637547,7 +637547,7 @@ CVE-2006-6540 (SQL injection vulnerability in
bt-trackback.php in Bluetrait befo
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13
and ea ...)
NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to
cause (1) ...)
- NOT-FOR-US: D-LINK
+ NOT-FOR-US: D-Link
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly
10, allo ...)
NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem
Haber Fr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db990a5215c644f425e620eb16afe05153354460
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db990a5215c644f425e620eb16afe05153354460
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
