Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 729057f5 by Moritz Muehlenhoff at 2023-02-01T17:29:17+01:00 NFus - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -45,7 +45,7 @@ CVE-2023-24958 CVE-2023-24957 RESERVED CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Forget Heart Message Box CVE-2023-24955 RESERVED CVE-2023-24954 @@ -267,11 +267,11 @@ CVE-2023-22440 CVE-2023-22276 RESERVED CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) - TODO: check + NOT-FOR-US: ProjectSend CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...) - TODO: check + - ampache <removed> CVE-2023-0605 RESERVED CVE-2023-0604 @@ -341,11 +341,11 @@ CVE-2023-0595 CVE-2023-0594 RESERVED CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...) - TODO: check + NOT-FOR-US: ProjectSendyaffshiv CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...) - TODO: check + NOT-FOR-US: jefferson JFFS tool CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...) - TODO: check + NOT-FOR-US: UBI reader CVE-2023-0590 RESERVED - linux 6.0.6-1 @@ -370,7 +370,7 @@ CVE-2023-0586 CVE-2023-0585 RESERVED CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...) - TODO: check + NOT-FOR-US: SiteFusion CVE-2023-24831 RESERVED CVE-2023-24828 @@ -1064,7 +1064,7 @@ CVE-2023-22311 CVE-2023-0525 RESERVED CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...) - TODO: check + NOT-FOR-US: Tenable CVE-2023-0523 RESERVED CVE-2023-0522 @@ -1471,7 +1471,7 @@ CVE-2023-0456 CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...) NOT-FOR-US: unilogies/bumsys CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) - TODO: check + NOT-FOR-US: OrangeScrum CVE-2023-0453 RESERVED CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...) @@ -1957,7 +1957,7 @@ CVE-2023-24243 CVE-2023-24242 RESERVED CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Forget Heart Message Box CVE-2023-24240 RESERVED CVE-2023-24239 @@ -2113,9 +2113,9 @@ CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /go CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) NOT-FOR-US: Tenda CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...) - TODO: check + NOT-FOR-US: Dromara hutool CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...) - TODO: check + NOT-FOR-US: Dromara hutool CVE-2023-24161 RESERVED CVE-2023-24160 @@ -2702,7 +2702,7 @@ CVE-2023-23930 CVE-2023-23929 RESERVED CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...) - TODO: check + NOT-FOR-US: reason-jose CVE-2023-23927 RESERVED CVE-2023-23926 @@ -7606,7 +7606,7 @@ CVE-2022-48163 CVE-2022-48162 RESERVED CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...) - TODO: check + NOT-FOR-US: Easy Images CVE-2022-48160 RESERVED CVE-2022-48159 @@ -8985,7 +8985,7 @@ CVE-2022-47875 CVE-2022-47874 RESERVED CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...) - TODO: check + NOT-FOR-US: Netcad KEOS CVE-2022-47872 RESERVED CVE-2022-47871 @@ -9191,11 +9191,11 @@ CVE-2022-47772 CVE-2022-47771 RESERVED CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...) - TODO: check + NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...) NOT-FOR-US: Solar-Log CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...) @@ -12104,7 +12104,7 @@ CVE-2022-44454 CVE-2022-44450 RESERVED CVE-2022-4441 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to 108.0.5359.124 al ...) {DSA-5302-1} - chromium 108.0.5359.124-1 @@ -12500,7 +12500,7 @@ CVE-2022-47037 CVE-2022-47036 RESERVED CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-47034 RESERVED CVE-2022-47033 @@ -13119,7 +13119,7 @@ CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subs NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73 NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c CVE-2022-46835 (IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentitylQ 8.2 ...) - TODO: check + NOT-FOR-US: IdentitylQ CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...) NOT-FOR-US: SICK CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...) @@ -13353,7 +13353,7 @@ CVE-2022-46758 CVE-2022-46757 RESERVED CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-46755 RESERVED CVE-2022-46754 @@ -13650,7 +13650,7 @@ CVE-2022-46681 CVE-2022-46680 RESERVED CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...) - TODO: check + NOT-FOR-US: Dell CVE-2022-46678 RESERVED CVE-2022-46677 @@ -15576,7 +15576,7 @@ CVE-2022-46089 CVE-2022-46088 RESERVED CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...) - TODO: check + NOT-FOR-US: CloudSchool CVE-2022-46086 RESERVED CVE-2022-46085 @@ -15995,7 +15995,7 @@ CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel’ NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1 NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550 CVE-2022-45897 (On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attac ...) - TODO: check + NOT-FOR-US: Xerox CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload of arbi ...) NOT-FOR-US: Planet eStream CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive information, rela ...) @@ -16288,9 +16288,9 @@ CVE-2022-45791 CVE-2022-45790 RESERVED CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...) NOT-FOR-US: Apache James CVE-2022-45786 @@ -16716,7 +16716,7 @@ CVE-2022-45600 CVE-2022-45599 RESERVED CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...) - TODO: check + NOT-FOR-US: Joplin Desktop App CVE-2022-45597 RESERVED CVE-2022-45596 @@ -17064,7 +17064,7 @@ CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...) NOT-FOR-US: WordPress plugin CVE-2022-4062 (A CWE-285: Improper Authorization vulnerability exists that could caus ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...) NOT-FOR-US: drachtio-server CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...) @@ -17147,7 +17147,7 @@ CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unseri CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...) NOT-FOR-US: WordPress plugin CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-4040 RESERVED CVE-2022-4039 @@ -17297,7 +17297,7 @@ CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint an NOTE: https://www.openssl.org/news/secadv/20221213.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7 CVE-2022-45435 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...) - TODO: check + NOT-FOR-US: IdentitylQ CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...) NOT-FOR-US: Dahua CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...) @@ -18224,7 +18224,7 @@ CVE-2022-45174 CVE-2022-45173 RESERVED CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...) - TODO: check + NOT-FOR-US: LIVEBOX Collaboration vDesk CVE-2022-45171 RESERVED CVE-2022-45170 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729057f5a4773b0ec1b3da4a3b2a91bb5369531c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729057f5a4773b0ec1b3da4a3b2a91bb5369531c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits