Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5029,7 +5029,7 @@ CVE-2023-23698
CVE-2023-23697
RESERVED
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1,
contain ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-23695
RESERVED
CVE-2023-23694
@@ -6885,7 +6885,7 @@ CVE-2023-23028
CVE-2023-23027
RESERVED
CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester
oretnom23 s ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2023-23025
RESERVED
CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a
cross-si ...)
@@ -6915,7 +6915,7 @@ CVE-2023-23013
CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway
classroombooki ...)
NOT-FOR-US: craigrodway classroombookings
CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6
via filte ...)
- TODO: check
+ NOT-FOR-US: InvoicePlane
CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in
Ecommerce-CodeIgniter-Boot ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2023-23009
@@ -7322,7 +7322,7 @@ CVE-2023-22902
CVE-2023-22901
RESERVED
CVE-2023-22900 (Efence login function has insufficient validation for user
input. An u ...)
- TODO: check
+ NOT-FOR-US: Efence
CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products,
does not ...)
- zip4j 2.11.2-3 (bug #1029038)
[bullseye] - zip4j <no-dsa> (Minor issue)
@@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services
for Wire, a team communic
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions
of zulip ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony
Framewor ...)
NOT-FOR-US: Shopware
CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony
Framewor ...)
@@ -9281,7 +9281,7 @@ CVE-2022-48168
CVE-2022-48167
RESERVED
CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4
M30HG4.V5030.201217 all ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-48165 (An access control issue in the component
/cgi-bin/ExportLogs.sh of Wav ...)
NOT-FOR-US: Wavlink
CVE-2022-48164 (An access control issue in the component
/cgi-bin/ExportLogs.sh of Wav ...)
@@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a
remote code execution
CVE-2022-48115
RESERVED
CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139
allows una ...)
NOT-FOR-US: TOTOLINK
CVE-2022-48112
@@ -9443,7 +9443,7 @@ CVE-2022-48087
CVE-2022-48086
RESERVED
CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: Softr
CVE-2022-48084
RESERVED
CVE-2022-48083
@@ -10895,7 +10895,7 @@ CVE-2022-47764
CVE-2022-47763
RESERVED
CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path
Traversal ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2022-47761
RESERVED
CVE-2022-47760
@@ -12906,11 +12906,11 @@ CVE-2022-47454
CVE-2022-47453
RESERVED
CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47451 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47450 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-46732 (Even if the authentication fails for local service
authentication, the ...)
NOT-FOR-US: GE Digital
CVE-2022-46660 (An unauthorized user could alter or write files with full
control over ...)
@@ -13008,21 +13008,21 @@ CVE-2022-47421
CVE-2022-47420
RESERVED
CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS.
Successful ...)
- TODO: check
+ NOT-FOR-US: Mayan EDMS DMS
CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are
vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are
vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent,
or "Type ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are
vulnerable to a s ...)
- TODO: check
+ NOT-FOR-US: LogicalDOC
CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is
authentica ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM
DMS is ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-47412 (Given a malicious document provided by an attacker, the
ONLYOFFICE Wor ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter
subscribe ...)
NOT-FOR-US: TYPO3 extension
CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter
subscribe ...)
@@ -13449,41 +13449,41 @@ CVE-2019-25078 (A vulnerability classified as
problematic was found in pacparser
NOTE: https://github.com/manugarg/pacparser/issues/99
NOTE:
https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
(v1.4.0)
CVE-2022-47371 (In bt driver, there is a thread competition leads to early
release of ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47370 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47369 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47368 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to
a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47362
RESERVED
CVE-2022-47361 (In firewall service, there is a missing permission check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47360 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47359 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47358 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47357 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47356 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47355 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47354 (In log service, there is a missing permission check. This
could lead t ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47353
RESERVED
CVE-2022-47352
@@ -13495,25 +13495,25 @@ CVE-2022-47350
CVE-2022-47349
RESERVED
CVE-2022-47348 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47347 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47346 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47345 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47344 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47343 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47342 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47341 (In engineermode services, there is a missing permission check.
This co ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47340
RESERVED
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to
missing ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47338
RESERVED
CVE-2022-47337
@@ -13525,29 +13525,29 @@ CVE-2022-47335
CVE-2022-47334
RESERVED
CVE-2022-47333 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47332 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to
local de ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47330 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47329 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47328 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47327 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47326 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47325 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47324 (In wlan driver, there is a possible missing permission check.
This cou ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47323 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47322 (In wlan driver, there is a possible missing params check. This
could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-47310
RESERVED
CVE-2022-47309
@@ -13963,11 +13963,11 @@ CVE-2022-47134
CVE-2022-47133
RESERVED
CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before
v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before
v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before
v5.10 allows ...)
- TODO: check
+ NOT-FOR-US: Academy LMS
CVE-2022-47129
RESERVED
CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack
overflow via ...)
@@ -14121,9 +14121,9 @@ CVE-2022-47073 (A cross-site scripting (XSS)
vulnerability in the Create Ticket
CVE-2022-47072
RESERVED
CVE-2022-47071 (In NVS365 V01, the background network test function can
trigger comman ...)
- TODO: check
+ NOT-FOR-US: NVS365 V01
CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After
entering a ...)
- TODO: check
+ NOT-FOR-US: NVS365 V01
CVE-2022-47069
RESERVED
CVE-2022-47068
@@ -14343,7 +14343,7 @@ CVE-2022-46967 (An access control issue in Revenue
Collection System v1.0 allows
CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Revenue Collection System
CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was
discover ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2022-46964
RESERVED
CVE-2022-46963
@@ -15582,7 +15582,7 @@ CVE-2022-46606
CVE-2022-46605
RESERVED
CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below
allows att ...)
- TODO: check
+ NOT-FOR-US: Tecrail Responsive FileManager
CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute
arbitrary comma ...)
NOT-FOR-US: Inkdrop
CVE-2022-46602
@@ -15686,7 +15686,7 @@ CVE-2022-46554
CVE-2022-46553
RESERVED
CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain
a remote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer
overflow via t ...)
NOT-FOR-US: Tenda
CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer
overflow via t ...)
@@ -15798,7 +15798,7 @@ CVE-2022-46498
CVE-2022-46497
RESERVED
CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to
be missin ...)
- TODO: check
+ NOT-FOR-US: BTicino Door Entry HOMETOUCH
CVE-2022-46495
RESERVED
CVE-2022-46494
@@ -16123,7 +16123,7 @@ CVE-2022-45124
CVE-2022-45115
RESERVED
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan
functiona ...)
- TODO: check
+ NOT-FOR-US: ESTsoft Alyac
CVE-2022-46378
RESERVED
CVE-2022-46377
@@ -17832,7 +17832,7 @@ CVE-2022-45856
CVE-2022-45855
RESERVED
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX
firmware ve ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-45853
RESERVED
CVE-2022-45852
@@ -17926,7 +17926,7 @@ CVE-2022-45809
CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress
LMS Plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45807 (Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log
plugin <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45806
RESERVED
CVE-2022-45805
@@ -18034,9 +18034,9 @@ CVE-2022-45785
CVE-2022-45784
RESERVED
CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An
authent ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through
5.3.8.15 and 21 ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some
paramete ...)
NOT-FOR-US: WordPress theme
CVE-2022-4113
@@ -18082,7 +18082,7 @@ CVE-2022-45770 (Improper input validation in driver
adgnetworkwfpdrv.sys in Adgu
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3
v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd.
Wireles ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2022-45767
RESERVED
CVE-2022-45766
@@ -18177,7 +18177,7 @@ CVE-2022-45724
CVE-2022-45723
RESERVED
CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site
scripting (X ...)
- TODO: check
+ NOT-FOR-US: ezEIP
CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a
buffer overf ...)
NOT-FOR-US: IP-COM M50
CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain
multiple buffe ...)
@@ -18447,9 +18447,9 @@ CVE-2022-45591
CVE-2022-45590
RESERVED
CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime
7.3.1-R2022-09-RT th ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote
Engine Gen 2 ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2022-45587
RESERVED
CVE-2022-45586
@@ -18537,7 +18537,7 @@ CVE-2022-45546
CVE-2022-45545
RESERVED
CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS
2.2.7-2 ...)
- TODO: check
+ NOT-FOR-US: Schlix Web Inc SCHLIX CMS
CVE-2022-45543
RESERVED
CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the
FileManager ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
