Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 47ff11db by Moritz Muehlenhoff at 2023-02-08T17:38:18+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5029,7 +5029,7 @@ CVE-2023-23698 CVE-2023-23697 RESERVED CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-23695 RESERVED CVE-2023-23694 @@ -6885,7 +6885,7 @@ CVE-2023-23028 CVE-2023-23027 RESERVED CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2023-23025 RESERVED CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...) @@ -6915,7 +6915,7 @@ CVE-2023-23013 CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...) NOT-FOR-US: craigrodway classroombookings CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...) - TODO: check + NOT-FOR-US: InvoicePlane CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2023-23009 @@ -7322,7 +7322,7 @@ CVE-2023-22902 CVE-2023-22901 RESERVED CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) - TODO: check + NOT-FOR-US: Efence CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) - zip4j 2.11.2-3 (bug #1029038) [bullseye] - zip4j <no-dsa> (Minor issue) @@ -8020,7 +8020,7 @@ CVE-2023-22737 (wire-server provides back end services for Wire, a team communic CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...) @@ -9281,7 +9281,7 @@ CVE-2022-48168 CVE-2022-48167 RESERVED CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...) - TODO: check + NOT-FOR-US: Wavlink CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) NOT-FOR-US: Wavlink CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) @@ -9385,7 +9385,7 @@ CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution CVE-2022-48115 RESERVED CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...) NOT-FOR-US: TOTOLINK CVE-2022-48112 @@ -9443,7 +9443,7 @@ CVE-2022-48087 CVE-2022-48086 RESERVED CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...) - TODO: check + NOT-FOR-US: Softr CVE-2022-48084 RESERVED CVE-2022-48083 @@ -10895,7 +10895,7 @@ CVE-2022-47764 CVE-2022-47763 RESERVED CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal ...) - TODO: check + NOT-FOR-US: gin-vue-admin CVE-2022-47761 RESERVED CVE-2022-47760 @@ -12906,11 +12906,11 @@ CVE-2022-47454 CVE-2022-47453 RESERVED CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...) NOT-FOR-US: GE Digital CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...) @@ -13008,21 +13008,21 @@ CVE-2022-47421 CVE-2022-47420 RESERVED CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...) - TODO: check + NOT-FOR-US: Mayan EDMS DMS CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) - TODO: check + NOT-FOR-US: LogicalDOC CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...) - TODO: check + NOT-FOR-US: OpenKM CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is ...) - TODO: check + NOT-FOR-US: OpenKM CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...) - TODO: check + NOT-FOR-US: ONLYOFFICE CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) NOT-FOR-US: TYPO3 extension CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) @@ -13449,41 +13449,41 @@ CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser NOTE: https://github.com/manugarg/pacparser/issues/99 NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0) CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47362 RESERVED CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47353 RESERVED CVE-2022-47352 @@ -13495,25 +13495,25 @@ CVE-2022-47350 CVE-2022-47349 RESERVED CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47340 RESERVED CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47338 RESERVED CVE-2022-47337 @@ -13525,29 +13525,29 @@ CVE-2022-47335 CVE-2022-47334 RESERVED CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...) - TODO: check + NOT-FOR-US: Unisoc CVE-2022-47310 RESERVED CVE-2022-47309 @@ -13963,11 +13963,11 @@ CVE-2022-47134 CVE-2022-47133 RESERVED CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) - TODO: check + NOT-FOR-US: Academy LMS CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) - TODO: check + NOT-FOR-US: Academy LMS CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) - TODO: check + NOT-FOR-US: Academy LMS CVE-2022-47129 RESERVED CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) @@ -14121,9 +14121,9 @@ CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket CVE-2022-47072 RESERVED CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...) - TODO: check + NOT-FOR-US: NVS365 V01 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...) - TODO: check + NOT-FOR-US: NVS365 V01 CVE-2022-47069 RESERVED CVE-2022-47068 @@ -14343,7 +14343,7 @@ CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Revenue Collection System CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was discover ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2022-46964 RESERVED CVE-2022-46963 @@ -15582,7 +15582,7 @@ CVE-2022-46606 CVE-2022-46605 RESERVED CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below allows att ...) - TODO: check + NOT-FOR-US: Tecrail Responsive FileManager CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...) NOT-FOR-US: Inkdrop CVE-2022-46602 @@ -15686,7 +15686,7 @@ CVE-2022-46554 CVE-2022-46553 RESERVED CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) @@ -15798,7 +15798,7 @@ CVE-2022-46498 CVE-2022-46497 RESERVED CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...) - TODO: check + NOT-FOR-US: BTicino Door Entry HOMETOUCH CVE-2022-46495 RESERVED CVE-2022-46494 @@ -16123,7 +16123,7 @@ CVE-2022-45124 CVE-2022-45115 RESERVED CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...) - TODO: check + NOT-FOR-US: ESTsoft Alyac CVE-2022-46378 RESERVED CVE-2022-46377 @@ -17832,7 +17832,7 @@ CVE-2022-45856 CVE-2022-45855 RESERVED CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2022-45853 RESERVED CVE-2022-45852 @@ -17926,7 +17926,7 @@ CVE-2022-45809 CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-45807 (Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45806 RESERVED CVE-2022-45805 @@ -18034,9 +18034,9 @@ CVE-2022-45785 CVE-2022-45784 RESERVED CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...) NOT-FOR-US: WordPress theme CVE-2022-4113 @@ -18082,7 +18082,7 @@ CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adgu CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...) NOT-FOR-US: ClicShopping_V3 CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...) - TODO: check + NOT-FOR-US: Edimax CVE-2022-45767 RESERVED CVE-2022-45766 @@ -18177,7 +18177,7 @@ CVE-2022-45724 CVE-2022-45723 RESERVED CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...) - TODO: check + NOT-FOR-US: ezEIP CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) @@ -18447,9 +18447,9 @@ CVE-2022-45591 CVE-2022-45590 RESERVED CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT th ...) - TODO: check + NOT-FOR-US: Talend CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...) - TODO: check + NOT-FOR-US: Talend CVE-2022-45587 RESERVED CVE-2022-45586 @@ -18537,7 +18537,7 @@ CVE-2022-45546 CVE-2022-45545 RESERVED CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...) - TODO: check + NOT-FOR-US: Schlix Web Inc SCHLIX CMS CVE-2022-45543 RESERVED CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47ff11db73c85064f50bd060f310d8c777de7d81 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits