Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6d7dcbff by Moritz Muehlenhoff at 2023-03-06T18:12:37+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -605,7 +605,7 @@ CVE-2023-27576 CVE-2023-27575 RESERVED CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...) - TODO: check + NOT-FOR-US: ShadowsocksX-NG CVE-2023-27573 RESERVED CVE-2023-27572 @@ -665,7 +665,7 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to CVE-2023-1169 RESERVED CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...) - TODO: check + NOT-FOR-US: flame.js CVE-2023-1168 RESERVED CVE-2023-1167 @@ -3269,7 +3269,7 @@ CVE-2023-26493 CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...) - TODO: check + NOT-FOR-US: RSSHub CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...) NOT-FOR-US: mailcow CVE-2023-26489 @@ -3289,7 +3289,7 @@ CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Pr CVE-2023-26482 RESERVED CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an insufficient ...) - TODO: check + NOT-FOR-US: authentik CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 12.10, ...) NOT-FOR-US: XWiki CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 6.0, us ...) @@ -4291,9 +4291,9 @@ CVE-2023-26109 CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...) NOT-FOR-US: @nestjs/core CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...) - TODO: check + NOT-FOR-US: Node sketchsvg CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node dot-lens CVE-2023-26105 (All versions of the package utilities are vulnerable to Prototype Poll ...) NOT-FOR-US: mde JavaScript utilities CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...) @@ -5117,7 +5117,7 @@ CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Ver NOTE: https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8 NOTE: https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec (mod_gnutls/0.12.1) CVE-2023-25823 (Gradio is an open-source Python library to build machine learning and ...) - TODO: check + NOT-FOR-US: Gradio CVE-2023-25822 RESERVED CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...) @@ -20606,7 +20606,7 @@ CVE-2022-46975 CVE-2022-46974 RESERVED CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side Request Forger ...) - TODO: check + NOT-FOR-US: AJ-Report CVE-2022-46972 RESERVED CVE-2022-46971 @@ -23764,7 +23764,7 @@ CVE-2022-45990 (A cross-site scripting (XSS) vulnerability in the component /sig CVE-2022-45989 RESERVED CVE-2022-45988 (starsoftcomm CooCare 5.304 allows local attackers to escalate privileg ...) - TODO: check + NOT-FOR-US: starsoftcomm CooCare CVE-2022-45987 RESERVED CVE-2022-45986 @@ -24694,7 +24694,7 @@ CVE-2022-45610 CVE-2022-45609 RESERVED CVE-2022-45608 (An issue was discovered in ThingsBoard 3.4.1, allows low privileged at ...) - TODO: check + NOT-FOR-US: ThingsBoard CVE-2022-45607 RESERVED CVE-2022-45606 @@ -24804,11 +24804,11 @@ CVE-2022-45555 CVE-2022-45554 RESERVED CVE-2022-45553 (An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Route ...) - TODO: check + NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45552 (An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ...) - TODO: check + NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45551 (An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router ...) - TODO: check + NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...) NOT-FOR-US: AyaCMS CVE-2022-45549 @@ -26530,7 +26530,7 @@ CVE-2022-45070 CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...) NOT-FOR-US: WordPress plugin CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercad ...) - TODO: check + NOT-FOR-US: Mercado CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive ...) NOT-FOR-US: WordPress plugin CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...) @@ -27072,7 +27072,7 @@ CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Pane CVE-2022-44876 RESERVED CVE-2022-44875 (KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.All ...) - TODO: check + NOT-FOR-US: KioWare CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...) NOT-FOR-US: wasm3 CVE-2022-44873 @@ -31958,7 +31958,7 @@ CVE-2023-20106 CVE-2023-20105 RESERVED CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20103 RESERVED CVE-2023-20102 @@ -31990,13 +31990,13 @@ CVE-2023-20090 CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...) NOT-FOR-US: Cisco CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20087 RESERVED CVE-2023-20086 RESERVED CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20084 RESERVED CVE-2023-20083 @@ -32008,15 +32008,15 @@ CVE-2023-20081 CVE-2023-20080 RESERVED CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20077 RESERVED CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...) NOT-FOR-US: Cisco CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20074 RESERVED CVE-2023-20073 @@ -32028,7 +32028,7 @@ CVE-2023-20071 CVE-2023-20070 RESERVED CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20068 RESERVED CVE-2023-20067 @@ -32042,9 +32042,9 @@ CVE-2023-20064 CVE-2023-20063 RESERVED CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20060 RESERVED CVE-2023-20059 @@ -32060,7 +32060,7 @@ CVE-2023-20055 CVE-2023-20054 RESERVED CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco Nexus D ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...) {DLA-3328-1} - clamav 1.0.1+dfsg-1 (bug #1031509) @@ -32145,7 +32145,7 @@ CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...) NOT-FOR-US: Cisco CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus Dashboard Soft ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20013 RESERVED CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...) @@ -32155,7 +32155,7 @@ CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco A CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20009 (A vulnerability in the Web UI and administrative CLI of the Cisco Secu ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Softwar ...) NOT-FOR-US: Cisco CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco Small B ...) @@ -41138,7 +41138,7 @@ CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Softwar CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) NOT-FOR-US: WordPress plugin CVE-2022-38468 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) NOT-FOR-US: WordPress plugin CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...) @@ -42265,7 +42265,7 @@ CVE-2022-40225 CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...) NOT-FOR-US: WordPress plugin CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40197 RESERVED CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) @@ -44698,7 +44698,7 @@ CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the author CVE-2022-39229 (Grafana is an open source data visualization platform for metrics, log ...) - grafana <removed> CVE-2022-39228 (vantage6 is a privacy preserving federated learning infrastructure for ...) - TODO: check + NOT-FOR-US: vantage6 CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...) NOT-FOR-US: python-jwt (not the same as src:pyjwt) CVE-2022-39226 (Discourse is an open source discussion platform. In versions prior to ...) @@ -46201,7 +46201,7 @@ CVE-2022-38736 CVE-2022-38735 REJECTED CVE-2022-38734 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 ...) - TODO: check + NOT-FOR-US: StorageGRID CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an ...) NOT-FOR-US: NetApp CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7dcbff329f95758df8580bc34ccdd8f4e70e96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7dcbff329f95758df8580bc34ccdd8f4e70e96 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits