Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2836c442 by Moritz Muehlenhoff at 2023-03-14T17:28:54+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -451,7 +451,7 @@ CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...) NOT-FOR-US: XHCMS CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...) - TODO: check + NOT-FOR-US: alextselegidis/easyappointments CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) @@ -2192,7 +2192,7 @@ CVE-2023-27589 CVE-2023-27588 RESERVED CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...) - TODO: check + NOT-FOR-US: ReadtoMyShoe CVE-2023-27586 RESERVED CVE-2023-27585 @@ -2200,13 +2200,13 @@ CVE-2023-27585 CVE-2023-27584 RESERVED CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...) - TODO: check + NOT-FOR-US: PanIndex CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...) - TODO: check + NOT-FOR-US: maddy CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of GitHub e ...) - TODO: check + NOT-FOR-US: github-slug-action CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2023-27579 RESERVED CVE-2023-27578 @@ -3645,7 +3645,7 @@ CVE-2023-27054 CVE-2023-27053 RESERVED CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...) - TODO: check + NOT-FOR-US: E-Commerce System CVE-2023-27051 RESERVED CVE-2023-27050 @@ -5348,7 +5348,7 @@ CVE-2023-26315 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MedData Informatics MedDataPACS CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...) - TODO: check + NOT-FOR-US: Trellix CVE-2023-0977 RESERVED CVE-2023-0976 @@ -5358,7 +5358,7 @@ CVE-2023-0975 CVE-2023-0974 RESERVED CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...) - TODO: check + NOT-FOR-US: STEPTools ifcmesh library CVE-2023-0972 RESERVED CVE-2023-0971 @@ -6403,7 +6403,7 @@ CVE-2023-0890 CVE-2023-0889 RESERVED CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...) - TODO: check + NOT-FOR-US: Space Battery Pack SP with Wi-Fi CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...) NOT-FOR-US: phjounin TFTPD64-SE CVE-2023-0886 @@ -6809,9 +6809,9 @@ CVE-2023-25805 (versionn, software for changing version information across multi CVE-2023-25804 RESERVED CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) - TODO: check + NOT-FOR-US: Roxy-WI CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) - TODO: check + NOT-FOR-US: Roxy-WI CVE-2023-25801 RESERVED CVE-2023-25800 @@ -8509,7 +8509,7 @@ CVE-2023-25285 CVE-2023-25284 RESERVED CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-25282 RESERVED CVE-2023-25281 @@ -8517,7 +8517,7 @@ CVE-2023-25281 CVE-2023-25280 RESERVED CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-25278 RESERVED CVE-2023-25277 @@ -8664,7 +8664,7 @@ CVE-2023-25209 CVE-2023-25208 RESERVED CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdf ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-25206 RESERVED CVE-2023-25205 @@ -8832,7 +8832,7 @@ CVE-2023-25172 CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...) NOT-FOR-US: Kiwi TCMS CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...) NOT-FOR-US: Discourse plugin CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...) @@ -9909,7 +9909,7 @@ CVE-2023-24764 CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...) NOT-FOR-US: PrestaShop module CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-24761 RESERVED CVE-2023-24760 @@ -10457,11 +10457,11 @@ CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Djang NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18) CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...) - TODO: check + NOT-FOR-US: McAfee CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...) - TODO: check + NOT-FOR-US: McAfee CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...) - TODO: check + NOT-FOR-US: McAfee CVE-2023-24543 RESERVED CVE-2023-23908 @@ -11150,7 +11150,7 @@ CVE-2023-24370 CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...) NOT-FOR-US: UJCMS CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows attackers to ...) - TODO: check + NOT-FOR-US: Temenos CVE-2023-24367 RESERVED CVE-2023-24366 @@ -11338,7 +11338,7 @@ CVE-2023-24281 CVE-2023-24280 RESERVED CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...) - TODO: check + NOT-FOR-US: Open Networking Foundation ONOS CVE-2023-24278 RESERVED CVE-2023-24277 @@ -11906,7 +11906,7 @@ CVE-2023-24035 CVE-2023-24034 RESERVED CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...) - TODO: check + NOT-FOR-US: Samsung CVE-2023-24032 RESERVED CVE-2023-24031 @@ -12744,27 +12744,27 @@ CVE-2023-0357 CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...) NOT-FOR-US: SOCOMEC MODULYS GP Netvision CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user authenticat ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored passwords and u ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed without authe ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0351 (The Akuvox E11 web server backend library allows command injection in ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated with th ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access to the ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is enforced by t ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary identifie ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP connec ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...) - TODO: check + NOT-FOR-US: Akuvox CVE-2023-0344 RESERVED CVE-2023-0343 @@ -12856,7 +12856,7 @@ CVE-2023-23713 CVE-2023-23712 RESERVED CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...) - TODO: check + NOT-FOR-US: A2 Hosting CVE-2023-23710 RESERVED CVE-2023-23709 @@ -16061,7 +16061,7 @@ CVE-2023-22702 CVE-2023-22701 RESERVED CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...) - TODO: check + NOT-FOR-US: PixelYourSite CVE-2023-22699 RESERVED CVE-2023-22698 @@ -19233,7 +19233,7 @@ CVE-2022-47597 CVE-2022-47596 RESERVED CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47594 RESERVED CVE-2022-47593 @@ -20934,7 +20934,7 @@ CVE-2022-47442 CVE-2022-47441 RESERVED CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47439 RESERVED CVE-2022-47438 @@ -21854,7 +21854,7 @@ CVE-2022-47173 CVE-2022-47172 RESERVED CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47170 RESERVED CVE-2022-47169 @@ -21864,7 +21864,7 @@ CVE-2022-47168 CVE-2022-47167 RESERVED CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47165 RESERVED CVE-2022-47164 @@ -21872,7 +21872,7 @@ CVE-2022-47164 CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) NOT-FOR-US: WordPress plugin CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47161 RESERVED CVE-2022-47160 @@ -21886,7 +21886,7 @@ CVE-2022-47157 CVE-2022-47156 RESERVED CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47154 RESERVED CVE-2022-47153 @@ -42871,7 +42871,7 @@ CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, def CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-36424 @@ -50097,7 +50097,7 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...) NOT-FOR-US: WordPress plugin CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...) NOT-FOR-US: WordPress plugin CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...) @@ -50353,27 +50353,27 @@ CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gatewa CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) NOT-FOR-US: iHistorian Data Display of WorkstationST CVE-2022-37951 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37950 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37949 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37948 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37947 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37946 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37945 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37944 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37943 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37942 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37941 (Not used in 2022 ...) - TODO: check + NOT-FOR-US: Unused CVE ID CVE-2022-37940 RESERVED CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2836c442b6c967294742f95452749b01896af828 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits