Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8f22923d by Moritz Muehlenhoff at 2023-04-10T14:16:43+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -34,7 +34,7 @@ CVE-2018-25084 CVE-2023-30451 RESERVED CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...) - TODO: check + NOT-FOR-US: Redpanda CVE-2023-30449 RESERVED CVE-2023-30448 @@ -78,13 +78,13 @@ CVE-2023-30430 CVE-2015-10100 RESERVED CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...) - TODO: check + NOT-FOR-US: Dart http_server CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...) - TODO: check + NOT-FOR-US: BestWebSoft CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Button up ...) - TODO: check + NOT-FOR-US: BestWebSoft CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...) - TODO: check + NOT-FOR-US: Turante Sandbox Theme CVE-2023-30429 RESERVED CVE-2023-30428 @@ -1926,9 +1926,9 @@ CVE-2023-1943 CVE-2015-10099 RESERVED CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29530 RESERVED CVE-2023-29529 @@ -2237,9 +2237,9 @@ CVE-2023-1906 CVE-2023-1905 RESERVED CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6. It h ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html] - rust-spin <unfixed> [bullseye] - rust-spin <not-affected> (Introduced in 0.9.3) @@ -3526,7 +3526,7 @@ CVE-2023-29010 (Budibase is a low code platform for creating internal tools, wor CVE-2023-29009 RESERVED CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...) - TODO: check + NOT-FOR-US: SvelteKit CVE-2023-29007 RESERVED CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...) @@ -7885,13 +7885,13 @@ CVE-2023-27732 CVE-2023-27731 RESERVED CVE-2023-27730 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) - TODO: check + NOT-FOR-US: Nginx NJS CVE-2023-27729 (Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the ...) - TODO: check + NOT-FOR-US: Nginx NJS CVE-2023-27728 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) - TODO: check + NOT-FOR-US: Nginx NJS CVE-2023-27727 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) - TODO: check + NOT-FOR-US: Nginx NJS CVE-2023-27726 RESERVED CVE-2023-27725 @@ -7905,11 +7905,11 @@ CVE-2023-27722 CVE-2023-27721 RESERVED CVE-2023-27720 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-27719 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-27717 RESERVED CVE-2023-27716 @@ -10192,13 +10192,13 @@ CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a comm CVE-2023-26821 RESERVED CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulnerabilit ...) - TODO: check + NOT-FOR-US: siteproxy CVE-2023-26819 RESERVED CVE-2023-26818 RESERVED CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...) - TODO: check + NOT-FOR-US: codefever CVE-2023-26816 RESERVED CVE-2023-26815 @@ -12023,7 +12023,7 @@ CVE-2023-26122 CVE-2023-26121 RESERVED CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...) - TODO: check + NOT-FOR-US: com.xuxueli:xxl-job CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...) NOT-FOR-US: net.sourceforge.htmlunit:htmlunit CVE-2023-26118 (All versions of the package angular are vulnerable to Regular Expressi ...) @@ -13041,7 +13041,7 @@ CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27) NOTE: Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2) CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...) - TODO: check + NOT-FOR-US: Node markdown-pdf CVE-2023-0834 RESERVED CVE-2023-25181 @@ -13572,7 +13572,7 @@ CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository mo CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...) NOT-FOR-US: Baicells CVE-2023-0775 (An invalid ‘prepare write request’ command can cause the B ...) - TODO: check + NOT-FOR-US: GSDK CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...) NOT-FOR-US: SourceCodester Medical Certificate Generator App CVE-2023-0773 @@ -14514,9 +14514,9 @@ CVE-2023-25347 CVE-2023-25346 RESERVED CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...) - TODO: check + NOT-FOR-US: swig-templates CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...) - TODO: check + NOT-FOR-US: swig-templates CVE-2023-25343 RESERVED CVE-2023-25342 @@ -17242,7 +17242,7 @@ CVE-2023-24404 CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) NOT-FOR-US: WordPress plugin CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24401 RESERVED CVE-2023-24400 @@ -17250,7 +17250,7 @@ CVE-2023-24400 CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24397 RESERVED CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) @@ -18189,7 +18189,7 @@ CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-23995 RESERVED CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23993 RESERVED CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) @@ -18511,7 +18511,7 @@ CVE-2023-23887 CVE-2023-23886 RESERVED CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23884 RESERVED CVE-2023-23883 @@ -18741,7 +18741,7 @@ CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Rea CVE-2023-23800 RESERVED CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23798 RESERVED CVE-2023-23797 @@ -18909,9 +18909,9 @@ CVE-2023-23764 CVE-2023-23763 RESERVED CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) - TODO: check + NOT-FOR-US: Github Enterprise Server CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...) - TODO: check + NOT-FOR-US: Github Enterprise Server CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23759 @@ -19445,7 +19445,7 @@ CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...) NOT-FOR-US: GitLab DAST API scanner CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker to expl ...) - TODO: check + NOT-FOR-US: Uvdesk CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -19885,7 +19885,7 @@ CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in - linux 6.1.7-1 NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...) - TODO: check + NOT-FOR-US: Uvdesk CVE-2023-0264 RESERVED NOT-FOR-US: Keycloak @@ -22689,7 +22689,7 @@ CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid w CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...) NOT-FOR-US: OpenHarmony CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream parser functi ...) - TODO: check + NOT-FOR-US: Ichitaro CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...) NOT-FOR-US: Keycloak CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...) @@ -24836,9 +24836,9 @@ CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in des CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...) NOT-FOR-US: text_helpers gem CVE-2022-47925 (The validate JSON endpoint of the Secvisogram csaf-validator-service i ...) - TODO: check + NOT-FOR-US: csaf-validator-service CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the validate ...) - TODO: check + NOT-FOR-US: csaf-validator-service CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) @@ -25062,7 +25062,7 @@ CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request for CVE-2022-47871 RESERVED CVE-2022-47870 (A Cross Site Scripting (XSS) vulnerability in the web SQL monitor logi ...) - TODO: check + NOT-FOR-US: Redgate SQL Monitor CVE-2022-47869 RESERVED CVE-2022-47868 @@ -29387,7 +29387,7 @@ CVE-2022-46783 CVE-2022-46782 RESERVED CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) - TODO: check + NOT-FOR-US: Arm Mali GPU Kernel Driver CVE-2022-46780 RESERVED CVE-2022-46779 @@ -30483,7 +30483,7 @@ CVE-2022-46389 CVE-2022-46388 RESERVED CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...) - TODO: check + NOT-FOR-US: ConEmu CVE-2022-46386 RESERVED CVE-2022-46385 @@ -30517,7 +30517,7 @@ CVE-2022-4272 (A vulnerability, which was classified as critical, has been found CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...) NOT-FOR-US: WellinTech KingHistorian CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena function ...) - TODO: check + NOT-FOR-US: Ichitaro CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...) NOT-FOR-US: ESTsoft Alyac CVE-2022-46378 @@ -31111,7 +31111,7 @@ CVE-2022-44453 CVE-2022-44451 RESERVED CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...) - TODO: check + NOT-FOR-US: Ichitaro CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...) NOT-FOR-US: WellinTech KingHistorian CVE-2022-43503 @@ -32845,7 +32845,7 @@ CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulner CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...) NOT-FOR-US: Joplin Desktop App CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. ...) - TODO: check + NOT-FOR-US: ComponentSpace.Saml2 CVE-2022-45596 RESERVED CVE-2022-45595 @@ -36994,7 +36994,7 @@ CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been rated CVE-2020-36608 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Tribal Systems Zenario CMS CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2023-20902 RESERVED CVE-2023-20901 @@ -37086,7 +37086,7 @@ CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 NOTE: https://spring.io/security/cve-2023-20860 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...) - TODO: check + NOT-FOR-US: Spring Vault CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...) NOT-FOR-US: VMware CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...) @@ -39209,9 +39209,9 @@ CVE-2023-20561 CVE-2023-20560 RESERVED CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a privi ...) - TODO: check + NOT-FOR-US: AMD CVE-2023-20557 RESERVED CVE-2023-20556 @@ -41263,7 +41263,7 @@ CVE-2022-43611 (This vulnerability allows remote attackers to disclose sensitive CVE-2022-43610 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43609 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: IronCAD CVE-2022-43608 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Canon CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) @@ -42261,7 +42261,7 @@ CVE-2022-43311 CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released Foxit R ...) NOT-FOR-US: Foxit Reader CVE-2022-43309 (Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to ...) - TODO: check + NOT-FOR-US: Supermicro CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers ...) NOT-FOR-US: INTELBRAS CVE-2022-43307 @@ -55407,7 +55407,7 @@ CVE-2022-38084 CVE-2022-38083 RESERVED CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...) - TODO: check + NOT-FOR-US: ADMesh CVE-2022-38071 RESERVED CVE-2022-37408 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f22923d3574db6421251fa3e54e8b0a9a5e876a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f22923d3574db6421251fa3e54e8b0a9a5e876a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits