Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c9ce7e4 by security tracker role at 2023-01-14T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,45 @@
-CVE-2023-23590
+CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository
alfio-event/a ...)
+ TODO: check
+CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository
alfio-even ...)
+ TODO: check
+CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify
prior t ...)
+ TODO: check
+CVE-2022-4889
+ RESERVED
+CVE-2018-25075
+ RESERVED
+CVE-2016-15019
+ RESERVED
+CVE-2016-15018
+ RESERVED
+CVE-2015-10052
+ RESERVED
+CVE-2015-10051
+ RESERVED
+CVE-2015-10050
+ RESERVED
+CVE-2015-10049
+ RESERVED
+CVE-2015-10048
+ RESERVED
+CVE-2015-10047
+ RESERVED
+CVE-2015-10046
+ RESERVED
+CVE-2015-10045
+ RESERVED
+CVE-2015-10044
RESERVED
-CVE-2023-0298
+CVE-2014-125079
RESERVED
+CVE-2014-125078
+ RESERVED
+CVE-2014-125077
+ RESERVED
+CVE-2023-23590
+ RESERVED
+CVE-2023-0298 (Improper Authorization in GitHub repository
firefly-iii/firefly-iii pr ...)
+ TODO: check
CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to
0.5.0b3.dev ...)
TODO: check
CVE-2023-0296
@@ -2969,8 +3007,8 @@ CVE-2014-125039 (A vulnerability, which was classified as
problematic, has been
NOT-FOR-US: kkokko NeoXplora
CVE-2010-10003 (A vulnerability classified as critical was found in gesellix
titlelink ...)
NOT-FOR-US: gesellix titlelink
-CVE-2023-22602
- RESERVED
+CVE-2023-22602 (When using Apache Shiro before 1.11.0 together with Spring
Boot 2.6+, ...)
+ TODO: check
CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56,
and InRo ...)
NOT-FOR-US: InHand Networks InRouter
CVE-2023-22600 (InHand Networks InRouter 302, prior to version IR302 V3.5.56,
and InRo ...)
@@ -13739,8 +13777,8 @@ CVE-2022-45355
RESERVED
CVE-2022-45354
RESERVED
-CVE-2022-45353
- RESERVED
+CVE-2022-45353 (Broken Access Control in Betheme theme <= 26.6.1 on
WordPress. ...)
+ TODO: check
CVE-2022-45352
RESERVED
CVE-2022-45351
@@ -26617,8 +26655,8 @@ CVE-2022-40128 (Cross-Site Request Forgery (CSRF)
vulnerability in Advanced Orde
NOT-FOR-US: WordPress plugin
CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network
devices ...)
NOT-FOR-US: Buffalo
-CVE-2022-38467
- RESERVED
+CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability in CRM
Perks Forms ...)
+ TODO: check
CVE-2022-38456
RESERVED
CVE-2022-38141
@@ -35636,8 +35674,8 @@ CVE-2022-2816 (Out-of-bounds Read in GitHub repository
vim/vim prior to 9.0.0212
NOTE: Crash in CLI tool, no security impact
CVE-2022-38217
RESERVED
-CVE-2022-2815
- RESERVED
+CVE-2022-2815 (Insecure Storage of Sensitive Information in GitHub repository
publify ...)
+ TODO: check
CVE-2022-2814 (A vulnerability has been found in SourceCodester Simple and
Nice Shopp ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2022-2813 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -54574,8 +54612,8 @@ CVE-2022-29506 (Out-of-bounds read vulnerability exist
in the simulator module c
NOT-FOR-US: Fuji
CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine
prior to ...)
NOT-FOR-US: yogeshojha/rengine
-CVE-2022-1812
- RESERVED
+CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository
publify/publify pr ...)
+ TODO: check
CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
NOT-FOR-US: Publify
CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify
prior to ...)
@@ -81510,6 +81548,7 @@ CVE-2021-46147 (An issue was discovered in MediaWiki
before 1.35.5, 1.36.x befor
CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could
cause a buf ...)
+ {DLA-3269-1}
- libapreq2 2.17-1 (bug #1018191)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3
CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c9ce7e4aac79dc198d6385f2740777245ba3dbd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c9ce7e4aac79dc198d6385f2740777245ba3dbd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
