Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a3d76d5 by security tracker role at 2023-02-13T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-25754
+ RESERVED
+CVE-2023-25753
+ RESERVED
+CVE-2023-25752
+ RESERVED
+CVE-2023-25751
+ RESERVED
+CVE-2023-25750
+ RESERVED
+CVE-2023-25749
+ RESERVED
+CVE-2023-25748
+ RESERVED
+CVE-2023-25747
+ RESERVED
+CVE-2023-25746
+ RESERVED
+CVE-2023-25745
+ RESERVED
+CVE-2023-25744
+ RESERVED
+CVE-2023-25743
+ RESERVED
+CVE-2023-25742
+ RESERVED
+CVE-2023-25741
+ RESERVED
+CVE-2023-25740
+ RESERVED
+CVE-2023-25739
+ RESERVED
+CVE-2023-25738
+ RESERVED
+CVE-2023-25737
+ RESERVED
+CVE-2023-25736
+ RESERVED
+CVE-2023-25735
+ RESERVED
+CVE-2023-25734
+ RESERVED
+CVE-2023-25733
+ RESERVED
+CVE-2023-25732
+ RESERVED
+CVE-2023-25731
+ RESERVED
+CVE-2023-25730
+ RESERVED
+CVE-2023-25729
+ RESERVED
+CVE-2023-25728
+ RESERVED
+CVE-2023-24585
+ RESERVED
+CVE-2023-0816
+ RESERVED
+CVE-2023-0815
+ RESERVED
+CVE-2023-0814
+ RESERVED
+CVE-2023-0813
+ RESERVED
+CVE-2023-0812
+ RESERVED
+CVE-2023-0811
+ RESERVED
+CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
+ TODO: check
+CVE-2023-0809
+ RESERVED
+CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter
MW3_15U_540 ...)
+ TODO: check
+CVE-2023-0807
+ RESERVED
+CVE-2023-0806
+ RESERVED
CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an
authenticated use ...)
- phpmyadmin 4:5.2.1+dfsg-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
@@ -1588,8 +1666,8 @@ CVE-2023-25161
RESERVED
CVE-2023-25160
RESERVED
-CVE-2023-25159
- RESERVED
+CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
+ TODO: check
CVE-2023-25158
RESERVED
CVE-2023-25157
@@ -2504,8 +2582,8 @@ CVE-2023-24806
REJECTED
CVE-2023-24805
RESERVED
-CVE-2023-24804
- RESERVED
+CVE-2023-24804 (The ownCloud Android app allows ownCloud users to access,
share, and e ...)
+ TODO: check
CVE-2023-0584
RESERVED
CVE-2023-0583
@@ -2902,8 +2980,8 @@ CVE-2023-24621
RESERVED
CVE-2023-24620
RESERVED
-CVE-2023-24619
- RESERVED
+CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials.
The impor ...)
+ TODO: check
CVE-2023-24618
RESERVED
CVE-2023-24617
@@ -3177,8 +3255,8 @@ CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0,
4.0.1, 4.0.2, contains a
NOT-FOR-US: Dell
CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an
arbitrary fol ...)
NOT-FOR-US: Dell
-CVE-2023-24572
- RESERVED
+CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions
before 6. ...)
+ TODO: check
CVE-2023-24571
RESERVED
CVE-2023-24570
@@ -4762,8 +4840,8 @@ CVE-2023-23950 (User’s supplied input (usually a
CRLF sequence) can be use
NOT-FOR-US: Symantec
CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript
code th ...)
NOT-FOR-US: Symantec
-CVE-2023-23948
- RESERVED
+CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access,
share, and e ...)
+ TODO: check
CVE-2023-23947
RESERVED
CVE-2023-23946
@@ -4943,8 +5021,8 @@ CVE-2023-23550
RESERVED
CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
NOT-FOR-US: Modoboa
-CVE-2023-0405
- RESERVED
+CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image
Generator & ...)
+ TODO: check
CVE-2023-0404 (The Events Made Easy plugin for WordPress is vulnerable to
authorizati ...)
NOT-FOR-US: Events Made Easy plugin for WordPress
CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to
Cross-Site Re ...)
@@ -5214,8 +5292,8 @@ CVE-2023-0381
RESERVED
CVE-2023-0380
RESERVED
-CVE-2023-0379
- RESERVED
+CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does
not vali ...)
+ TODO: check
CVE-2023-0378
RESERVED
CVE-2023-0377
@@ -5226,8 +5304,8 @@ CVE-2023-0375
RESERVED
CVE-2023-0374
RESERVED
-CVE-2023-0373
- RESERVED
+CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does
not vali ...)
+ TODO: check
CVE-2023-0372
RESERVED
CVE-2023-0371
@@ -5314,8 +5392,8 @@ CVE-2023-0364
RESERVED
CVE-2023-0363
RESERVED
-CVE-2023-0362
- RESERVED
+CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not
validate ...)
+ TODO: check
CVE-2023-0361
RESERVED
- gnutls28 3.7.8-5
@@ -5323,8 +5401,8 @@ CVE-2023-0361
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a
(3.8.0)
NOTE: Code cleanup:
https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558
(3.8.0)
-CVE-2023-0360
- RESERVED
+CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not
validate a ...)
+ TODO: check
CVE-2023-0359
RESERVED
CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to
2.3.0-DEV. ...)
@@ -5496,8 +5574,8 @@ CVE-2023-0335
RESERVED
CVE-2023-0334
RESERVED
-CVE-2023-0333
- RESERVED
+CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does
not valid ...)
+ TODO: check
CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
NOT-FOR-US: SourceCodester Online Food Ordering System
CVE-2020-36654 (A vulnerability classified as problematic has been found in
GENI Porta ...)
@@ -5523,8 +5601,8 @@ CVE-2023-XXXX [RUSTSEC-2022-0078]
NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
CVE-2023-23698 (Dell Command | Update, Dell Update, and Alienware Update
versions befo ...)
NOT-FOR-US: Dell
-CVE-2023-23697
- RESERVED
+CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0,
contain ...)
+ TODO: check
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1,
contain ...)
NOT-FOR-US: Dell
CVE-2023-23695
@@ -6040,8 +6118,8 @@ CVE-2023-0277
RESERVED
CVE-2023-0276
RESERVED
-CVE-2023-0275
- RESERVED
+CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before
4.9.10 doe ...)
+ TODO: check
CVE-2023-0274
RESERVED
CVE-2023-0273
@@ -6050,8 +6128,8 @@ CVE-2023-0272
RESERVED
CVE-2023-0271
RESERVED
-CVE-2023-0270
- RESERVED
+CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26
does no ...)
+ TODO: check
CVE-2023-0269
REJECTED
CVE-2023-0268
@@ -6097,12 +6175,12 @@ CVE-2023-23556
RESERVED
CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4
to before ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2023-23553
- RESERVED
+CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site
scripting ...)
+ TODO: check
CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3,
15.1.0 bef ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2023-23551
- RESERVED
+CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are
vulnerable to co ...)
+ TODO: check
CVE-2023-23543
RESERVED
CVE-2023-23542
@@ -6255,16 +6333,16 @@ CVE-2023-0265
RESERVED
CVE-2023-0264
RESERVED
-CVE-2023-0263
- RESERVED
-CVE-2023-0262
- RESERVED
-CVE-2023-0261
- RESERVED
-CVE-2023-0260
- RESERVED
-CVE-2023-0259
- RESERVED
+CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not
properl ...)
+ TODO: check
+CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does
not prope ...)
+ TODO: check
+CVE-2023-0261 (The WP TripAdvisor Review Slider WordPress plugin before 10.8
does not ...)
+ TODO: check
+CVE-2023-0260 (The WP Review Slider WordPress plugin before 12.2 does not
properly sa ...)
+ TODO: check
+CVE-2023-0259 (The WP Google Review Slider WordPress plugin before 11.8 does
not prop ...)
+ TODO: check
CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
NOT-FOR-US: SourceCodester
CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
@@ -6368,8 +6446,8 @@ CVE-2023-23456 (A heap-based buffer overflow issue was
discovered in UPX in Pack
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
NOTE:
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
NOTE: https://github.com/upx/upx/issues/632
-CVE-2023-0255
- RESERVED
+CVE-2023-0255 (The Enable Media Replace WordPress plugin before 4.0.2 does not
preven ...)
+ TODO: check
CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: Simple Membership WP user Import plugin for WordPress
CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager
plugin ...)
@@ -7197,8 +7275,8 @@ CVE-2023-0222
RESERVED
CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version
8.3.4 al ...)
NOT-FOR-US: Trellix
-CVE-2023-0220
- RESERVED
+CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9
does not ...)
+ TODO: check
CVE-2023-0219
RESERVED
CVE-2023-0218
@@ -7676,8 +7754,8 @@ CVE-2023-0179 [netfilter: nft_payload: incorrect
arithmetics when fetching VLAN
NOTE:
https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0177
- RESERVED
+CVE-2023-0177 (The Social Like Box and Page by WpDevArt WordPress plugin
before 0.8.4 ...)
+ TODO: check
CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin
before 1.11 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0175
@@ -7692,14 +7770,14 @@ CVE-2023-0171 (The jQuery T(-) Countdown Widget
WordPress plugin before 2.3.24 d
NOT-FOR-US: WordPress plugin
CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not
validat ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0169
- RESERVED
+CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate
and esc ...)
+ TODO: check
CVE-2023-0168
RESERVED
CVE-2023-0167
RESERVED
-CVE-2023-0166
- RESERVED
+CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress
plugin bef ...)
+ TODO: check
CVE-2023-0165
RESERVED
CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external
attacker t ...)
@@ -7763,8 +7841,8 @@ CVE-2023-0161
REJECTED
CVE-2023-0160
RESERVED
-CVE-2023-0159
- RESERVED
+CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress
plugin bef ...)
+ TODO: check
CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository
content ...)
NOT-FOR-US: NLnet Labs Krill
CVE-2023-0157
@@ -7779,8 +7857,8 @@ CVE-2023-0153 (The Vimeo Video Autoplay Automute
WordPress plugin through 1.0 do
NOT-FOR-US: WordPress plugin
CVE-2023-0152
RESERVED
-CVE-2023-0151
- RESERVED
+CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not
validate ...)
+ TODO: check
CVE-2023-0150 (The Cloak Front End Email WordPress plugin through 1.9.1 does
not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0149 (The WordPrezi WordPress plugin through 0.8.2 does not validate
and esc ...)
@@ -8138,8 +8216,8 @@ CVE-2007-10002 (A vulnerability, which was classified as
critical, has been foun
NOT-FOR-US: web-cyradm
CVE-2023-22855
RESERVED
-CVE-2023-22854
- RESERVED
+CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server
9.2.2.0 ...)
+ TODO: check
CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled,
allows lib/s ...)
- tikiwiki <removed>
CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to
tiki-importe ...)
@@ -8657,10 +8735,10 @@ CVE-2023-0101 (A privilege escalation vulnerability was
identified in Nessus ver
NOT-FOR-US: Nessus
CVE-2023-0100
RESERVED
-CVE-2023-0099
- RESERVED
-CVE-2023-0098
- RESERVED
+CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise
and esca ...)
+ TODO: check
+CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape
some param ...)
+ TODO: check
CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate
and es ...)
@@ -8815,8 +8893,8 @@ CVE-2023-0082 (The ExactMetrics WordPress plugin before
7.12.1 does not validate
NOT-FOR-US: WordPress plugin
CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not
validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0080
- RESERVED
+CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before
5.16.0 do ...)
+ TODO: check
CVE-2023-0079
RESERVED
CVE-2023-0078
@@ -8901,8 +8979,8 @@ CVE-2023-22619
RESERVED
CVE-2023-0076
RESERVED
-CVE-2023-0075
- RESERVED
+CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate
and esca ...)
+ TODO: check
CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not
validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0073
@@ -8929,10 +9007,10 @@ CVE-2023-0063
RESERVED
CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not
validat ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0061
- RESERVED
-CVE-2023-0060
- RESERVED
+CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin
before 1 ...)
+ TODO: check
+CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does
not val ...)
+ TODO: check
CVE-2023-0059
RESERVED
CVE-2023-0058
@@ -9149,8 +9227,8 @@ CVE-2012-10003 (A vulnerability, which was classified as
problematic, has been f
NOT-FOR-US: ahmyi RivetTracker
CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been
declared ...)
NOT-FOR-US: ahmyi RivetTracker
-CVE-2023-0034
- RESERVED
+CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin through 1.0.13
does not ...)
+ TODO: check
CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4870
@@ -9606,8 +9684,8 @@ CVE-2022-4832 (The Store Locator WordPress plugin before
1.4.9 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4830
- RESERVED
+CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not
valida ...)
+ TODO: check
CVE-2022-4829
RESERVED
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not
validate ...)
@@ -9928,8 +10006,8 @@ CVE-2022-48079 (Monnai aaPanel host system v1.5 contains
an access control issue
NOT-FOR-US: Monnai aaPanel host system
CVE-2022-48078 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was
discovered t ...)
NOT-FOR-US: pycdc
-CVE-2022-48077
- RESERVED
+CVE-2022-48077 (Genymotion Desktop v3.3.2 was discovered to contain a DLL
hijacking vu ...)
+ TODO: check
CVE-2022-48076
RESERVED
CVE-2022-48075
@@ -10206,8 +10284,8 @@ CVE-2022-4785
RESERVED
CVE-2022-4784
RESERVED
-CVE-2022-4783
- RESERVED
+CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does
not vali ...)
+ TODO: check
CVE-2022-4782
RESERVED
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does
not valid ...)
@@ -10462,8 +10540,8 @@ CVE-2022-4761
RESERVED
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does
not va ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4759
- RESERVED
+CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate
and esca ...)
+ TODO: check
CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not
validate a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4757
@@ -10529,8 +10607,8 @@ CVE-2022-47966 (Multiple Zoho ManageEngine on-premise
products, such as ServiceD
NOT-FOR-US: Zoho
CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes
getting a vis ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4745
- RESERVED
+CVE-2022-4745 (The WP Customer Area WordPress plugin before 8.1.4 does not
have CSRF ...)
+ TODO: check
CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and
classified as ...)
NOT-FOR-US: Brave UX for-the-badge
CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server
v4.0.12.0 and ea ...)
@@ -10764,8 +10842,8 @@ CVE-2022-4684 (Improper Access Control in GitHub
repository usememos/memos prior
NOT-FOR-US: usememos
CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
NOT-FOR-US: usememos
-CVE-2022-4682
- RESERVED
+CVE-2022-4682 (The Lightbox Gallery WordPress plugin before 0.9.5 does not
validate a ...)
+ TODO: check
CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly
sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15
through 5.19 ...)
@@ -10830,8 +10908,8 @@ CVE-2022-4680 (The Revive Old Posts WordPress plugin
before 9.0.11 unserializes
NOT-FOR-US: WordPress plugin
CVE-2022-4679
RESERVED
-CVE-2022-4678
- RESERVED
+CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does
not valid ...)
+ TODO: check
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4676
@@ -10907,8 +10985,8 @@ CVE-2022-4658 (The RSSImport WordPress plugin through
4.6.1 does not validate an
NOT-FOR-US: WordPress plugin
CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4656
- RESERVED
+CVE-2022-4656 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
+ TODO: check
CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before
3.2.3 does ...)
@@ -11023,8 +11101,8 @@ CVE-2022-4629 (The Product Slider for WooCommerce
WordPress plugin before 2.6.4
NOT-FOR-US: WordPress plugin
CVE-2022-46286
RESERVED
-CVE-2022-4628
- RESERVED
+CVE-2022-4628 (The Easy PayPal Buy Now Button WordPress plugin before 1.7.4
does not ...)
+ TODO: check
CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and
escape so ...)
@@ -13071,8 +13149,8 @@ CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote
Code Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
-CVE-2022-4580
- RESERVED
+CVE-2022-4580 (The Twenty20 Image Before-After WordPress plugin through 1.5.9
does no ...)
+ TODO: check
CVE-2022-4579
REJECTED
CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10
does n ...)
@@ -13147,8 +13225,8 @@ CVE-2022-4564 (A vulnerability classified as
problematic has been found in Unive
NOT-FOR-US: University of Central Florida Materia
CVE-2022-4563 (A vulnerability was found in Freedom of the Press SecureDrop.
It has b ...)
NOT-FOR-US: Freedom of the Press SecureDrop
-CVE-2022-4562
- RESERVED
+CVE-2022-4562 (The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does
not va ...)
+ TODO: check
CVE-2022-4561 (A vulnerability classified as problematic has been found in
SemanticDr ...)
NOT-FOR-US: SemanticDrilldown MediaWiki extension
CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been
rated as ...)
@@ -13175,8 +13253,8 @@ CVE-2022-4553 (The FL3R FeelBox WordPress plugin
through 8.1 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have
CSRF check ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4551
- RESERVED
+CVE-2022-4551 (The Rich Table of Contents WordPress plugin through 1.3.7 does
not val ...)
+ TODO: check
CVE-2022-4550
RESERVED
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF
check i ...)
@@ -13185,8 +13263,8 @@ CVE-2022-4548 (The Optimize images ALT Text & names
for SEO using AI WordPre
NOT-FOR-US: WordPress plugin
CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress
plugin throu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4546
- RESERVED
+CVE-2022-4546 (The Mapwiz WordPress plugin through 1.0.1 does not properly
sanitise a ...)
+ TODO: check
CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and
escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate
and esca ...)
@@ -13402,8 +13480,8 @@ CVE-2022-4514 (A vulnerability, which was classified as
problematic, was found i
NOT-FOR-US: OpenCaching oc-server3
CVE-2022-4513 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: European Environment Agency eionet.contreg
-CVE-2022-4512
- RESERVED
+CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not
validat ...)
+ TODO: check
CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and
classified as cr ...)
NOT-FOR-US: RainyGao DocSys
CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs
binwalk f ...)
@@ -13566,8 +13644,8 @@ CVE-2022-4490
RESERVED
CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input
provid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4488
- RESERVED
+CVE-2022-4488 (The Widgets on Pages WordPress plugin through 1.6.0 does not
validate ...)
+ TODO: check
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not
validate and ...)
@@ -13734,12 +13812,12 @@ CVE-2022-4475 (The Collapse-O-Matic WordPress plugin
before 1.8.3 does not valid
NOT-FOR-US: WordPress plugin
CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not
validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4473
- RESERVED
+CVE-2022-4473 (The Widget Shortcode WordPress plugin through 0.3.5 does not
validate ...)
+ TODO: check
CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4471
- RESERVED
+CVE-2022-4471 (The YARPP WordPress plugin through 5.30.1 does not validate and
escape ...)
+ TODO: check
CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not
validate ...)
@@ -13764,8 +13842,8 @@ CVE-2022-4460 (The Sidebar Widgets by CodeLights
WordPress plugin through 1.4 do
NOT-FOR-US: WordPress plugin
CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4458
- RESERVED
+CVE-2022-4458 (The amr shortcode any widget WordPress plugin through 4.0 does
not val ...)
+ TODO: check
CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank
+Message App ...)
NOT-FOR-US: KDDI +Message App, NTT DOCOMO +Message App and SoftBank
+Message App
CVE-2023-21723
@@ -13898,14 +13976,14 @@ CVE-2022-4450 (The function PEM_read_bio_ex() reads a
PEM file from a BIO and pa
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b
(OpenSSL_1_1_1t)
CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4448
- RESERVED
+CVE-2022-4448 (The GiveWP WordPress plugin before 2.24.0 does not validate and
escape ...)
+ TODO: check
CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly
sanitize a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos
prior ...)
NOT-FOR-US: Corebos
-CVE-2022-4445
- RESERVED
+CVE-2022-4445 (The FL3R FeelBox WordPress plugin through 8.1 does not properly
saniti ...)
+ TODO: check
CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared
as prob ...)
NOT-FOR-US: ipti br.tag
CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF
check in ...)
@@ -14706,7 +14784,8 @@ CVE-2022-47018
RESERVED
CVE-2022-47017
RESERVED
-CVE-2022-47016 (A null pointer dereference issue was discovered in function
window_pan ...)
+CVE-2022-47016
+ REJECTED
- tmux <unfixed> (unimportant)
NOTE: https://github.com/tmux/tmux/issues/3312
NOTE: https://github.com/tmux/tmux/issues/3447
@@ -18638,10 +18717,10 @@ CVE-2022-45727
RESERVED
CVE-2022-45726
RESERVED
-CVE-2022-45725
- RESERVED
-CVE-2022-45724
- RESERVED
+CVE-2022-45725 (Improper Input Validation in Comfast router CF-WR6110N V2.3.1
allows a ...)
+ TODO: check
+CVE-2022-45724 (Incorrect Access Control in Comfast router CF-WR6110N V2.3.1
allows a ...)
+ TODO: check
CVE-2022-45723
RESERVED
CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site
scripting (X ...)
@@ -19347,10 +19426,10 @@ CVE-2022-45457
RESERVED
CVE-2022-45456
RESERVED
-CVE-2022-45455
- RESERVED
-CVE-2022-45454
- RESERVED
+CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation
cleanup. T ...)
+ TODO: check
+CVE-2022-45454 (Sensitive information disclosure due to insecure folder
permissions. T ...)
+ TODO: check
CVE-2022-45453
RESERVED
CVE-2022-45452
@@ -20849,8 +20928,8 @@ CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability
in BlueSpiceCustomMenu e
NOT-FOR-US: BlueSpice
CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin
before 4.2 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3891
- RESERVED
+CVE-2022-3891 (The WP FullCalendar WordPress plugin before 1.5 does not ensure
that t ...)
+ TODO: check
CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T
V4.02.R11.00000117.1 ...)
NOT-FOR-US: Xiongmai
CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android
prior to ...)
@@ -23943,11 +24022,13 @@ CVE-2022-44270
CVE-2022-44269
RESERVED
CVE-2022-44268 (ImageMagick 7.1.0-49 is vulnerable to Information Disclosure.
When it ...)
+ {DSA-5347-1}
- imagemagick <unfixed> (bug #1030767)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763
NOTE: https://www.metabaseq.com/imagemagick-zero-days/
NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027
CVE-2022-44267 (ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When
it parse ...)
+ {DSA-5347-1}
- imagemagick <unfixed> (bug #1030767)
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763
NOTE: https://www.metabaseq.com/imagemagick-zero-days/
@@ -32912,8 +32993,8 @@ CVE-2022-41136 (Cross-Site Request Forgery (CSRF)
vulnerability leading to Store
NOT-FOR-US: WordPress plugin
CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin
<= 2. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41134
- RESERVED
+CVE-2022-41134 (Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly –
Exit In ...)
+ TODO: check
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS
Vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40975
@@ -36906,8 +36987,8 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is
vulnerable to Regular expression
[bullseye] - mako <no-dsa> (Minor issue)
NOTE:
https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c
(rel_1_2_2)
NOTE: https://github.com/sqlalchemy/mako/issues/366
-CVE-2022-40022
- RESERVED
+CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was
discovered to con ...)
+ TODO: check
CVE-2022-40021
RESERVED
CVE-2022-40020
@@ -39018,8 +39099,8 @@ CVE-2022-3091 (RONDS EPM version 1.19.5 has a
vulnerability in which a function
NOT-FOR-US: RONDS EPM
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior,
Crimson 3.1 ...)
NOT-FOR-US: Red Lion Controls Crimson
-CVE-2022-3089
- RESERVED
+CVE-2022-3089 (Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext
credent ...)
+ TODO: check
CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100
System Imag ...)
NOT-FOR-US: Moxa
CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and
prior are ...)
@@ -52484,8 +52565,8 @@ CVE-2022-34399 (Dell Alienware m17 R5 BIOS version
prior to 1.2.2 contain a buff
TODO: check
CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability.
A local ...)
TODO: check
-CVE-2022-34397
- RESERVED
+CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and
Solution Ena ...)
+ TODO: check
CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0
and earli ...)
TODO: check
CVE-2022-34395
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3d76d562e825a196ffd18a48df0d57612ca09b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3d76d562e825a196ffd18a48df0d57612ca09b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
