Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b8d8132 by security tracker role at 2023-02-21T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,71 @@
-CVE-2023-26267
+CVE-2023-26293
RESERVED
+CVE-2023-26292
+ RESERVED
+CVE-2023-26291
+ RESERVED
+CVE-2023-26290
+ RESERVED
+CVE-2023-26289
+ RESERVED
+CVE-2023-26288
+ RESERVED
+CVE-2023-26287
+ RESERVED
+CVE-2023-26286
+ RESERVED
+CVE-2023-26285
+ RESERVED
+CVE-2023-26284
+ RESERVED
+CVE-2023-26283
+ RESERVED
+CVE-2023-26282
+ RESERVED
+CVE-2023-26281
+ RESERVED
+CVE-2023-26280
+ RESERVED
+CVE-2023-26279
+ RESERVED
+CVE-2023-26278
+ RESERVED
+CVE-2023-26277
+ RESERVED
+CVE-2023-26276
+ RESERVED
+CVE-2023-26275
+ RESERVED
+CVE-2023-26274
+ RESERVED
+CVE-2023-26273
+ RESERVED
+CVE-2023-26272
+ RESERVED
+CVE-2023-26271
+ RESERVED
+CVE-2023-26270
+ RESERVED
+CVE-2023-26269
+ RESERVED
+CVE-2023-26268
+ RESERVED
+CVE-2023-0941
+ RESERVED
+CVE-2023-0940
+ RESERVED
+CVE-2023-0939
+ RESERVED
+CVE-2023-0938 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-0937
+ RESERVED
+CVE-2023-0936 (A vulnerability was found in TP-Link Archer C50 V2_160801. It
has been ...)
+ TODO: check
+CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has
been decla ...)
+ TODO: check
+CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading
arbitrary ...)
+ TODO: check
CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working
director ...)
- aflplusplus <unfixed>
[bullseye] - aflplusplus <no-dsa> (Minor issue)
@@ -494,12 +560,12 @@ CVE-2021-4325
RESERVED
CVE-2017-20179
RESERVED
-CVE-2015-10085
- RESERVED
-CVE-2015-10084
- RESERVED
-CVE-2015-10083
- RESERVED
+CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared
as probl ...)
+ TODO: check
+CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and
classifie ...)
+ TODO: check
+CVE-2015-10083 (A vulnerability has been found in harrystech Dynosaur-Rails
and classi ...)
+ TODO: check
CVE-2023-0919 (Missing Authentication for Critical Function in GitHub
repository kare ...)
NOT-FOR-US: Kavita
CVE-2023-0918 (A vulnerability has been found in codeprojects Pharmacy
Management Sys ...)
@@ -510,8 +576,8 @@ CVE-2023-0916 (A vulnerability classified as critical was
found in SourceCodeste
NOT-FOR-US: SourceCodester Auto Dealer Management System
CVE-2023-0915 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Auto Dealer Management System
-CVE-2017-20178
- RESERVED
+CVE-2017-20178 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
Codiad 2. ...)
+ TODO: check
CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator
Plugin 2.1 ...)
NOT-FOR-US: meta4creations Post Duplicator Plugin
CVE-2015-10082 (A vulnerability classified as problematic has been found in
UIKit0 lib ...)
@@ -882,8 +948,8 @@ CVE-2023-25930
RESERVED
CVE-2023-25929
RESERVED
-CVE-2023-25928
- RESERVED
+CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
CVE-2023-25927
RESERVED
CVE-2023-25926
@@ -4664,8 +4730,8 @@ CVE-2016-15022 (A vulnerability was found in mosbth
cimage up to 0.7.18. It has
NOT-FOR-US: mosbth cimage
CVE-2009-10003 (A vulnerability was found in capnsquarepants wordcraft up to
0.6. It h ...)
NOT-FOR-US: capnsquarepants wordcraft
-CVE-2023-0559
- RESERVED
+CVE-2023-0559 (The GS Portfolio for Envato WordPress plugin before 1.4.0 does
not val ...)
+ TODO: check
CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: ContentStudio plugin for WordPress
CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to
Sensitive Info ...)
@@ -4718,10 +4784,10 @@ CVE-2023-0543
RESERVED
CVE-2023-0542
RESERVED
-CVE-2023-0541
- RESERVED
-CVE-2023-0540
- RESERVED
+CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not
validate ...)
+ TODO: check
+CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does
not val ...)
+ TODO: check
CVE-2023-0539
RESERVED
CVE-2023-0538
@@ -4992,8 +5058,8 @@ CVE-2023-0494 [Xi: fix potential use-after-free in
DeepCopyPointerClasses]
- xwayland 2:22.1.8-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
-CVE-2022-4897
- RESERVED
+CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise
and es ...)
+ TODO: check
CVE-2023-24513
RESERVED
CVE-2023-24512
@@ -5032,8 +5098,8 @@ CVE-2023-24496
RESERVED
CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in
GitHub repos ...)
NOT-FOR-US: btcpayserver
-CVE-2023-0492
- RESERVED
+CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before
1.5.9 d ...)
+ TODO: check
CVE-2023-0491
RESERVED
CVE-2023-0490
@@ -5175,8 +5241,8 @@ CVE-2023-0457
RESERVED
CVE-2022-4896
RESERVED
-CVE-2020-36656
- RESERVED
+CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize
user inpu ...)
+ TODO: check
CVE-2023-24470
RESERVED
CVE-2023-24469
@@ -5203,8 +5269,8 @@ CVE-2023-0455 (Unrestricted Upload of File with Dangerous
Type in GitHub reposit
NOT-FOR-US: unilogies/bumsys
CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external
attacker t ...)
NOT-FOR-US: OrangeScrum
-CVE-2023-0453
- RESERVED
+CVE-2023-0453 (The WP Private Message WordPress plugin (bundled with the
Superio them ...)
+ TODO: check
CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2
and earli ...)
NOT-FOR-US: Jenkins BearyChat Plugin
CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins
BearyChat ...)
@@ -5411,8 +5477,8 @@ CVE-2023-0444 (A privilege escalation vulnerability
exists in Delta Electronics
NOT-FOR-US: Delta Electronics InfraSuite Device Master
CVE-2023-0443
RESERVED
-CVE-2023-0442
- RESERVED
+CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
+ TODO: check
CVE-2023-0441
RESERVED
CVE-2023-0440 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
@@ -5425,8 +5491,8 @@ CVE-2023-0437
RESERVED
CVE-2023-0436
RESERVED
-CVE-2022-48282
- RESERVED
+CVE-2022-48282 (Under very specific circumstances (see Required configuration
section ...)
+ TODO: check
CVE-2023-24371
RESERVED
CVE-2023-24370
@@ -5808,8 +5874,8 @@ CVE-2023-24186
RESERVED
CVE-2023-24185
RESERVED
-CVE-2023-24184
- RESERVED
+CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to
contain a com ...)
+ TODO: check
CVE-2023-24183
RESERVED
CVE-2023-24182
@@ -6326,10 +6392,10 @@ CVE-2023-0430
- thunderbird 1:102.7.1+1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
-CVE-2023-0429
- RESERVED
-CVE-2023-0428
- RESERVED
+CVE-2023-0429 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise
and es ...)
+ TODO: check
+CVE-2023-0428 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise
and es ...)
+ TODO: check
CVE-2023-0427
RESERVED
CVE-2023-0426
@@ -6346,8 +6412,8 @@ CVE-2023-0421
RESERVED
CVE-2023-0420
RESERVED
-CVE-2023-0419
- RESERVED
+CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1
does not ...)
+ TODO: check
CVE-2023-0418
RESERVED
CVE-2022-4894
@@ -6459,6 +6525,7 @@ CVE-2023-23933 (OpenSearch Anomaly Detection identifies
atypical data and receiv
CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object
Management ...)
NOT-FOR-US: OpenDDS
CVE-2023-23931 (cryptography is a package designed to expose cryptographic
primitives ...)
+ {DLA-3331-1}
- python-cryptography <unfixed> (bug #1031049)
[bullseye] - python-cryptography <no-dsa> (Minor issue)
NOTE:
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
@@ -6882,26 +6949,26 @@ CVE-2023-0382
RESERVED
CVE-2023-0381
RESERVED
-CVE-2023-0380
- RESERVED
+CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does
not va ...)
+ TODO: check
CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does
not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0378
- RESERVED
+CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate
and escap ...)
+ TODO: check
CVE-2023-0377
RESERVED
CVE-2023-0376
RESERVED
-CVE-2023-0375
- RESERVED
+CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not
valida ...)
+ TODO: check
CVE-2023-0374
RESERVED
CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does
not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0372
- RESERVED
-CVE-2023-0371
- RESERVED
+CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not
validate and e ...)
+ TODO: check
+CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not
validate and e ...)
+ TODO: check
CVE-2023-0370
RESERVED
CVE-2023-0369
@@ -6976,8 +7043,8 @@ CVE-2023-23754
RESERVED
CVE-2023-0367
RESERVED
-CVE-2023-0366
- RESERVED
+CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
+ TODO: check
CVE-2023-0365
RESERVED
CVE-2023-0364
@@ -7697,8 +7764,8 @@ CVE-2023-0286 (There is a type confusion vulnerability
relating to X.400 address
NOTE: https://www.openssl.org/news/secadv/20230207.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658
(openssl-3.0.8)
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
(OpenSSL_1_1_1t)
-CVE-2023-0285
- RESERVED
+CVE-2023-0285 (The Real Media Library WordPress plugin before 4.18.29 does not
saniti ...)
+ TODO: check
CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk
allows a ...)
- check-mk <removed>
CVE-2023-0283 (A vulnerability classified as critical has been found in
SourceCodeste ...)
@@ -7725,8 +7792,8 @@ CVE-2023-0273
RESERVED
CVE-2023-0272
RESERVED
-CVE-2023-0271
- RESERVED
+CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not
validate an ...)
+ TODO: check
CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26
does no ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0269
@@ -8098,10 +8165,10 @@ CVE-2023-0234 (The SiteGround Security WordPress plugin
before 1.3.1 does not pr
NOT-FOR-US: WordPress plugin
CVE-2023-0233
RESERVED
-CVE-2023-0232
- RESERVED
-CVE-2023-0231
- RESERVED
+CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user
input f ...)
+ TODO: check
+CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate
and esc ...)
+ TODO: check
CVE-2023-0230
RESERVED
CVE-2022-4887
@@ -9103,8 +9170,8 @@ CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability
in InvoicePlane 1.6 via
NOT-FOR-US: InvoicePlane
CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in
Ecommerce-CodeIgniter-Boot ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
-CVE-2023-23009
- RESERVED
+CVE-2023-23009 (Libreswan 4.9 allows remote attackers to cause a denial of
service (as ...)
+ TODO: check
CVE-2023-23008
RESERVED
CVE-2023-23007 (An issue was discovered in ESPCMS P8.21120101 after logging in
to the ...)
@@ -9153,8 +9220,8 @@ CVE-2023-22986
RESERVED
CVE-2023-22985
RESERVED
-CVE-2023-22984
- RESERVED
+CVE-2023-22984 (A Vulnerability was discovered in Axis 207W network camera.
There is a ...)
+ TODO: check
CVE-2023-22983
RESERVED
CVE-2023-22982
@@ -9408,8 +9475,8 @@ CVE-2023-22922
RESERVED
CVE-2023-22921
RESERVED
-CVE-2023-22920
- RESERVED
+CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel
LTE3316- ...)
+ TODO: check
CVE-2023-22919
RESERVED
CVE-2023-22918
@@ -10605,8 +10672,8 @@ CVE-2023-0069
RESERVED
CVE-2023-0068
RESERVED
-CVE-2023-0067
- RESERVED
+CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not
validate and e ...)
+ TODO: check
CVE-2023-0066
RESERVED
CVE-2023-0065
@@ -10621,8 +10688,8 @@ CVE-2023-0061 (The Judge.me Product Reviews for
WooCommerce WordPress plugin bef
NOT-FOR-US: WordPress plugin
CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does
not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0059
- RESERVED
+CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and
escape ...)
+ TODO: check
CVE-2023-0058
RESERVED
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
@@ -11884,8 +11951,8 @@ CVE-2022-4793 (The Blog Designer WordPress plugin
before 2.4.1 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-4792 (The News & Blog Designer Pack WordPress plugin before 3.3
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4791
- RESERVED
+CVE-2022-4791 (The Product Slider and Carousel with Category for WooCommerce
WordPres ...)
+ TODO: check
CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before
3.4 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not
validate a ...)
@@ -11894,12 +11961,12 @@ CVE-2022-4788
RESERVED
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4786
- RESERVED
-CVE-2022-4785
- RESERVED
-CVE-2022-4784
- RESERVED
+CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate
and esca ...)
+ TODO: check
+CVE-2022-4785 (The Video Sidebar Widgets WordPress plugin through 6.1 does not
valida ...)
+ TODO: check
+CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not
validate and ...)
+ TODO: check
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does
not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4782
@@ -12028,8 +12095,8 @@ CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5
Series) and m-FILTER prior
NOT-FOR-US: Digital Arts
CVE-2022-47969
RESERVED
-CVE-2022-4777
- RESERVED
+CVE-2022-4777 (The Bootstrap Shortcodes WordPress plugin through 3.4.0 does
not valid ...)
+ TODO: check
CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not
validate and ...)
@@ -12148,14 +12215,14 @@ CVE-2022-4766 (A vulnerability was found in
dolibarr_project_timesheet up to 4.5
NOT-FOR-US: dolibarr_project_timesheet
CVE-2022-4765 (The Portfolio for Elementor WordPress plugin before 2.3.1 does
not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4764
- RESERVED
+CVE-2022-4764 (The Simple File Downloader WordPress plugin through 1.0.4 does
not val ...)
+ TODO: check
CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does
not valid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4761
- RESERVED
+CVE-2022-4761 (The Post Views Count WordPress plugin through 3.0.2 does not
validate ...)
+ TODO: check
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate
and esca ...)
@@ -12168,16 +12235,16 @@ CVE-2022-4756 (The My YouTube Channel WordPress
plugin before 3.23.0 does not va
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as
problematic. ...)
NOT-FOR-US: FlatPress
-CVE-2022-4754
- RESERVED
+CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through
4.1.2 does ...)
+ TODO: check
CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4752
- RESERVED
+CVE-2022-4752 (The Opening Hours WordPress plugin through 2.3.0 does not
validate and ...)
+ TODO: check
CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4750
- RESERVED
+CVE-2022-4750 (The WP Responsive Testimonials Slider And Widget WordPress
plugin thro ...)
+ TODO: check
CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified
as crit ...)
@@ -12387,8 +12454,8 @@ CVE-2022-4716 (The WP Popups WordPress plugin before
2.1.4.8 does not validate a
NOT-FOR-US: WordPress plugin
CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not
validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4714
- RESERVED
+CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not
validate and e ...)
+ TODO: check
CVE-2022-4713
RESERVED
CVE-2022-4712
@@ -12550,14 +12617,14 @@ CVE-2022-4671 (The PixCodes WordPress plugin before
2.3.7 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4669
- RESERVED
+CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin through 1.5.22
does n ...)
+ TODO: check
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4667 (The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does
not va ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4666
- RESERVED
+CVE-2022-4666 (The Markup (JSON-LD) structured in schema.org WordPress plugin
through ...)
+ TODO: check
CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub
repository a ...)
- ampache <removed>
CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate
and es ...)
@@ -13471,8 +13538,8 @@ CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x
before 17.0v24 can crash upon
NOT-FOR-US: Isode M-Vault
CVE-2022-47580
RESERVED
-CVE-2022-4622
- RESERVED
+CVE-2022-4622 (The Login Logout Menu WordPress plugin through 1.3.3 does not
validate ...)
+ TODO: check
CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and
2.03-0x are ...)
NOT-FOR-US: Panasonic
CVE-2022-4620
@@ -16948,10 +17015,10 @@ CVE-2022-4388
RESERVED
CVE-2022-4387
RESERVED
-CVE-2022-4386
- RESERVED
-CVE-2022-4385
- RESERVED
+CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin through 3.1.3
lacks C ...)
+ TODO: check
+CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin through 3.1.3
does no ...)
+ TODO: check
CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users
with l ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not
properly ...)
@@ -20440,8 +20507,8 @@ CVE-2022-45679
RESERVED
CVE-2022-45678
RESERVED
-CVE-2022-45677
- RESERVED
+CVE-2022-45677 (SQL Injection Vulnerability in tanujpatra228 Tution Management
System ...)
+ TODO: check
CVE-2022-45676
RESERVED
CVE-2022-45675
@@ -20667,8 +20734,8 @@ CVE-2022-45566
RESERVED
CVE-2022-45565
RESERVED
-CVE-2022-45564
- RESERVED
+CVE-2022-45564 (SQL Injection vulnerability in znfit Home improvement ERP
management s ...)
+ TODO: check
CVE-2022-45563
RESERVED
CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0
to v1.4.9 ...)
@@ -34489,8 +34556,8 @@ CVE-2022-38786
RESERVED
CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and
classified ...)
NOT-FOR-US: Open5GS
-CVE-2022-3353
- RESERVED
+CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack
that affec ...)
+ TODO: check
CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614.
...)
{DLA-3204-1}
- vim 2:9.0.0626-1 (unimportant)
@@ -45074,6 +45141,7 @@ CVE-2022-37705
NOTE:
https://github.com/zmanda/amanda/commit/43c5b32f46186f3ed78fe6c7503096fa9ad1236c
CVE-2022-37704
RESERVED
+ {DLA-3330-1}
- amanda <unfixed> (bug #1029829)
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37704
NOTE: https://github.com/zmanda/amanda/issues/192
@@ -62427,8 +62495,8 @@ CVE-2022-31396
RESERVED
CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter
Firmware ...)
NOT-FOR-US: Algo Communication Products
-CVE-2022-31394
- RESERVED
+CVE-2022-31394 (Hyperium Hyper before 0.14.19 does not allow for customization
of the ...)
+ TODO: check
CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side
Request Forger ...)
NOT-FOR-US: Jizhicms
CVE-2022-31392
@@ -80767,6 +80835,7 @@ CVE-2022-0611 (Improper Privilege Management in
Packagist snipe/snipe-it prior t
CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be
modified vi ...)
NOT-FOR-US: Corda
CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64
functions o ...)
+ {DLA-3332-1}
- apr-util 1.6.3-1
NOTE: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
NOTE: http://svn.apache.org/r1904728
@@ -129303,8 +129372,8 @@ CVE-2021-33239
RESERVED
CVE-2021-33238
RESERVED
-CVE-2021-33237 (Cross Site Scripting vulnerability in YMFE yapo v1.9.1 allows
attacker ...)
- TODO: check
+CVE-2021-33237
+ REJECTED
CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc
through 1.9.1 ...)
- htmldoc 1.9.12-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/425
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8d813243e07b7083310dfd64b8f527292f6bdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8d813243e07b7083310dfd64b8f527292f6bdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
