Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bb1ae82 by security tracker role at 2023-02-27T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2023-27291
+ RESERVED
+CVE-2023-27290
+ RESERVED
+CVE-2023-27289
+ RESERVED
+CVE-2023-27288
+ RESERVED
+CVE-2023-27287
+ RESERVED
+CVE-2023-27286
+ RESERVED
+CVE-2023-27285
+ RESERVED
+CVE-2023-27284
+ RESERVED
+CVE-2023-27283
+ RESERVED
+CVE-2023-27282
+ RESERVED
+CVE-2023-27281
+ RESERVED
+CVE-2023-27280
+ RESERVED
+CVE-2023-27279
+ RESERVED
+CVE-2023-27278
+ RESERVED
+CVE-2023-27277
+ RESERVED
+CVE-2023-27276
+ RESERVED
+CVE-2023-27275
+ RESERVED
+CVE-2023-27274
+ RESERVED
+CVE-2023-27273
+ RESERVED
+CVE-2023-27272
+ RESERVED
+CVE-2023-27271
+ RESERVED
+CVE-2023-27270
+ RESERVED
+CVE-2023-27269
+ RESERVED
+CVE-2023-27268
+ RESERVED
+CVE-2023-27267
+ RESERVED
+CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when
constructi ...)
+ TODO: check
+CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when
constructi ...)
+ TODO: check
+CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in
Mattermost allo ...)
+ TODO: check
+CVE-2023-27263 (A missing permissions check in the
/plugins/playbooks/api/v0/runs API ...)
+ TODO: check
+CVE-2023-1079
+ RESERVED
+CVE-2023-1078
+ RESERVED
+CVE-2023-1077
+ RESERVED
+CVE-2023-1076
+ RESERVED
+CVE-2023-1075
+ RESERVED
+CVE-2023-1074
+ RESERVED
+CVE-2023-1073
+ RESERVED
+CVE-2023-1072
+ RESERVED
+CVE-2023-1071
+ RESERVED
+CVE-2023-1070 (External Control of File Name or Path in GitHub repository
nilsteampas ...)
+ TODO: check
+CVE-2023-1069
+ RESERVED
+CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1066
+ RESERVED
+CVE-2023-1065
+ RESERVED
+CVE-2023-1064
+ RESERVED
+CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors
Appointment S ...)
+ TODO: check
+CVE-2023-1062 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-1061 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-1060
+ RESERVED
+CVE-2023-1059 (A vulnerability classified as critical was found in
SourceCodester Doc ...)
+ TODO: check
+CVE-2023-1058 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-1057 (A vulnerability was found in SourceCodester Doctors Appointment
System ...)
+ TODO: check
+CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment
System ...)
+ TODO: check
+CVE-2023-1055
+ RESERVED
+CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site
1.0. It ...)
+ TODO: check
+CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site
1.0 and ...)
+ TODO: check
+CVE-2023-1052
+ RESERVED
+CVE-2023-1051
+ RESERVED
+CVE-2023-1050
+ RESERVED
+CVE-2023-1049
+ RESERVED
CVE-2023-XXXX [RUSTSEC-2023-0015]
- rust-ascii 0.9.3-1
[bullseye] - rust-ascii <no-dsa> (Minor issue)
@@ -1004,16 +1124,16 @@ CVE-2023-26764
RESERVED
CVE-2023-26763
RESERVED
-CVE-2023-26762
- RESERVED
+CVE-2023-26762 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an
arbitrary fi ...)
+ TODO: check
CVE-2023-26761
RESERVED
-CVE-2023-26760
- RESERVED
-CVE-2023-26759
- RESERVED
-CVE-2023-26758
- RESERVED
+CVE-2023-26760 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an
information ...)
+ TODO: check
+CVE-2023-26759 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS
command i ...)
+ TODO: check
+CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an
arbitrary file d ...)
+ TODO: check
CVE-2023-26757
RESERVED
CVE-2023-26756
@@ -2925,8 +3045,8 @@ CVE-2023-26044
RESERVED
CVE-2023-26043
RESERVED
-CVE-2023-26042
- RESERVED
+CVE-2023-26042 (Part-DB is an open source inventory management system for your
electro ...)
+ TODO: check
CVE-2023-26041
RESERVED
CVE-2023-26040
@@ -4476,6 +4596,7 @@ CVE-2023-25579 (Nextcloud server is a self hosted home
cloud product. In affecte
CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI)
framework. ...)
NOT-FOR-US: Starlite
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library.
Prior to ver ...)
+ {DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
NOTE:
https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
(2.2.3)
NOTE:
https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
@@ -5286,16 +5407,16 @@ CVE-2023-25237
RESERVED
CVE-2023-25236
RESERVED
-CVE-2023-25235
- RESERVED
-CVE-2023-25234
- RESERVED
-CVE-2023-25233
- RESERVED
+CVE-2023-25235 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in
functio ...)
+ TODO: check
+CVE-2023-25234 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in
functio ...)
+ TODO: check
+CVE-2023-25233 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in
functio ...)
+ TODO: check
CVE-2023-25232
RESERVED
-CVE-2023-25231
- RESERVED
+CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer
Overflow in f ...)
+ TODO: check
CVE-2023-25230
RESERVED
CVE-2023-25229
@@ -6493,8 +6614,8 @@ CVE-2023-0575 (External Control of Critical State Data,
Improper Control of Gene
- yugabyte-db <itp> (bug #989673)
CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled
Modification ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2022-48305
- RESERVED
+CVE-2022-48305 (There is an identity authentication bypass vulnerability in
Huawei Chi ...)
+ TODO: check
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software
Foundation Ap ...)
@@ -6793,18 +6914,18 @@ CVE-2023-24658
RESERVED
CVE-2023-24657
RESERVED
-CVE-2023-24656
- RESERVED
+CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
CVE-2023-24655
RESERVED
-CVE-2023-24654
- RESERVED
-CVE-2023-24653
- RESERVED
-CVE-2023-24652
- RESERVED
-CVE-2023-24651
- RESERVED
+CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
+CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
+CVE-2023-24652 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
+CVE-2023-24651 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
CVE-2023-24650
RESERVED
CVE-2023-24649
@@ -7031,16 +7152,16 @@ CVE-2023-0554 (The Quick Restaurant Menu plugin for
WordPress is vulnerable to C
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
-CVE-2023-0552
- RESERVED
+CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not
proper ...)
+ TODO: check
CVE-2023-0551
RESERVED
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
-CVE-2022-48284
- RESERVED
-CVE-2022-48283
- RESERVED
+CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
+ TODO: check
+CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
+ TODO: check
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0
and class ...)
NOT-FOR-US: NYUCCL psiTurk
CVE-2023-24595
@@ -7057,8 +7178,8 @@ CVE-2023-22299
RESERVED
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: YAFNET
-CVE-2023-0548
- RESERVED
+CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not
sanitize and ...)
+ TODO: check
CVE-2023-0547
RESERVED
CVE-2023-0546
@@ -7067,24 +7188,24 @@ CVE-2023-0545
RESERVED
CVE-2023-0544
RESERVED
-CVE-2023-0543
- RESERVED
+CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin
before 2.1.7 ...)
+ TODO: check
CVE-2023-0542
RESERVED
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does
not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0539
- RESERVED
+CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not
valida ...)
+ TODO: check
CVE-2023-0538
RESERVED
CVE-2023-0537
RESERVED
CVE-2023-0536
RESERVED
-CVE-2023-0535
- RESERVED
+CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0
does not v ...)
+ TODO: check
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0533 (A vulnerability, which was classified as critical, has been
found in S ...)
@@ -7395,8 +7516,8 @@ CVE-2023-0489
RESERVED
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
- pyload <itp> (bug #1001980)
-CVE-2023-0487
- RESERVED
+CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not
properly ...)
+ TODO: check
CVE-2023-0486
RESERVED
CVE-2023-0485
@@ -7795,8 +7916,8 @@ CVE-2023-24366
RESERVED
CVE-2023-24365
RESERVED
-CVE-2023-24364
- RESERVED
+CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
+ TODO: check
CVE-2023-24363
RESERVED
CVE-2023-24362
@@ -8026,16 +8147,16 @@ CVE-2023-24255
RESERVED
CVE-2023-24254
RESERVED
-CVE-2023-24253
- RESERVED
+CVE-2023-24253 (Domotica Labs srl Ikon Server before v2.8.6 was discovered to
contain ...)
+ TODO: check
CVE-2023-24252
RESERVED
-CVE-2023-24251
- RESERVED
+CVE-2023-24251 (WangEditor v5 was discovered to contain a cross-site scripting
(XSS) v ...)
+ TODO: check
CVE-2023-24250
RESERVED
-CVE-2023-24249
- RESERVED
+CVE-2023-24249 (An arbitrary file upload vulnerability in laravel-admin
v1.8.19 allows ...)
+ TODO: check
CVE-2023-24248
RESERVED
CVE-2023-24247
@@ -8120,8 +8241,8 @@ CVE-2023-24208
RESERVED
CVE-2023-24207
RESERVED
-CVE-2023-24206
- RESERVED
+CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote
code exe ...)
NOT-FOR-US: Clash for Windows
CVE-2023-24204
@@ -8809,6 +8930,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js.
Starting with version
CVE-2023-23935
RESERVED
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library.
Browsers may ...)
+ {DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
NOTE:
https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
(2.2.3)
NOTE:
https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
@@ -9249,8 +9371,8 @@ CVE-2023-0383
RESERVED
CVE-2023-0382
RESERVED
-CVE-2023-0381
- RESERVED
+CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate
and esc ...)
+ TODO: check
CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does
not va ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does
not vali ...)
@@ -9533,8 +9655,8 @@ CVE-2023-0336
RESERVED
CVE-2023-0335
RESERVED
-CVE-2023-0334
- RESERVED
+CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3
does not ...)
+ TODO: check
CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
@@ -9682,8 +9804,8 @@ CVE-2023-23639
RESERVED
CVE-2023-23638
RESERVED
-CVE-2023-0331
- RESERVED
+CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not
have an ...)
+ TODO: check
CVE-2023-0330
RESERVED
- qemu <unfixed> (bug #1029155)
@@ -9692,8 +9814,8 @@ CVE-2023-0330
NOTE: Proposed patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
CVE-2023-0329
RESERVED
-CVE-2022-48261
- RESERVED
+CVE-2022-48261 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
+ TODO: check
CVE-2020-36652
RESERVED
CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and
classifi ...)
@@ -10078,10 +10200,10 @@ CVE-2023-0281 (A vulnerability was found in
SourceCodester Online Flight Booking
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280
RESERVED
-CVE-2023-0279
- RESERVED
-CVE-2023-0278
- RESERVED
+CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does
not prop ...)
+ TODO: check
+CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not
properly sani ...)
+ TODO: check
CVE-2023-0277
RESERVED
CVE-2023-0276
@@ -10321,10 +10443,10 @@ CVE-2023-0257 (A vulnerability was found in
SourceCodester Online Food Ordering
NOT-FOR-US: SourceCodester
CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food
Ordering Syste ...)
NOT-FOR-US: SourceCodester
-CVE-2022-48260
- RESERVED
-CVE-2022-48259
- RESERVED
+CVE-2022-48260 (There is a buffer overflow vulnerability in BiSheng-WNM FW
3.0.0.325. ...)
+ TODO: check
+CVE-2022-48259 (There is a system command injection vulnerability in
BiSheng-WNM FW 3. ...)
+ TODO: check
CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have
world-readable l ...)
- eternal-terminal <itp> (bug #861635)
CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have
predictable logf ...)
@@ -10471,8 +10593,8 @@ CVE-2023-0232 (The ShopLentor WordPress plugin before
2.5.4 unserializes user in
NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0230
- RESERVED
+CVE-2023-0230 (The VK All in One Expansion Unit WordPress plugin before
9.86.0.0 does ...)
+ TODO: check
CVE-2022-4887
RESERVED
CVE-2013-10011 (A vulnerability was found in aeharding
classroom-engagement-system and ...)
@@ -10713,10 +10835,10 @@ CVE-2023-0223
RESERVED
CVE-2022-4886
RESERVED
-CVE-2022-48255
- RESERVED
-CVE-2022-48254
- RESERVED
+CVE-2022-48255 (There is a system command injection vulnerability in
BiSheng-WNM FW 3. ...)
+ TODO: check
+CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29
2.0.0.49(M0 ...)
+ TODO: check
CVE-2023-23348
RESERVED
CVE-2023-23347
@@ -11097,14 +11219,14 @@ CVE-2023-23160
RESERVED
CVE-2023-23159
RESERVED
-CVE-2023-23158
- RESERVED
-CVE-2023-23157
- RESERVED
-CVE-2023-23156
- RESERVED
-CVE-2023-23155
- RESERVED
+CVE-2023-23158 (A stored cross-site scripting (XSS) vulnerability in Art
Gallery Manag ...)
+ TODO: check
+CVE-2023-23157 (A stored cross-site scripting (XSS) vulnerability in Art
Gallery Manag ...)
+ TODO: check
+CVE-2023-23156 (Art Gallery Management System Project in PHP 1.0 was
discovered to con ...)
+ TODO: check
+CVE-2023-23155 (Art Gallery Management System Project in PHP 1.0 was
discovered to con ...)
+ TODO: check
CVE-2023-23154
RESERVED
CVE-2023-23153
@@ -11201,10 +11323,10 @@ CVE-2023-23111
RESERVED
CVE-2023-23110 (An exploitable firmware modification vulnerability was
discovered in c ...)
NOT-FOR-US: Netgear
-CVE-2023-23109
- RESERVED
-CVE-2023-23108
- RESERVED
+CVE-2023-23109 (In crasm 1.8-3, invalid input validation, specific files
passed to the ...)
+ TODO: check
+CVE-2023-23108 (In crasm 1.8-3, invalid input validation, specific files
passed to the ...)
+ TODO: check
CVE-2023-23107
RESERVED
CVE-2023-23106
@@ -11330,8 +11452,8 @@ CVE-2023-23082 (A heap buffer overflow vulnerability in
Kodi Home Theater Softwa
NOTE: https://github.com/xbmc/xbmc/pull/22380
CVE-2023-23081
RESERVED
-CVE-2023-23080
- RESERVED
+CVE-2023-23080 (Certain Tenda products are vulnerable to command injection.
This affec ...)
+ TODO: check
CVE-2023-23079
RESERVED
CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine
ServiceD ...)
@@ -11751,8 +11873,8 @@ CVE-2023-0170 (The Html5 Audio Player WordPress plugin
before 2.1.12 does not va
NOT-FOR-US: WordPress plugin
CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0168
- RESERVED
+CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does
not valid ...)
+ TODO: check
CVE-2023-0167
RESERVED
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress
plugin bef ...)
@@ -12053,8 +12175,8 @@ CVE-2023-22862
RESERVED
CVE-2023-22861
RESERVED
-CVE-2023-22860
- RESERVED
+CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,
19.0.1, ...)
+ TODO: check
CVE-2023-22859
RESERVED
CVE-2023-22459
@@ -12120,8 +12242,8 @@ CVE-2022-48232
RESERVED
CVE-2022-48231
RESERVED
-CVE-2022-48230
- RESERVED
+CVE-2022-48230 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
+ TODO: check
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a
file with ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
@@ -12843,8 +12965,8 @@ CVE-2023-22638 (Several improper neutralization of
inputs during web page genera
NOT-FOR-US: FortiGuard
CVE-2023-22637
RESERVED
-CVE-2023-22636
- RESERVED
+CVE-2023-22636 (An unauthorized configuration download vulnerability in
FortiWeb 6.3.6 ...)
+ TODO: check
CVE-2023-22635
RESERVED
CVE-2023-22634
@@ -13150,8 +13272,8 @@ CVE-2023-22588
RESERVED
CVE-2023-22587
RESERVED
-CVE-2023-0043
- RESERVED
+CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not
sanitise a ...)
+ TODO: check
CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2023-0041
@@ -13674,8 +13796,8 @@ CVE-2022-4831 (The Custom User Profile Fields for User
Registration WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not
valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4829
- RESERVED
+CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5
does no ...)
+ TODO: check
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4827
@@ -14248,8 +14370,8 @@ CVE-2022-4797 (Improper Restriction of Excessive
Authentication Attempts in GitH
NOT-FOR-US: usememos
CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository
usememos/memos p ...)
NOT-FOR-US: usememos
-CVE-2022-4795
- RESERVED
+CVE-2022-4795 (The Galleries by Angie Makes WordPress plugin through 1.67 does
not va ...)
+ TODO: check
CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse
trusted d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not
validate and ...)
@@ -14262,8 +14384,8 @@ CVE-2022-4790 (The WP Google My Business Auto Publish
WordPress plugin before 3.
NOT-FOR-US: WordPress plugin
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not
validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4788
- RESERVED
+CVE-2022-4788 (The Embed PDF WordPress plugin through 1.0.6 does not validate
and esc ...)
+ TODO: check
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not
validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate
and esca ...)
@@ -14534,8 +14656,8 @@ CVE-2022-4759 (The GigPress WordPress plugin before
2.3.28 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not
validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4757
- RESERVED
+CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not
valida ...)
+ TODO: check
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not
validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as
problematic. ...)
@@ -14896,8 +15018,8 @@ CVE-2022-47914
RESERVED
CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11
unserializes user ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4679
- RESERVED
+CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not
validate and ...)
+ TODO: check
CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not
valida ...)
@@ -17249,8 +17371,8 @@ CVE-2022-4552 (The FL3R FeelBox WordPress plugin
through 8.1 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does
not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4550
- RESERVED
+CVE-2022-4550 (The User Activity WordPress plugin through 1.0.1 checks headers
such a ...)
+ TODO: check
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF
check i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI
WordPress pl ...)
@@ -22771,8 +22893,8 @@ CVE-2022-45699 (Command injection in the administration
interface in APSystems E
NOT-FOR-US: APSystems
CVE-2022-45698
RESERVED
-CVE-2022-45697
- RESERVED
+CVE-2022-45697 (Arbitrary File Delete vulnerability in Razer Central before
v7.8.0.381 ...)
+ TODO: check
CVE-2022-45696
RESERVED
CVE-2022-45695
@@ -24605,7 +24727,7 @@ CVE-2022-3936 (The Team Members WordPress plugin before
5.2.1 does not sanitize
NOT-FOR-US: WordPress plugin
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize
and escap ...)
+CVE-2022-3934 (The FlatPM WordPress plugin before 3.0.13 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does
not sanit ...)
NOT-FOR-US: WordPress plugin
@@ -24627,14 +24749,14 @@ CVE-2022-45141
RESERVED
- samba 2:4.16.0+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
-CVE-2022-45140
- RESERVED
-CVE-2022-45139
- RESERVED
-CVE-2022-45138
- RESERVED
-CVE-2022-45137
- RESERVED
+CVE-2022-45140 (The configuration backend allows an unauthenticated user to
write arbi ...)
+ TODO: check
+CVE-2022-45139 (A CORS Misconfiguration in the web-based management allows a
malicious ...)
+ TODO: check
+CVE-2022-45138 (The configuration backend of the web-based management can be
used by u ...)
+ TODO: check
+CVE-2022-45137 (The configuration backend of the web-based management is
vulnerable to ...)
+ TODO: check
CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and
earlier is ...)
- apache-jena 4.5.0-1 (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
@@ -40513,8 +40635,8 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm
in Open vSwitch 2.x throu
NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431
NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
-CVE-2022-40237
- RESERVED
+CVE-2022-40237 (IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of
service atta ...)
+ TODO: check
CVE-2022-40236
RESERVED
CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to
cause a ...)
@@ -55024,12 +55146,12 @@ CVE-2022-2288 (Out-of-bounds Write in GitHub
repository vim/vim prior to 9.0. ..
[buster] - vim <not-affected> (vulnerable code introduced in 8.2.4763)
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE:
https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a
(v9.0.0025)
-CVE-2022-34910
- RESERVED
-CVE-2022-34909
- RESERVED
-CVE-2022-34908
- RESERVED
+CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
+ TODO: check
+CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
+ TODO: check
+CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
+ TODO: check
CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave
before 14.6. ...)
NOT-FOR-US: FileWave
CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before
14.6.3 and 1 ...)
@@ -129203,8 +129325,8 @@ CVE-2021-34250
NOT-FOR-US: baijiacms
CVE-2021-34249 (SQL injection vulnerability in sourcecodester
online-book-store 1.0 al ...)
TODO: check
-CVE-2021-34248 (SQL injection vulnerability in sourcecodester
mobile-shop-system-php-m ...)
- TODO: check
+CVE-2021-34248
+ REJECTED
CVE-2021-34247
RESERVED
CVE-2021-34246
@@ -134192,8 +134314,8 @@ CVE-2021-32304
RESERVED
CVE-2021-32303
RESERVED
-CVE-2021-32302
- RESERVED
+CVE-2021-32302 (Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM
router ...)
+ TODO: check
CVE-2021-32301
RESERVED
CVE-2021-32300
@@ -308780,185 +308902,185 @@ CVE-2018-18190 (An issue was discovered in GoPro
gpmf-parser before 1.2.1. There
CVE-2018-18189
RESERVED
CVE-2018-18188
- RESERVED
+ REJECTED
CVE-2018-18187
- RESERVED
+ REJECTED
CVE-2018-18186
- RESERVED
+ REJECTED
CVE-2018-18185
- RESERVED
+ REJECTED
CVE-2018-18184
- RESERVED
+ REJECTED
CVE-2018-18183
- RESERVED
+ REJECTED
CVE-2018-18182
- RESERVED
+ REJECTED
CVE-2018-18181
- RESERVED
+ REJECTED
CVE-2018-18180
- RESERVED
+ REJECTED
CVE-2018-18179
- RESERVED
+ REJECTED
CVE-2018-18178
- RESERVED
+ REJECTED
CVE-2018-18177
- RESERVED
+ REJECTED
CVE-2018-18176
- RESERVED
+ REJECTED
CVE-2018-18175
- RESERVED
+ REJECTED
CVE-2018-18174
- RESERVED
+ REJECTED
CVE-2018-18173
- RESERVED
+ REJECTED
CVE-2018-18172
- RESERVED
+ REJECTED
CVE-2018-18171
- RESERVED
+ REJECTED
CVE-2018-18170
- RESERVED
+ REJECTED
CVE-2018-18169
- RESERVED
+ REJECTED
CVE-2018-18168
- RESERVED
+ REJECTED
CVE-2018-18167
- RESERVED
+ REJECTED
CVE-2018-18166
- RESERVED
+ REJECTED
CVE-2018-18165
- RESERVED
+ REJECTED
CVE-2018-18164
- RESERVED
+ REJECTED
CVE-2018-18163
- RESERVED
+ REJECTED
CVE-2018-18162
- RESERVED
+ REJECTED
CVE-2018-18161
- RESERVED
+ REJECTED
CVE-2018-18160
- RESERVED
+ REJECTED
CVE-2018-18159
- RESERVED
+ REJECTED
CVE-2018-18158
- RESERVED
+ REJECTED
CVE-2018-18157
- RESERVED
+ REJECTED
CVE-2018-18156
- RESERVED
+ REJECTED
CVE-2018-18155
- RESERVED
+ REJECTED
CVE-2018-18154
- RESERVED
+ REJECTED
CVE-2018-18153
- RESERVED
+ REJECTED
CVE-2018-18152
- RESERVED
+ REJECTED
CVE-2018-18151
- RESERVED
+ REJECTED
CVE-2018-18150
- RESERVED
+ REJECTED
CVE-2018-18149
- RESERVED
+ REJECTED
CVE-2018-18148
- RESERVED
+ REJECTED
CVE-2018-18147
- RESERVED
+ REJECTED
CVE-2018-18146
- RESERVED
+ REJECTED
CVE-2018-18145
- RESERVED
+ REJECTED
CVE-2018-18144
- RESERVED
+ REJECTED
CVE-2018-18143
- RESERVED
+ REJECTED
CVE-2018-18142
- RESERVED
+ REJECTED
CVE-2018-18141
- RESERVED
+ REJECTED
CVE-2018-18140
- RESERVED
+ REJECTED
CVE-2018-18139
- RESERVED
+ REJECTED
CVE-2018-18138
- RESERVED
+ REJECTED
CVE-2018-18137
- RESERVED
+ REJECTED
CVE-2018-18136
- RESERVED
+ REJECTED
CVE-2018-18135
- RESERVED
+ REJECTED
CVE-2018-18134
- RESERVED
+ REJECTED
CVE-2018-18133
- RESERVED
+ REJECTED
CVE-2018-18132
- RESERVED
+ REJECTED
CVE-2018-18131
- RESERVED
+ REJECTED
CVE-2018-18130
- RESERVED
+ REJECTED
CVE-2018-18129
- RESERVED
+ REJECTED
CVE-2018-18128
- RESERVED
+ REJECTED
CVE-2018-18127
- RESERVED
+ REJECTED
CVE-2018-18126
- RESERVED
+ REJECTED
CVE-2018-18125
- RESERVED
+ REJECTED
CVE-2018-18124
- RESERVED
+ REJECTED
CVE-2018-18123
- RESERVED
+ REJECTED
CVE-2018-18122
- RESERVED
+ REJECTED
CVE-2018-18121
- RESERVED
+ REJECTED
CVE-2018-18120
- RESERVED
+ REJECTED
CVE-2018-18119
- RESERVED
+ REJECTED
CVE-2018-18118
- RESERVED
+ REJECTED
CVE-2018-18117
- RESERVED
+ REJECTED
CVE-2018-18116
- RESERVED
+ REJECTED
CVE-2018-18115
- RESERVED
+ REJECTED
CVE-2018-18114
- RESERVED
+ REJECTED
CVE-2018-18113
- RESERVED
+ REJECTED
CVE-2018-18112
- RESERVED
+ REJECTED
CVE-2018-18111
- RESERVED
+ REJECTED
CVE-2018-18110
- RESERVED
+ REJECTED
CVE-2018-18109
- RESERVED
+ REJECTED
CVE-2018-18108
- RESERVED
+ REJECTED
CVE-2018-18107
- RESERVED
+ REJECTED
CVE-2018-18106
- RESERVED
+ REJECTED
CVE-2018-18105
- RESERVED
+ REJECTED
CVE-2018-18104
- RESERVED
+ REJECTED
CVE-2018-18103
- RESERVED
+ REJECTED
CVE-2018-18102
- RESERVED
+ REJECTED
CVE-2018-18101
- RESERVED
+ REJECTED
CVE-2018-18100
- RESERVED
+ REJECTED
CVE-2018-18099
- RESERVED
+ REJECTED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX
SDK and ...)
NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive
Toolbox befo ...)
@@ -308972,7 +309094,7 @@ CVE-2018-18094 (Improper directory permissions in
installer for Intel(R) Media S
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune
Amplifier 2 ...)
NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
- RESERVED
+ REJECTED
CVE-2018-18091 (Use after free in Kernel Mode Driver in Intel(R) Graphics
Driver for W ...)
NOT-FOR-US: Intel
CVE-2018-18090 (Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver
for Wind ...)
@@ -324536,13 +324658,13 @@ CVE-2018-12199 (Buffer overflow in an OS component
in Intel CSME before versions
CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform
Services HEC ...)
NOT-FOR-US: Intel
CVE-2018-12197
- RESERVED
+ REJECTED
CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME
before ...)
NOT-FOR-US: Intel
CVE-2018-12195
- RESERVED
+ REJECTED
CVE-2018-12194
- RESERVED
+ REJECTED
CVE-2018-12193 (Insufficient access control in driver stack for Intel
QuickAssist Tech ...)
NOT-FOR-US: Intel
CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version
11.8.60, 11 ...)
@@ -324558,11 +324680,11 @@ CVE-2018-12188 (Insufficient input validation in
Intel CSME before versions 11.8
CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management
Technology ...)
NOT-FOR-US: Intel
CVE-2018-12186
- RESERVED
+ REJECTED
CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME
before ...)
NOT-FOR-US: Intel
CVE-2018-12184
- RESERVED
+ REJECTED
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an
unauthenticated user ...)
- edk2 0~20181115.85588389-1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -324611,7 +324733,7 @@ CVE-2018-12172 (Improper password hashing in firmware
in Intel Server Board (S72
CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller
(BMC) fi ...)
NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
- RESERVED
+ REJECTED
CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core
Processor, ...)
NOT-FOR-US: Intel
NOTE:
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
@@ -324622,9 +324744,9 @@ CVE-2018-12167 (Firmware update routine in bootloader
for Intel(R) Optane(TM) SS
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R)
Optane(TM) SSD ...)
NOT-FOR-US: Intel
CVE-2018-12165
- RESERVED
+ REJECTED
CVE-2018-12164
- RESERVED
+ REJECTED
CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit
4.0 inst ...)
NOT-FOR-US: Intel IoT Developers Kit
CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for
Windows before ...)
@@ -324638,9 +324760,9 @@ CVE-2018-12159 (Buffer overflow in the command-line
interface for Intel(R) PROSe
CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel
NUC FW k ...)
NOT-FOR-US: Intel
CVE-2018-12157
- RESERVED
+ REJECTED
CVE-2018-12156
- RESERVED
+ REJECTED
CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before
2019 upda ...)
NOT-FOR-US: Intel
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics
Drivers ...)
@@ -324660,35 +324782,35 @@ CVE-2018-12148 (Privilege escalation in file
permissions in Intel Driver and Sup
CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R)
CSME befor ...)
NOT-FOR-US: Intel
CVE-2018-12146
- RESERVED
+ REJECTED
CVE-2018-12145
- RESERVED
+ REJECTED
CVE-2018-12144
- RESERVED
+ REJECTED
CVE-2018-12143
- RESERVED
+ REJECTED
CVE-2018-12142
- RESERVED
+ REJECTED
CVE-2018-12141
- RESERVED
+ REJECTED
CVE-2018-12140
- RESERVED
+ REJECTED
CVE-2018-12139
- RESERVED
+ REJECTED
CVE-2018-12138
- RESERVED
+ REJECTED
CVE-2018-12137
- RESERVED
+ REJECTED
CVE-2018-12136
- RESERVED
+ REJECTED
CVE-2018-12135
- RESERVED
+ REJECTED
CVE-2018-12134
- RESERVED
+ REJECTED
CVE-2018-12133
- RESERVED
+ REJECTED
CVE-2018-12132
- RESERVED
+ REJECTED
CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe
before versio ...)
NOT-FOR-US: Intel
CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill
buffers on ...)
@@ -324705,9 +324827,9 @@ CVE-2018-12130 (Microarchitectural Fill Buffer Data
Sampling (MFBDS): Fill buffe
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12129
- RESERVED
+ REJECTED
CVE-2018-12128
- RESERVED
+ REJECTED
CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports
on some ...)
{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
@@ -324735,7 +324857,7 @@ CVE-2018-12126 (Microarchitectural Store Buffer Data
Sampling (MSBDS): Store buf
NOTE:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see
#929067 for qemu and #929154 for libvirt
CVE-2018-12125
- RESERVED
+ REJECTED
CVE-2018-12124
RESERVED
CVE-2018-12123 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0
and 11. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb1ae8299e4ad5a964506bfbefa7564f1fa5de6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb1ae8299e4ad5a964506bfbefa7564f1fa5de6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
