Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 100cd8b6 by security tracker role at 2023-03-13T20:10:40+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,151 @@ +CVE-2023-28215 + RESERVED +CVE-2023-28214 + RESERVED +CVE-2023-28213 + RESERVED +CVE-2023-28212 + RESERVED +CVE-2023-28211 + RESERVED +CVE-2023-28210 + RESERVED +CVE-2023-28209 + RESERVED +CVE-2023-28208 + RESERVED +CVE-2023-28207 + RESERVED +CVE-2023-28206 + RESERVED +CVE-2023-28205 + RESERVED +CVE-2023-28204 + RESERVED +CVE-2023-28203 + RESERVED +CVE-2023-28202 + RESERVED +CVE-2023-28201 + RESERVED +CVE-2023-28200 + RESERVED +CVE-2023-28199 + RESERVED +CVE-2023-28198 + RESERVED +CVE-2023-28197 + RESERVED +CVE-2023-28196 + RESERVED +CVE-2023-28195 + RESERVED +CVE-2023-28194 + RESERVED +CVE-2023-28193 + RESERVED +CVE-2023-28192 + RESERVED +CVE-2023-28191 + RESERVED +CVE-2023-28190 + RESERVED +CVE-2023-28189 + RESERVED +CVE-2023-28188 + RESERVED +CVE-2023-28187 + RESERVED +CVE-2023-28186 + RESERVED +CVE-2023-28185 + RESERVED +CVE-2023-28184 + RESERVED +CVE-2023-28183 + RESERVED +CVE-2023-28182 + RESERVED +CVE-2023-28181 + RESERVED +CVE-2023-28180 + RESERVED +CVE-2023-28179 + RESERVED +CVE-2023-28178 + RESERVED +CVE-2023-28177 + RESERVED +CVE-2023-28176 + RESERVED +CVE-2023-28175 + RESERVED +CVE-2023-28174 + RESERVED +CVE-2023-28173 + RESERVED +CVE-2023-28172 + RESERVED +CVE-2023-28171 + RESERVED +CVE-2023-28170 + RESERVED +CVE-2023-28169 + RESERVED +CVE-2023-28168 + RESERVED +CVE-2023-28167 + RESERVED +CVE-2023-28166 + RESERVED +CVE-2023-28165 + RESERVED +CVE-2023-28164 + RESERVED +CVE-2023-28163 + RESERVED +CVE-2023-28162 + RESERVED +CVE-2023-28161 + RESERVED +CVE-2023-28160 + RESERVED +CVE-2023-28159 + RESERVED +CVE-2023-1380 + RESERVED +CVE-2023-1379 + RESERVED +CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...) + TODO: check +CVE-2023-1377 + RESERVED +CVE-2023-1376 + RESERVED +CVE-2023-1375 + RESERVED +CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...) + TODO: check +CVE-2023-1373 + RESERVED +CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-1371 + RESERVED +CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...) + TODO: check +CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has ...) + TODO: check +CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...) + TODO: check +CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...) + TODO: check +CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + TODO: check +CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) + TODO: check +CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + TODO: check CVE-2023-28158 RESERVED CVE-2023-28157 @@ -1739,8 +1887,8 @@ CVE-2023-27582 RESERVED CVE-2023-27581 RESERVED -CVE-2023-27580 - RESERVED +CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...) + TODO: check CVE-2023-27579 RESERVED CVE-2023-27578 @@ -3095,8 +3243,8 @@ CVE-2023-27095 RESERVED CVE-2023-27094 RESERVED -CVE-2023-27093 - RESERVED +CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...) + TODO: check CVE-2023-27092 RESERVED CVE-2023-27091 @@ -3151,16 +3299,16 @@ CVE-2023-27067 RESERVED CVE-2023-27066 RESERVED -CVE-2023-27065 - RESERVED -CVE-2023-27064 - RESERVED -CVE-2023-27063 - RESERVED -CVE-2023-27062 - RESERVED -CVE-2023-27061 - RESERVED +CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + TODO: check +CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + TODO: check +CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + TODO: check +CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...) + TODO: check +CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + TODO: check CVE-2023-27060 RESERVED CVE-2023-27059 @@ -3261,8 +3409,8 @@ CVE-2023-27012 RESERVED CVE-2023-27011 RESERVED -CVE-2023-27010 - RESERVED +CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...) + TODO: check CVE-2023-27009 RESERVED CVE-2023-27008 @@ -4880,8 +5028,8 @@ CVE-2023-26315 RESERVED CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MedData Informatics MedDataPACS -CVE-2023-0978 - RESERVED +CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...) + TODO: check CVE-2023-0977 RESERVED CVE-2023-0976 @@ -4890,8 +5038,8 @@ CVE-2023-0975 RESERVED CVE-2023-0974 RESERVED -CVE-2023-0973 - RESERVED +CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...) + TODO: check CVE-2023-0972 RESERVED CVE-2023-0971 @@ -5555,16 +5703,16 @@ CVE-2023-26078 RESERVED CVE-2023-26077 RESERVED -CVE-2023-26076 - RESERVED +CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + TODO: check CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung -CVE-2023-26074 - RESERVED -CVE-2023-26073 - RESERVED -CVE-2023-26072 - RESERVED +CVE-2023-26074 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + TODO: check +CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + TODO: check +CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + TODO: check CVE-2023-26071 RESERVED CVE-2023-26070 @@ -5843,8 +5991,8 @@ CVE-2023-25993 RESERVED CVE-2023-25992 RESERVED -CVE-2023-25991 - RESERVED +CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...) + TODO: check CVE-2023-25990 RESERVED CVE-2023-25989 @@ -5879,8 +6027,8 @@ CVE-2023-25975 RESERVED CVE-2023-25974 RESERVED -CVE-2023-25973 - RESERVED +CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + TODO: check CVE-2023-25972 RESERVED CVE-2023-25971 @@ -5935,8 +6083,8 @@ CVE-2023-0890 RESERVED CVE-2023-0889 RESERVED -CVE-2023-0888 - RESERVED +CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...) + TODO: check CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...) NOT-FOR-US: phjounin TFTPD64-SE CVE-2023-0886 @@ -6392,8 +6540,8 @@ CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of al CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...) - consul <not-affected> (Only affects 1.14.x) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197 -CVE-2023-0844 - RESERVED +CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...) + TODO: check CVE-2023-0843 RESERVED CVE-2023-0842 @@ -6965,8 +7113,8 @@ CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certific NOT-FOR-US: SourceCodester Medical Certificate Generator App CVE-2023-0773 RESERVED -CVE-2023-0772 - RESERVED +CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...) + TODO: check CVE-2023-25676 RESERVED CVE-2023-25675 @@ -7198,8 +7346,8 @@ CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse NOT-FOR-US: FreeBSD GELI CVE-2023-0750 RESERVED -CVE-2023-0749 - RESERVED +CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...) + TODO: check CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) NOT-FOR-US: btcpayserver CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) @@ -8025,16 +8173,16 @@ CVE-2023-25285 RESERVED CVE-2023-25284 RESERVED -CVE-2023-25283 - RESERVED +CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...) + TODO: check CVE-2023-25282 RESERVED CVE-2023-25281 RESERVED CVE-2023-25280 RESERVED -CVE-2023-25279 - RESERVED +CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) + TODO: check CVE-2023-25278 RESERVED CVE-2023-25277 @@ -8348,8 +8496,8 @@ CVE-2023-25172 RESERVED CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...) NOT-FOR-US: Kiwi TCMS -CVE-2023-25170 - RESERVED +CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...) + TODO: check CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...) NOT-FOR-US: Discourse plugin CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...) @@ -8787,10 +8935,10 @@ CVE-2023-0631 RESERVED CVE-2023-0630 RESERVED -CVE-2023-0629 - RESERVED -CVE-2023-0628 - RESERVED +CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...) + TODO: check +CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...) + TODO: check CVE-2023-0627 RESERVED CVE-2023-0626 @@ -9425,8 +9573,8 @@ CVE-2023-24764 RESERVED CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...) NOT-FOR-US: PrestaShop module -CVE-2023-24762 - RESERVED +CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...) + TODO: check CVE-2023-24761 RESERVED CVE-2023-24760 @@ -9942,8 +10090,8 @@ CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does no NOT-FOR-US: WordPress plugin CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...) NOT-FOR-US: WordPress plugin -CVE-2023-0538 - RESERVED +CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...) + TODO: check CVE-2023-0537 RESERVED CVE-2023-0536 @@ -9973,12 +10121,12 @@ CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Djang - python-django 3:3.2.18-1 (bug #1031290) NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18) -CVE-2023-24579 - RESERVED -CVE-2023-24578 - RESERVED -CVE-2023-24577 - RESERVED +CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...) + TODO: check +CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...) + TODO: check +CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...) + TODO: check CVE-2023-24543 RESERVED CVE-2023-23908 @@ -10346,8 +10494,8 @@ CVE-2023-0479 RESERVED CVE-2023-0478 RESERVED -CVE-2023-0477 - RESERVED +CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) + TODO: check CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...) NOT-FOR-US: Tenable CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...) @@ -11422,8 +11570,8 @@ CVE-2023-24035 RESERVED CVE-2023-24034 RESERVED -CVE-2023-24033 - RESERVED +CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...) + TODO: check CVE-2023-24032 RESERVED CVE-2023-24031 @@ -12372,8 +12520,8 @@ CVE-2023-23713 RESERVED CVE-2023-23712 RESERVED -CVE-2023-23711 - RESERVED +CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...) + TODO: check CVE-2023-23710 RESERVED CVE-2023-23709 @@ -14138,8 +14286,8 @@ CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3 NOT-FOR-US: Trellix CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...) NOT-FOR-US: WordPress plugin -CVE-2023-0219 - RESERVED +CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...) + TODO: check CVE-2023-0218 RESERVED CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...) @@ -14666,8 +14814,8 @@ CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and esc NOT-FOR-US: WordPress plugin CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...) NOT-FOR-US: WordPress plugin -CVE-2023-0172 - RESERVED +CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...) + TODO: check CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...) @@ -15576,8 +15724,8 @@ CVE-2023-22702 RESERVED CVE-2023-22701 RESERVED -CVE-2023-22700 - RESERVED +CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...) + TODO: check CVE-2023-22699 RESERVED CVE-2023-22698 @@ -15890,8 +16038,8 @@ CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and NOT-FOR-US: WordPress plugin CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...) NOT-FOR-US: WordPress plugin -CVE-2023-0073 - RESERVED +CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...) + TODO: check CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...) @@ -15904,8 +16052,8 @@ CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugi NOT-FOR-US: WordPress plugin CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...) NOT-FOR-US: WordPress plugin -CVE-2023-0066 - RESERVED +CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does ...) + TODO: check CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...) @@ -16110,8 +16258,8 @@ CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to NOT-FOR-US: User Post Gallery - UPG plugin for WordPress CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...) NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress -CVE-2023-0037 - RESERVED +CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...) + TODO: check CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...) NOT-FOR-US: OpenHarmony CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...) @@ -17892,8 +18040,8 @@ CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subs [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4) -CVE-2022-4661 - RESERVED +CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...) + TODO: check CVE-2022-4660 RESERVED CVE-2022-4659 @@ -17910,8 +18058,8 @@ CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 NOT-FOR-US: WordPress plugin CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...) NOT-FOR-US: WordPress plugin -CVE-2022-4652 - RESERVED +CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...) + TODO: check CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...) @@ -20449,8 +20597,8 @@ CVE-2022-47442 RESERVED CVE-2022-47441 RESERVED -CVE-2022-47440 - RESERVED +CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) + TODO: check CVE-2022-47439 RESERVED CVE-2022-47438 @@ -20762,8 +20910,8 @@ CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not valida NOT-FOR-US: WordPress plugin CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...) NOT-FOR-US: WordPress plugin -CVE-2022-4466 - RESERVED +CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...) + TODO: check CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...) @@ -21379,8 +21527,8 @@ CVE-2022-47168 RESERVED CVE-2022-47167 RESERVED -CVE-2022-47166 - RESERVED +CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...) + TODO: check CVE-2022-47165 RESERVED CVE-2022-47164 @@ -22576,7 +22724,7 @@ CVE-2022-4332 RESERVED CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) -CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not sanitise an ...) +CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...) NOT-FOR-US: WordPress plugin @@ -26284,7 +26432,7 @@ CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r p NOT-FOR-US: CAE LearningSpace Enterprise CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...) NOT-FOR-US: JetBrains Hub -CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...) +CVE-2022-45470 (missing input validation in Apache Hama may cause information disclosu ...) NOT-FOR-US: Apache Hama CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...) NOT-FOR-US: CONPROSYS HMI System (CHS) @@ -26356,7 +26504,7 @@ CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authent - mattermost-server <itp> (bug #823556) CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...) NOT-FOR-US: WordPress plugin -CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...) +CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) NOT-FOR-US: Hitachi @@ -42380,8 +42528,8 @@ CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, def NOT-FOR-US: WordPress plugin CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) NOT-FOR-US: WordPress plugin -CVE-2022-38074 - RESERVED +CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 1 ...) + TODO: check CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-36424 @@ -49605,8 +49753,8 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH NOT-FOR-US: WordPress plugin CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...) NOT-FOR-US: WordPress plugin -CVE-2022-31474 - RESERVED +CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...) + TODO: check CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...) NOT-FOR-US: WordPress plugin CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...) @@ -54968,6 +55116,7 @@ CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distribut CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...) NOT-FOR-US: Deeplearning4J CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...) + {DLA-3361-1} - redis 5:7.0.9-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 @@ -82989,7 +83138,7 @@ CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollut NOT-FOR-US: Simple-Plist CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...) NOT-FOR-US: Xiongmai -CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote command exe ...) +CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain remote command execu ...) NOT-FOR-US: D-Link CVE-2022-26257 RESERVED @@ -93278,7 +93427,7 @@ CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability dis NOT-FOR-US: WordPress plugin CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) NOT-FOR-US: WordPress plugin -CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...) +CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP ...) NOT-FOR-US: WordPress plugin CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin @@ -98991,8 +99140,8 @@ CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions NOT-FOR-US: SAFARI Montage CVE-2021-45424 RESERVED -CVE-2021-45423 - RESERVED +CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports f ...) + TODO: check CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) NOT-FOR-US: Reprise License Manager CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
