Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19091648 by security tracker role at 2023-03-27T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2023-28927
+ RESERVED
+CVE-2023-28926
+ RESERVED
+CVE-2023-28925
+ RESERVED
+CVE-2023-28924
+ RESERVED
+CVE-2023-28923
+ RESERVED
+CVE-2023-28922
+ RESERVED
+CVE-2023-28921
+ RESERVED
+CVE-2023-28920
+ RESERVED
+CVE-2023-28919
+ RESERVED
+CVE-2023-28918
+ RESERVED
+CVE-2023-28917
+ RESERVED
+CVE-2023-28916
+ RESERVED
+CVE-2023-28915
+ RESERVED
+CVE-2023-28914
+ RESERVED
+CVE-2023-28913
+ RESERVED
+CVE-2023-28912
+ RESERVED
+CVE-2023-28911
+ RESERVED
+CVE-2023-28910
+ RESERVED
+CVE-2023-28909
+ RESERVED
+CVE-2023-28908
+ RESERVED
+CVE-2023-28907
+ RESERVED
+CVE-2023-28906
+ RESERVED
+CVE-2023-28905
+ RESERVED
+CVE-2023-28904
+ RESERVED
+CVE-2023-28903
+ RESERVED
+CVE-2023-28902
+ RESERVED
+CVE-2023-28901
+ RESERVED
+CVE-2023-28900
+ RESERVED
+CVE-2023-28899
+ RESERVED
+CVE-2023-28898
+ RESERVED
+CVE-2023-28897
+ RESERVED
+CVE-2023-28896
+ RESERVED
+CVE-2023-28895
+ RESERVED
+CVE-2023-28894
+ RESERVED
+CVE-2023-28893
+ RESERVED
+CVE-2023-1663
+ RESERVED
+CVE-2023-1662
+ RESERVED
+CVE-2023-1661
+ RESERVED
+CVE-2023-1660
+ RESERVED
+CVE-2023-1659 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
+ TODO: check
+CVE-2023-1658
+ RESERVED
+CVE-2023-1657
+ RESERVED
+CVE-2023-1656
+ RESERVED
+CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.4 ...)
+ TODO: check
+CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to
2.4.0. ...)
+ TODO: check
+CVE-2023-1653
+ RESERVED
+CVE-2023-1652
+ RESERVED
+CVE-2023-1651
+ RESERVED
+CVE-2023-1650
+ RESERVED
+CVE-2023-1649
+ RESERVED
+CVE-2023-1648
+ RESERVED
+CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572,
2022.1.15583 refle ...)
+ TODO: check
+CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH
keys page ...)
+ TODO: check
+CVE-2022-48427 (In JetBrains TeamCity before 2022.10.3 stored XSS on
“Pending ch ...)
+ TODO: check
+CVE-2022-48426 (In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce
connecti ...)
+ TODO: check
CVE-2023-28892
RESERVED
CVE-2023-28891
@@ -659,6 +769,7 @@ CVE-2023-1544 (A flaw was found in the QEMU implementation
of VMWare's paravirtu
- qemu <unfixed>
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2
allows a ...)
+ {DSA-5379-1}
- dino-im 0.4.2-1 (bug #1033370)
[buster] - dino-im <not-affected> (Vulnerable code added in v0.1.0)
NOTE: https://dino.im/security/cve-2023-28686/
@@ -1861,10 +1972,10 @@ CVE-2023-1402 (The course participation report required
additional checks to pre
- moodle <removed>
CVE-2023-1401
RESERVED
-CVE-2023-1400
- RESERVED
-CVE-2023-1399
- RESERVED
+CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2
does n ...)
+ TODO: check
+CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to
untrusted d ...)
+ TODO: check
CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy
TeaCMS ...)
NOT-FOR-US: XiaoBingBy TeaCMS
CVE-2023-1397 (A vulnerability classified as problematic has been found in
SourceCode ...)
@@ -3293,7 +3404,8 @@ CVE-2023-1249 (A use-after-free flaw was found in the
Linux kernel’s core
NOTE:
https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1)
CVE-2023-1248 (Improper Input Validation vulnerability in OTRS AG OTRS (Ticket
Action ...)
TODO: check
-CVE-2023-1247 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
+CVE-2023-1247
+ REJECTED
NOT-FOR-US: pimcore
CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to
information dis ...)
NOT-FOR-US: Total Upkeep plugin for WordPress
@@ -3569,8 +3681,8 @@ CVE-2023-1186 (A vulnerability has been found in
FabulaTech Webcam for Remote De
NOT-FOR-US: FabulaTech Webcam for Remote Desktop
CVE-2023-1185 (A vulnerability, which was classified as problematic, was found
in ECs ...)
NOT-FOR-US: ECshop
-CVE-2020-36666
- RESERVED
+CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5,
final-user-wp-fronten ...)
+ TODO: check
CVE-2023-XXXX [Transaction cache overrides the current user]
- tryton-server 6.0.29-1
[bullseye] - tryton-server <not-affected> (Vulnerable code not present)
@@ -3582,8 +3694,8 @@ CVE-2023-27849
RESERVED
CVE-2023-27848
RESERVED
-CVE-2023-27847
- RESERVED
+CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog
v.2.0.1 and be ...)
+ TODO: check
CVE-2023-27846
RESERVED
CVE-2023-27845
@@ -4499,32 +4611,32 @@ CVE-2023-1147 (Cross-site Scripting (XSS) - Stored in
GitHub repository flatpres
NOT-FOR-US: flatpressblog
CVE-2023-1146 (Cross-site Scripting (XSS) - Generic in GitHub repository
flatpressblo ...)
NOT-FOR-US: flatpressblog
-CVE-2023-1145
- RESERVED
-CVE-2023-1144
- RESERVED
-CVE-2023-1143
- RESERVED
-CVE-2023-1142
- RESERVED
-CVE-2023-1141
- RESERVED
-CVE-2023-1140
- RESERVED
-CVE-2023-1139
- RESERVED
-CVE-2023-1138
- RESERVED
-CVE-2023-1137
- RESERVED
-CVE-2023-1136
- RESERVED
-CVE-2023-1135
- RESERVED
-CVE-2023-1134
- RESERVED
-CVE-2023-1133
- RESERVED
+CVE-2023-1145 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 are ...)
+ TODO: check
+CVE-2023-1144 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
+CVE-2023-1143 (In Delta Electronics InfraSuite Device Master versions prior to
1.0.5, ...)
+ TODO: check
+CVE-2023-1142 (In Delta Electronics InfraSuite Device Master versions prior to
1.0.5, ...)
+ TODO: check
+CVE-2023-1141 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
+CVE-2023-1140 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
+CVE-2023-1139 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 are ...)
+ TODO: check
+CVE-2023-1138 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
+CVE-2023-1137 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
+CVE-2023-1136 (In Delta Electronics InfraSuite Device Master versions prior to
1.0.5, ...)
+ TODO: check
+CVE-2023-1135 (In Delta Electronics InfraSuite Device Master versions prior to
1.0.5, ...)
+ TODO: check
+CVE-2023-1134 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 are ...)
+ TODO: check
+CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
+ TODO: check
CVE-2023-1132
RESERVED
CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts
Sales ...)
@@ -5029,22 +5141,22 @@ CVE-2023-1095 (In nf_tables_updtable, if
nf_tables_table_enable returns an error
NOTE:
https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1)
CVE-2023-1094
RESERVED
-CVE-2023-1093
- RESERVED
-CVE-2023-1092
- RESERVED
+CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does
not have ...)
+ TODO: check
+CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2,
OAuth Si ...)
+ TODO: check
CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Alpata Licensed Warehousing Automation System
CVE-2023-1090
RESERVED
-CVE-2023-1089
- RESERVED
-CVE-2023-1088
- RESERVED
-CVE-2023-1087
- RESERVED
-CVE-2023-1086
- RESERVED
+CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF
check ...)
+ TODO: check
+CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not
have CSRF ...)
+ TODO: check
+CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does
not have ...)
+ TODO: check
+CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does
not have ...)
+ TODO: check
CVE-2023-1085
RESERVED
CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
@@ -5053,8 +5165,8 @@ CVE-2023-1083
RESERVED
CVE-2023-1082
RESERVED
-CVE-2023-27296
- RESERVED
+CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache
Software Fou ...)
+ TODO: check
CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure
to requi ...)
NOT-FOR-US: OpenCATS
CVE-2023-27294 (Improper neutralization of input during web page generation
allows an ...)
@@ -5187,8 +5299,8 @@ CVE-2023-1071
RESERVED
CVE-2023-1070 (External Control of File Name or Path in GitHub repository
nilsteampas ...)
- teampass <itp> (bug #730180)
-CVE-2023-1069
- RESERVED
+CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium
WordPre ...)
+ TODO: check
CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is
vulnerable ...)
NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress
CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -5272,16 +5384,16 @@ CVE-2023-27247
RESERVED
CVE-2023-27246
RESERVED
-CVE-2023-27245
- RESERVED
+CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management
Project ...)
+ TODO: check
CVE-2023-27244
RESERVED
CVE-2023-27243
RESERVED
CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to
contain a ...)
NOT-FOR-US: SourceCodester Loan Management System
-CVE-2023-27241
- RESERVED
+CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to
contain a c ...)
+ TODO: check
CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command
injection v ...)
NOT-FOR-US: Tenda
CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack
overflow via ...)
@@ -5589,8 +5701,8 @@ CVE-2023-27098
RESERVED
CVE-2023-27097
RESERVED
-CVE-2023-27096
- RESERVED
+CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j
v.1.4.3 ...)
+ TODO: check
CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j
v.1.4.3 ...)
NOT-FOR-US: Hippo4j
CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers
to escala ...)
@@ -5863,10 +5975,10 @@ CVE-2023-26961
RESERVED
CVE-2023-26960
RESERVED
-CVE-2023-26959
- RESERVED
-CVE-2023-26958
- RESERVED
+CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable
to SQL I ...)
+ TODO: check
+CVE-2023-26958 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable
to Cross ...)
+ TODO: check
CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file
delete ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file
read vu ...)
@@ -6865,8 +6977,8 @@ CVE-2023-26513 (Excessive Iteration vulnerability in
Apache Software Foundation
NOT-FOR-US: Apache Sling
CVE-2023-26512
RESERVED
-CVE-2023-1025
- RESERVED
+CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not
sanitise ...)
+ TODO: check
CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to
unauthorized sit ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to
unauthorized plu ...)
@@ -7445,8 +7557,8 @@ CVE-2023-0957 (An issue was discovered in Gitpod versions
prior to release-2022.
NOT-FOR-US: Gitpod
CVE-2023-0956
RESERVED
-CVE-2023-0955
- RESERVED
+CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape
a param ...)
+ TODO: check
CVE-2023-0954
RESERVED
CVE-2023-0953 (Insufficient input sanitization in the documentation feature of
Devolu ...)
@@ -8803,8 +8915,8 @@ CVE-2023-25830
RESERVED
CVE-2023-25829
RESERVED
-CVE-2023-25828
- RESERVED
+CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code
execution (RCE ...)
+ TODO: check
CVE-2023-25827
RESERVED
CVE-2023-25826
@@ -8998,8 +9110,8 @@ CVE-2023-0825
RESERVED
CVE-2023-0824
RESERVED
-CVE-2023-0823
- RESERVED
+CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress
plugin be ...)
+ TODO: check
CVE-2023-25760
RESERVED
CVE-2023-25759
@@ -9204,8 +9316,8 @@ CVE-2023-25728
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728
CVE-2023-24585
RESERVED
-CVE-2023-0816
- RESERVED
+CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several
potentia ...)
+ TODO: check
CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log
Files in m ...)
NOT-FOR-US: OpenNMS
CVE-2023-0814 (The Profile Builder – User Profile & User
Registration Forms ...)
@@ -10979,8 +11091,8 @@ CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before
8.1.16 and 8.2.X before
NOTE:
https://github.com/php/php-src/commit/e45850c195dcd5534394cf357a3f776d4916b655
(improvement)
CVE-2023-0661 (Improper access control in Devolutions Server allows an
authenticated ...)
NOT-FOR-US: Devolutions
-CVE-2023-0660
- RESERVED
+CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not
properly ...)
+ TODO: check
CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has
been clas ...)
NOT-FOR-US: BDCOM
CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions
older t ...)
@@ -11785,8 +11897,8 @@ CVE-2023-0590 (A use-after-free flaw was found in
qdisc_graft in net/sched/sch_a
- linux 6.0.6-1
[bullseye] - linux 5.10.158-1
NOTE:
https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
-CVE-2023-0589
- RESERVED
+CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not
sanitise ...)
+ TODO: check
CVE-2023-0588
RESERVED
CVE-2022-4900
@@ -12743,28 +12855,28 @@ CVE-2023-0507 (Grafana is an open-source platform for
monitoring and observabili
- grafana <removed>
CVE-2023-0506
RESERVED
-CVE-2023-0505
- RESERVED
-CVE-2023-0504
- RESERVED
-CVE-2023-0503
- RESERVED
-CVE-2023-0502
- RESERVED
-CVE-2023-0501
- RESERVED
-CVE-2023-0500
- RESERVED
-CVE-2023-0499
- RESERVED
-CVE-2023-0498
- RESERVED
-CVE-2023-0497
- RESERVED
-CVE-2023-0496
- RESERVED
-CVE-2023-0495
- RESERVED
+CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have
CSRF che ...)
+ TODO: check
+CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF
check ...)
+ TODO: check
+CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin
before 1.2. ...)
+ TODO: check
+CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF
check wh ...)
+ TODO: check
+CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have
CSRF chec ...)
+ TODO: check
+CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have
CSRF ch ...)
+ TODO: check
+CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF
check ...)
+ TODO: check
+CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have
CSRF chec ...)
+ TODO: check
+CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have
CSRF chec ...)
+ TODO: check
+CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF
check wh ...)
+ TODO: check
+CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does
not hav ...)
+ TODO: check
CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
RESERVED
{DSA-5342-1 DLA-3310-1}
@@ -12814,8 +12926,8 @@ CVE-2023-0493 (Improper Neutralization of Equivalent
Special Elements in GitHub
NOT-FOR-US: btcpayserver
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before
1.5.9 d ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0491
- RESERVED
+CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not
validate and e ...)
+ TODO: check
CVE-2023-0490
RESERVED
CVE-2023-0489
@@ -12828,8 +12940,8 @@ CVE-2023-0486
RESERVED
CVE-2023-0485
RESERVED
-CVE-2023-0484
- RESERVED
+CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &
Gutenberg B ...)
+ TODO: check
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the
DataSour ...)
@@ -12935,8 +13047,8 @@ CVE-2023-0468 (A use-after-free flaw was found in
io_uring/poll.c in io_poll_che
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7)
NOTE:
https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7)
-CVE-2023-0467
- RESERVED
+CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not
properly sanit ...)
+ TODO: check
CVE-2023-0466
RESERVED
CVE-2023-0465
@@ -13204,8 +13316,8 @@ CVE-2023-0443
RESERVED
CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0441
- RESERVED
+CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8
has an ...)
+ TODO: check
CVE-2023-0440 (Observable Discrepancy in GitHub repository
healthchecks/healthchecks ...)
NOT-FOR-US: healthchecks
CVE-2023-0439
@@ -13786,8 +13898,8 @@ CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED **
TrendNet Wireless AC Easy-Upgrad
NOT-FOR-US: TrendNet
CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
NOT-FOR-US: TrendNet
-CVE-2023-24094
- RESERVED
+CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5
allows ...)
+ TODO: check
CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows
attackers ...)
NOT-FOR-US: H3C A210-G A210-GV100R005
CVE-2023-24092
@@ -14502,8 +14614,8 @@ CVE-2023-0397 (A malicious / defect bluetooth
controller can cause a Denial of S
NOT-FOR-US: Zephyr
CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer
overread ...)
NOT-FOR-US: Zephyr
-CVE-2023-0395
- RESERVED
+CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not
validate and ...)
+ TODO: check
CVE-2023-0393
RESERVED
CVE-2023-0392
@@ -14976,10 +15088,10 @@ CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected
in GitHub repository liran
NOT-FOR-US: lirantal/daloradius
CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository
lirantal/d ...)
NOT-FOR-US: lirantal/daloradius
-CVE-2023-0336
- RESERVED
-CVE-2023-0335
- RESERVED
+CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin through
2.1.3 has ...)
+ TODO: check
+CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and
broken acces ...)
+ TODO: check
CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does
not valid ...)
@@ -15542,8 +15654,8 @@ CVE-2023-0274
RESERVED
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0272
- RESERVED
+CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate
and esca ...)
+ TODO: check
CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not
validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26
does no ...)
@@ -18130,8 +18242,8 @@ CVE-2023-22709
RESERVED
CVE-2023-22708
RESERVED
-CVE-2023-22707
- RESERVED
+CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in
Wpsoul Gre ...)
+ TODO: check
CVE-2023-22706
RESERVED
CVE-2023-22705
@@ -20500,10 +20612,10 @@ CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A
vulnerability was found in des
NOT-FOR-US: destiny.gg chat
CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x.
It has ...)
NOT-FOR-US: text_helpers gem
-CVE-2022-47925
- RESERVED
-CVE-2022-47924
- RESERVED
+CVE-2022-47925 (The validate JSON endpoint of the Secvisogram
csaf-validator-service i ...)
+ TODO: check
+CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the
validate ...)
+ TODO: check
CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
@@ -23997,8 +24109,8 @@ CVE-2022-47148 (Cross-Site Request Forgery (CSRF)
vulnerability in WP Overnight
NOT-FOR-US: WordPress plugin
CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1
Technologies ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47146
- RESERVED
+CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Contempo ...)
+ TODO: check
CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in
Blockonomics Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47144
@@ -24822,8 +24934,8 @@ CVE-2022-46845
RESERVED
CVE-2022-46844
RESERVED
-CVE-2022-46843
- RESERVED
+CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Le Van T ...)
+ TODO: check
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help
Desk plugin ...)
NOT-FOR-US: Wordpress plugin
CVE-2022-46841
@@ -43277,8 +43389,7 @@ CVE-2022-41356
RESERVED
CVE-2022-41355 (Online Leave Management System v1.0 was discovered to contain
a SQL in ...)
NOT-FOR-US: Online Leave Management System
-CVE-2022-41354
- RESERVED
+CVE-2022-41354 (An access control issue in Argo CD v2.4.12 and below allows
unauthenti ...)
NOT-FOR-US: ArgoCD
CVE-2022-41353
RESERVED
@@ -60787,8 +60898,8 @@ CVE-2022-32587 (Cross-Site Request Forgery (CSRF)
vulnerability in CodeAndMore W
NOT-FOR-US: WordPress plugin
CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL
Injection ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30705
- RESERVED
+CVE-2022-30705 (Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha
WordPres ...)
+ TODO: check
CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos
Popup Build ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri
Security plu ...)
@@ -77065,6 +77176,7 @@ CVE-2022-29164 (Argo Workflows is an open source
container-native workflow engin
CVE-2022-29163 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-29162 (runc is a CLI tool for spawning and running containers on
Linux accord ...)
+ {DLA-3369-1}
- runc 1.1.3+ds1-1
[bullseye] - runc 1.0.0~rc93+ds1-5+deb11u2
[stretch] - runc <not-affected> (Vulnerable code not present)
@@ -145048,6 +145160,7 @@ CVE-2021-30467
CVE-2021-30466
RESERVED
CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout
via Dire ...)
+ {DLA-3369-1}
- runc 1.0.0~rc93+ds1-5 (bug #988768)
[stretch] - runc <no-dsa> (Intrusive to backport fix)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
@@ -243674,6 +243787,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux
kernel before 5.3.9, when cpu.c
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to
Escalation ...)
+ {DLA-3369-1}
- runc <unfixed> (bug #1033520)
NOTE: https://github.com/opencontainers/runc/issues/3751
NOTE:
https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
@@ -243682,6 +243796,7 @@ CVE-2023-27561 (runc through 1.1.4 has Incorrect
Access Control leading to Escal
NOTE: Pull Request: https://github.com/opencontainers/runc/pull/3773
NOTE: Fixed by:
https://github.com/opencontainers/runc/commit/0abab45c9b97c113ff2cdc16f3a7388444c3fbec
(release-1.1 branch)
CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to
Escalat ...)
+ {DLA-3369-1}
- runc 1.0.0~rc10+dfsg1-1
[stretch] - runc <no-dsa> (Minor issue)
NOTE: https://github.com/opencontainers/runc/issues/2197
@@ -260356,7 +260471,7 @@ CVE-2019-16886
CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can
achieve remo ...)
NOT-FOR-US: OkayCMS
CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce
and other ...)
- {DLA-3322-1}
+ {DLA-3369-1 DLA-3322-1}
- runc 1.0.0~rc9+dfsg1-1 (bug #942026)
[stretch] - runc <no-dsa> (Minor issue)
- golang-github-opencontainers-selinux 1.3.0-2 (bug #942027)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1909164868a343d35e89414e340f4a5d76a96d5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1909164868a343d35e89414e340f4a5d76a96d5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
