Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01c1aa1f by security tracker role at 2023-05-08T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to
3.11.3.)
+ TODO: check
+CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS
which can ...)
+ TODO: check
+CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
+ TODO: check
+CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
+ TODO: check
+CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are
affect ...)
+ TODO: check
CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository
openemr/opene ...)
NOT-FOR-US: OpenEMR
CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8
(Websocket API ...)
@@ -41,7 +51,7 @@ CVE-2023-32269 (An issue was discovered in the Linux kernel
before 6.1.11. In ne
NOTE:
https://git.kernel.org/linus/611792920925fb088ddccbe2783c7f92fdfb6b64 (6.2-rc7)
CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary
files wi ...)
NOT-FOR-US: Ghost CMS
-CVE-2023-32233 [netfilter: nf_tables: deactivate anonymous set from
preparation phase]
+CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in
Netfilter nf_ta ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4
NOTE:
https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
@@ -756,16 +766,16 @@ CVE-2023-31129
RESERVED
CVE-2023-31128
RESERVED
-CVE-2023-31127
- RESERVED
+CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM
specific ...)
+ TODO: check
CVE-2023-31126
RESERVED
CVE-2023-31125
RESERVED
CVE-2023-31124
RESERVED
-CVE-2023-31123
- RESERVED
+CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal
platform ...)
+ TODO: check
CVE-2023-30768
RESERVED
CVE-2023-30763
@@ -869,7 +879,7 @@ CVE-2023-2253
RESERVED
CVE-2023-2252
RESERVED
-CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to
2.0.0-4.)
+CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to
2.0.0-5.)
- node-yaml 2.1.3-2 (bug #1035580)
[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c
@@ -880,7 +890,8 @@ CVE-2023-2250 (A flaw was found in the Open Cluster
Management (OCM) when a user
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2023-2249
RESERVED
-CVE-2023-2248 (A heap out-of-bounds read/write vulnerability in the Linux
Kernel traf ...)
+CVE-2023-2248
+ REJECTED
- linux <unfixed>
[buster] - linux 4.19.282-1
NOTE:
https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3)
@@ -1032,10 +1043,10 @@ CVE-2023-31040
RESERVED
CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza
Ordering ...)
NOT-FOR-US: SourceCodester
-CVE-2023-31039
- RESERVED
-CVE-2023-31038
- RESERVED
+CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms
allows at ...)
+ TODO: check
+CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send
log mess ...)
+ TODO: check
CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been
declared as ...)
NOT-FOR-US: hansunCMS
CVE-2023-2244 (A vulnerability was found in SourceCodester Online Eyewear Shop
1.0. I ...)
@@ -1579,8 +1590,8 @@ CVE-2023-30861 (Flask is a lightweight WSGI web
application framework. When all
NOTE:
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq
NOTE:
https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d
(2.2.5)
NOTE:
https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d
(2.3.2)
-CVE-2023-30860
- RESERVED
+CVE-2023-30860 (WWBN AVideo is an open source video platform. In AVideo prior
to versi ...)
+ TODO: check
CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that
helps you ...)
NOT-FOR-US: Triton Minecraft plugin
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs.
Starting in ...)
@@ -1589,8 +1600,8 @@ CVE-2023-30857 (@aedart/support is the support package
for Ion, a monorepo for J
NOT-FOR-US: support package for Ion
CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8
and pri ...)
NOT-FOR-US: eDEX-UI
-CVE-2023-30855
- RESERVED
+CVE-2023-30855 (Pimcore is an open source data and experience management
platform. Ver ...)
+ TODO: check
CVE-2023-30854 (AVideo is an open source video platform. Prior to version
12.4, an OS ...)
NOT-FOR-US: AVideo
CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in
their Gi ...)
@@ -1616,22 +1627,22 @@ CVE-2023-30846 (typed-rest-client is a library for Node
Rest and Http Clients wi
NOT-FOR-US: typed-rest-client
CVE-2023-30845 (ESPv2 is a service proxy that provides API management
capabilities usi ...)
NOT-FOR-US: ESPv2
-CVE-2023-30844
- RESERVED
+CVE-2023-30844 (Mutagen provides real-time file synchronization and flexible
network f ...)
+ TODO: check
CVE-2023-30843 (Payload is a free and open source headless content management
system. ...)
NOT-FOR-US: Payload
CVE-2023-30842
REJECTED
CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning
integration ...)
NOT-FOR-US: Baremetal Operator (BMO)
-CVE-2023-30840
- RESERVED
+CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset
orchestr ...)
+ TODO: check
CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application.
Versions prio ...)
NOT-FOR-US: PrestaShop
CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
NOT-FOR-US: PrestaShop
-CVE-2023-30837
- RESERVED
+CVE-2023-30837 (Vyper is a pythonic smart contract language for the EVM. The
storage a ...)
+ TODO: check
CVE-2023-30836
RESERVED
CVE-2023-30835
@@ -1838,14 +1849,14 @@ CVE-2023-30792 (Anchor tag hrefs in Lexical prior to
v0.10.0 would render javasc
NOT-FOR-US: Facebook lexical text editor
CVE-2023-30791
RESERVED
-CVE-2023-30790
- RESERVED
-CVE-2023-30789
- RESERVED
-CVE-2023-30788
- RESERVED
-CVE-2023-30787
- RESERVED
+CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
+CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
+CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
+CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
CVE-2023-30786
RESERVED
CVE-2023-30785
@@ -1902,8 +1913,8 @@ CVE-2023-2116
RESERVED
CVE-2023-2115
RESERVED
-CVE-2023-2114
- RESERVED
+CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly
escape the ...)
+ TODO: check
CVE-2023-2113
RESERVED
CVE-2023-2112 (Desktop component service allows lateral movement between
sessions in ...)
@@ -2693,8 +2704,8 @@ CVE-2023-30553 (Archery is an open source SQL audit
platform. The Archery projec
NOT-FOR-US: Archery
CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery
project cont ...)
NOT-FOR-US: Archery
-CVE-2023-30551
- RESERVED
+CVE-2023-30551 (Rekor is an open source software supply chain transparency
log. Rekor ...)
+ TODO: check
CVE-2023-30550 (MeterSphere is an open source continuous testing platform,
covering fu ...)
NOT-FOR-US: MeterSphere
CVE-2023-30549 (Apptainer is an open source container platform for Linux.
There is an ...)
@@ -2985,8 +2996,8 @@ CVE-2023-1981 [avahi-daemon can be crashed via DBus]
NOTE:
https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f
CVE-2023-1980 (Two factor authentication bypass on login in Devolutions
Remote Des ...)
NOT-FOR-US: Devolutions
-CVE-2023-1979
- RESERVED
+CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress
built-in f ...)
+ TODO: check
CVE-2023-1978
RESERVED
CVE-2023-1977
@@ -3807,8 +3818,8 @@ CVE-2023-30094 (A stored cross-site scripting (XSS)
vulnerability in TotalJS Flo
NOT-FOR-US: TotalJS
CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking
Foundation O ...)
NOT-FOR-US: Open Network Operating System (ONOS)
-CVE-2023-30092
- RESERVED
+CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable
to SQL ...)
+ TODO: check
CVE-2023-30091
RESERVED
CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file
uplaod vu ...)
@@ -3953,8 +3964,8 @@ CVE-2023-30021
RESERVED
CVE-2023-30020
RESERVED
-CVE-2023-30019
- RESERVED
+CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery
(SSRF) ...)
+ TODO: check
CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection.
via /ph ...)
NOT-FOR-US: Judging Management System
CVE-2023-30017
@@ -4637,14 +4648,14 @@ CVE-2023-29698
RESERVED
CVE-2023-29697
RESERVED
-CVE-2023-29696
- RESERVED
+CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a
stack over ...)
+ TODO: check
CVE-2023-29695
RESERVED
CVE-2023-29694
RESERVED
-CVE-2023-29693
- RESERVED
+CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a
stack over ...)
+ TODO: check
CVE-2023-29692
RESERVED
CVE-2023-29691
@@ -5455,8 +5466,8 @@ CVE-2023-1906 (A heap-based buffer overflow issue was
discovered in ImageMagick'
[buster] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
(ImageMagick 6.9.12-84)
-CVE-2023-1905
- RESERVED
+CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly
escape ...)
+ TODO: check
CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to
1.10.5. ...)
NOT-FOR-US: WordPress plugin
CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to
2.6. It h ...)
@@ -6021,8 +6032,8 @@ CVE-2023-29249
RESERVED
CVE-2023-29248
RESERVED
-CVE-2023-29247
- RESERVED
+CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored
XSS.Thi ...)
+ TODO: check
CVE-2023-29246
RESERVED
CVE-2023-29239
@@ -6290,8 +6301,8 @@ CVE-2023-29170 (Auth. (admin+) Stored Cross-site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-1807
RESERVED
-CVE-2023-1806
- RESERVED
+CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does
not san ...)
+ TODO: check
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
@@ -7213,8 +7224,8 @@ CVE-2023-1662
RESERVED
CVE-2023-1661
RESERVED
-CVE-2023-1660
- RESERVED
+CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have
authorisati ...)
+ TODO: check
CVE-2023-1659
REJECTED
CVE-2023-1658
@@ -7240,12 +7251,12 @@ CVE-2023-1652 (A use-after-free flaw was found in
nfsd4_ssc_setup_dul in fs/nfsd
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5)
-CVE-2023-1651
- RESERVED
-CVE-2023-1650
- RESERVED
-CVE-2023-1649
- RESERVED
+CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have
authorisati ...)
+ TODO: check
+CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user
input f ...)
+ TODO: check
+CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise
and esc ...)
+ TODO: check
CVE-2023-1648
REJECTED
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572,
2022.1.15583 refle ...)
@@ -8565,8 +8576,8 @@ CVE-2023-28495
RESERVED
CVE-2023-28494
RESERVED
-CVE-2023-28493
- RESERVED
+CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2023-28492
RESERVED
CVE-2023-28491
@@ -9130,8 +9141,8 @@ CVE-2023-28344
RESERVED
CVE-2023-28343 (OS command injection affects Altenergy Power Control Software
C1.2.5 v ...)
NOT-FOR-US: Altenergy Power Control Software
-CVE-2023-1408
- RESERVED
+CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not
properly ...)
+ TODO: check
CVE-2023-1407 (A vulnerability classified as critical was found in
SourceCodester Stu ...)
NOT-FOR-US: SourceCodester
CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded
files ...)
@@ -9636,10 +9647,10 @@ CVE-2023-28203
RESERVED
CVE-2023-28202
RESERVED
-CVE-2023-28201
- RESERVED
-CVE-2023-28200
- RESERVED
+CVE-2023-28201 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2023-28200 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
CVE-2023-28199
RESERVED
CVE-2023-28198
@@ -9650,18 +9661,18 @@ CVE-2023-28196
RESERVED
CVE-2023-28195
RESERVED
-CVE-2023-28194
- RESERVED
+CVE-2023-28194 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
CVE-2023-28193
RESERVED
-CVE-2023-28192
- RESERVED
+CVE-2023-28192 (A permissions issue was addressed with improved validation.
This issue ...)
+ TODO: check
CVE-2023-28191
RESERVED
-CVE-2023-28190
- RESERVED
-CVE-2023-28189
- RESERVED
+CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a
more secur ...)
+ TODO: check
+CVE-2023-28189 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
CVE-2023-28188
RESERVED
CVE-2023-28187
@@ -9674,16 +9685,16 @@ CVE-2023-28184
RESERVED
CVE-2023-28183
RESERVED
-CVE-2023-28182
- RESERVED
-CVE-2023-28181
- RESERVED
-CVE-2023-28180
- RESERVED
+CVE-2023-28182 (The issue was addressed with improved authentication. This
issue is fi ...)
+ TODO: check
+CVE-2023-28181 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-28180 (A denial-of-service issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2023-28179
RESERVED
-CVE-2023-28178
- RESERVED
+CVE-2023-28178 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
CVE-2023-28177
RESERVED
- firefox 111.0-1
@@ -9709,8 +9720,8 @@ CVE-2023-28171
RESERVED
CVE-2023-28170
RESERVED
-CVE-2023-28169
- RESERVED
+CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Core ...)
+ TODO: check
CVE-2023-28168
RESERVED
CVE-2023-28167
@@ -9995,8 +10006,8 @@ CVE-2023-28120
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
CVE-2023-1348
RESERVED
-CVE-2023-1347
- RESERVED
+CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6
unserialize ...)
+ TODO: check
CVE-2023-28119 (The crewjam/saml go library contains a partial implementation
of the S ...)
- golang-github-crewjam-saml <unfixed> (bug #1033753)
NOTE:
https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021
(v0.4.13)
@@ -10463,100 +10474,98 @@ CVE-2014-125093 (A vulnerability has been found in
Ad Blocking Detector Plugin u
NOT-FOR-US: Ad Blocking Detector Plugin
CVE-2013-10020 (A vulnerability, which was classified as problematic, was
found in MMD ...)
NOT-FOR-US: MMDeveloper
-CVE-2023-27970
- RESERVED
-CVE-2023-27969
- RESERVED
-CVE-2023-27968
- RESERVED
-CVE-2023-27967
- RESERVED
-CVE-2023-27966
- RESERVED
-CVE-2023-27965
- RESERVED
+CVE-2023-27970 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2023-27969 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-27968 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
+CVE-2023-27967 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27966 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-27965 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2023-27964
RESERVED
-CVE-2023-27963
- RESERVED
-CVE-2023-27962
- RESERVED
-CVE-2023-27961
- RESERVED
-CVE-2023-27960
- RESERVED
-CVE-2023-27959
- RESERVED
-CVE-2023-27958
- RESERVED
-CVE-2023-27957
- RESERVED
-CVE-2023-27956
- RESERVED
-CVE-2023-27955
- RESERVED
-CVE-2023-27954
- RESERVED
+CVE-2023-27963 (The issue was addressed with additional permissions checks.
This issue ...)
+ TODO: check
+CVE-2023-27962 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-27961 (Multiple validation issues were addressed with improved input
sanitiza ...)
+ TODO: check
+CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2023-27959 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27958 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27957 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
+CVE-2023-27956 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27955 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-27954 (The issue was addressed by removing origin information. This
issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
-CVE-2023-27953
- RESERVED
-CVE-2023-27952
- RESERVED
-CVE-2023-27951
- RESERVED
+CVE-2023-27953 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27952 (A race condition was addressed with improved locking. This
issue is fi ...)
+ TODO: check
+CVE-2023-27951 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
CVE-2023-27950
RESERVED
-CVE-2023-27949
- RESERVED
+CVE-2023-27949 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2023-27948
RESERVED
CVE-2023-27947
RESERVED
-CVE-2023-27946
- RESERVED
-CVE-2023-27945
- RESERVED
-CVE-2023-27944
- RESERVED
-CVE-2023-27943
- RESERVED
-CVE-2023-27942
- RESERVED
-CVE-2023-27941
- RESERVED
+CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2023-27945 (This issue was addressed with improved entitlements. This
issue is fix ...)
+ TODO: check
+CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is
fixed i ...)
+ TODO: check
+CVE-2023-27943 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2023-27942 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-27941 (A validation issue was addressed with improved input
sanitization. Thi ...)
+ TODO: check
CVE-2023-27940
RESERVED
CVE-2023-27939
RESERVED
-CVE-2023-27938
- RESERVED
-CVE-2023-27937
- RESERVED
-CVE-2023-27936
- RESERVED
-CVE-2023-27935
- RESERVED
-CVE-2023-27934
- RESERVED
-CVE-2023-27933
- RESERVED
-CVE-2023-27932
- RESERVED
+CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2023-27937 (An integer overflow was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2023-27935 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-27934 (A memory initialization issue was addressed. This issue is
fixed in ma ...)
+ TODO: check
+CVE-2023-27933 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-27932 (This issue was addressed with improved state management. This
issue is ...)
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
-CVE-2023-27931
- RESERVED
+CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
CVE-2023-27930
RESERVED
-CVE-2023-27929
- RESERVED
-CVE-2023-27928
- RESERVED
+CVE-2023-27929 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2023-27928 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
CVE-2023-1276 (A vulnerability, which was classified as critical, has been
found in S ...)
NOT-FOR-US: SUL1SS_shop
CVE-2023-1275 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -12477,8 +12486,8 @@ CVE-2023-1095 (In nf_tables_updtable, if
nf_tables_table_enable returns an error
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE:
https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1)
-CVE-2023-1094
- RESERVED
+CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2,
OAuth Si ...)
@@ -14289,8 +14298,8 @@ CVE-2023-26544 (In the Linux kernel 6.0.8, there is a
use-after-free in run_unpa
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2023/2/20/128
NOTE: NTFS3 driver not enabled in Debian.
-CVE-2023-1031
- RESERVED
+CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
+ TODO: check
CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat
Reservati ...)
NOT-FOR-US: SourceCodester Online BoatReservation System
CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to
Cross-Site Reque ...)
@@ -14401,8 +14410,8 @@ CVE-2023-1013 (Improper Neutralization of
Script-Related HTML Tags in a Web Page
NOT-FOR-US: Virames Vira-Investing
CVE-2023-1012
RESERVED
-CVE-2023-1011
- RESERVED
+CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape
most of i ...)
+ TODO: check
CVE-2023-1010 (A vulnerability classified as critical was found in vox2png
1.0. Affec ...)
NOT-FOR-US: vox2png
CVE-2023-1009 (A vulnerability classified as problematic has been found in
DrayTek Vi ...)
@@ -14983,8 +14992,8 @@ CVE-2023-0950
RESERVED
CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository
modoboa/mo ...)
NOT-FOR-US: Modoboa
-CVE-2023-0948
- RESERVED
+CVE-2023-0948 (The Japanized For WooCommerce WordPress plugin before 2.5.8
does not e ...)
+ TODO: check
CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker
to achie ...)
NOT-FOR-US: ThingsBoard
CVE-2021-4326 (A vulnerability in Imperative framework which allows
already-privilege ...)
@@ -15987,8 +15996,8 @@ CVE-2023-0896 (A default password was reported in
Lenovo Smart Clock Essential w
NOT-FOR-US: Lenovo
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0894
- RESERVED
+CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin
through 1.0 ...)
+ TODO: check
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0892
@@ -16593,8 +16602,8 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository
gpac/gpac prior to v2.3.0-D
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3
NOTE:
https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7
-CVE-2023-25754
- RESERVED
+CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache
Software Fou ...)
+ TODO: check
CVE-2023-25753
RESERVED
CVE-2023-25752
@@ -17157,8 +17166,8 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub
repository gpac/gpac prior
NOTE:
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
CVE-2023-0769
RESERVED
-CVE-2023-0768
- RESERVED
+CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin
through 5.0. ...)
+ TODO: check
CVE-2023-25641
RESERVED
CVE-2023-25640
@@ -17797,8 +17806,8 @@ CVE-2023-25454
RESERVED
CVE-2023-25453
RESERVED
-CVE-2023-25452
- RESERVED
+CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mich ...)
+ TODO: check
CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPCh ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25450
@@ -18742,8 +18751,8 @@ CVE-2023-25054
RESERVED
CVE-2023-25053
RESERVED
-CVE-2023-25052
- RESERVED
+CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tepl ...)
+ TODO: check
CVE-2023-25051
RESERVED
CVE-2023-25050
@@ -18804,8 +18813,8 @@ CVE-2023-25023 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25022 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25021
- RESERVED
+CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Fare ...)
+ TODO: check
CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Kiboko Labs ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25019
@@ -19289,8 +19298,8 @@ CVE-2023-0605 (The Auto Rename Media On Upload
WordPress plugin before 1.1.0 doe
NOT-FOR-US: WordPress plugin
CVE-2023-0604
RESERVED
-CVE-2023-0603
- RESERVED
+CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does
not have ...)
+ TODO: check
CVE-2023-0602
RESERVED
CVE-2023-0601
@@ -20093,12 +20102,12 @@ CVE-2023-0546 (The Contact Form Plugin WordPress
plugin before 4.3.25 does not p
NOT-FOR-US: WordPress plugin
CVE-2023-0545
RESERVED
-CVE-2023-0544
- RESERVED
+CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not
sanitise and ...)
+ TODO: check
CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin
before 2.1.7 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0542
- RESERVED
+CVE-2023-0542 (The Custom Post Type List Shortcode WordPress plugin through
1.4.4 doe ...)
+ TODO: check
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does
not val ...)
@@ -20107,10 +20116,10 @@ CVE-2023-0539 (The GS Insever Portfolio WordPress
plugin before 1.4.5 does not v
NOT-FOR-US: WordPress plugin
CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not
valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0537
- RESERVED
-CVE-2023-0536
- RESERVED
+CVE-2023-0537 (The Product Slider For WooCommerce Lite WordPress plugin
through 1.1.7 ...)
+ TODO: check
+CVE-2023-0536 (The Wp-D3 WordPress plugin through 2.4.1 does not validate and
escape ...)
+ TODO: check
CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -20129,8 +20138,8 @@ CVE-2023-0528 (A vulnerability was found in
SourceCodester Online Tours & Travel
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards
Hiring ...)
NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
-CVE-2023-0526
- RESERVED
+CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not
validate an ...)
+ TODO: check
CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in
Django 3.2 ...)
{DLA-3329-1}
- python-django 3:3.2.18-1 (bug #1031290)
@@ -20168,8 +20177,8 @@ CVE-2023-0524 (As part of our Security Development
Lifecycle, a potential privil
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2023-0522
- RESERVED
+CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin
through 1 ...)
+ TODO: check
CVE-2023-0521
RESERVED
CVE-2023-0520
@@ -20257,8 +20266,8 @@ CVE-2023-0516 (A vulnerability was found in
SourceCodester Online Tours & Travel
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours &
Travels Man ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
-CVE-2023-0514
- RESERVED
+CVE-2023-0514 (The Membership Database WordPress plugin through 1.0 does not
sanitise ...)
+ TODO: check
CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to
4.0.1 a ...)
NOT-FOR-US: isoftforce Dreamer CMS
CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.)
@@ -20803,8 +20812,8 @@ CVE-2023-24410
RESERVED
CVE-2023-24409
RESERVED
-CVE-2023-24408
- RESERVED
+CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-24407
RESERVED
CVE-2023-24406
@@ -21872,8 +21881,8 @@ CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress
plugin before 1.6 does n
NOT-FOR-US: WordPress plugin
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not
properly s ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0421
- RESERVED
+CVE-2023-0421 (The Cloud Manager WordPress plugin through 1.0 does not
sanitise and e ...)
+ TODO: check
CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1
does not ...)
@@ -22802,8 +22811,8 @@ CVE-2023-23670 (Auth. (contributor+) Cross-Site
Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-23669
RESERVED
-CVE-2023-23668
- RESERVED
+CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23667
RESERVED
CVE-2023-23666
@@ -23257,8 +23266,8 @@ CVE-2023-0282 (The YourChannel WordPress plugin before
1.2.2 does not sanitize a
NOT-FOR-US: WordPress plugin
CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight
Booking Mana ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
-CVE-2023-0280
- RESERVED
+CVE-2023-0280 (The Ultimate Carousel For Elementor WordPress plugin through
2.1.7 doe ...)
+ TODO: check
CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not
properly sani ...)
@@ -23281,10 +23290,10 @@ CVE-2023-0270 (The YaMaps for WordPress Plugin
WordPress plugin before 0.6.26 do
NOT-FOR-US: WordPress plugin
CVE-2023-0269
REJECTED
-CVE-2023-0268
- RESERVED
-CVE-2023-0267
- RESERVED
+CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin
before 4.3. ...)
+ TODO: check
+CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress
plugin throu ...)
+ TODO: check
CVE-2022-4888
RESERVED
CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
@@ -23332,30 +23341,30 @@ CVE-2023-23552 (On versions 17.0.x before 17.0.0.2,
16.1.x before 16.1.3.3, 15.1
NOT-FOR-US: F5 BIG-IP
CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are
vulnerable to co ...)
NOT-FOR-US: Control By Web X-600M devices
-CVE-2023-23543
- RESERVED
-CVE-2023-23542
- RESERVED
-CVE-2023-23541
- RESERVED
-CVE-2023-23540
- RESERVED
+CVE-2023-23543 (The issue was addressed with additional restrictions on the
observabil ...)
+ TODO: check
+CVE-2023-23542 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-23541 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-23540 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2023-23539
RESERVED
-CVE-2023-23538
- RESERVED
-CVE-2023-23537
- RESERVED
-CVE-2023-23536
- RESERVED
-CVE-2023-23535
- RESERVED
-CVE-2023-23534
- RESERVED
-CVE-2023-23533
- RESERVED
-CVE-2023-23532
- RESERVED
+CVE-2023-23538 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-23537 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-23536 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-23535 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-23534 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-23533 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-23532 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2023-23531 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-23530 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -23365,18 +23374,18 @@ CVE-2023-23529 (A type confusion issue was addressed
with improved checks. This
- webkit2gtk 2.38.5-1
- wpewebkit 2.38.5-1
NOTE: https://webkitgtk.org/security/WSA-2023-0002.html
-CVE-2023-23528
- RESERVED
-CVE-2023-23527
- RESERVED
-CVE-2023-23526
- RESERVED
-CVE-2023-23525
- RESERVED
+CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2023-23527 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on
files downl ...)
+ TODO: check
+CVE-2023-23525 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2023-23524 (A denial-of-service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2023-23523
- RESERVED
+CVE-2023-23523 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2023-23522 (A privacy issue was addressed with improved handling of
temporary file ...)
NOT-FOR-US: Apple
CVE-2023-23521
@@ -23439,8 +23448,8 @@ CVE-2023-23496 (The issue was addressed with improved
checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-23495
RESERVED
-CVE-2023-23494
- RESERVED
+CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ TODO: check
CVE-2023-23493 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before
15.1.8.1, 14. ...)
@@ -25890,32 +25899,32 @@ CVE-2023-22792 (A regular expression based DoS
vulnerability in Action Dispatch
- rails 2:6.1.7.3+dfsg-1 (bug #1030050)
NOTE:
https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115
NOTE:
https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f
(6-1-stable)
-CVE-2023-22791
- RESERVED
-CVE-2023-22790
- RESERVED
-CVE-2023-22789
- RESERVED
-CVE-2023-22788
- RESERVED
-CVE-2023-22787
- RESERVED
-CVE-2023-22786
- RESERVED
-CVE-2023-22785
- RESERVED
-CVE-2023-22784
- RESERVED
-CVE-2023-22783
- RESERVED
-CVE-2023-22782
- RESERVED
-CVE-2023-22781
- RESERVED
-CVE-2023-22780
- RESERVED
-CVE-2023-22779
- RESERVED
+CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where
an edge- ...)
+ TODO: check
+CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
+ TODO: check
+CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
+ TODO: check
+CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist
in the A ...)
+ TODO: check
+CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability
exists in a s ...)
+ TODO: check
+CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
+CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
+ TODO: check
CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could
allow an ...)
NOT-FOR-US: Aruba
CVE-2023-22777 (An authenticated information disclosure vulnerability exists
in the Ar ...)
@@ -31035,12 +31044,12 @@ CVE-2022-47441
RESERVED
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47439
- RESERVED
+CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Rocket A ...)
+ TODO: check
CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in WpD ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47437
- RESERVED
+CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bran ...)
+ TODO: check
CVE-2022-47436
RESERVED
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Oliv ...)
@@ -32980,8 +32989,8 @@ CVE-2022-46801
RESERVED
CVE-2022-46800
RESERVED
-CVE-2022-46799
- RESERVED
+CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
+ TODO: check
CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes
ShopLento ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios
All-in-o ...)
@@ -33307,9 +33316,9 @@ CVE-2022-46741 (Out-of-bounds read in gather_tree in
PaddlePaddle before 2.4.)
CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module
of the ...)
NOT-FOR-US: Huawei
CVE-2022-46728
- RESERVED
+ REJECTED
CVE-2022-46727
- RESERVED
+ REJECTED
CVE-2022-46726
RESERVED
CVE-2022-46725
@@ -33322,10 +33331,10 @@ CVE-2022-46722
RESERVED
CVE-2022-46721
RESERVED
-CVE-2022-46720
- RESERVED
+CVE-2022-46720 (An integer overflow was addressed with improved input
validation. This ...)
+ TODO: check
CVE-2022-46719
- RESERVED
+ REJECTED
CVE-2022-46718
RESERVED
CVE-2022-46717 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -33347,9 +33356,9 @@ CVE-2022-46710
CVE-2022-46709 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2022-46708
- RESERVED
+ REJECTED
CVE-2022-46707
- RESERVED
+ REJECTED
CVE-2022-46706
RESERVED
CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
@@ -36004,8 +36013,8 @@ CVE-2022-45814 (Stored Cross-Site Scripting (XSS)
vulnerability in Fabian von Al
NOT-FOR-US: WordPress plugin
CVE-2022-45813
RESERVED
-CVE-2022-45812
- RESERVED
+CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
+ TODO: check
CVE-2022-45811
RESERVED
CVE-2022-45810
@@ -36109,8 +36118,8 @@ CVE-2022-4120 (The Stop Spammers Security | Block Spam
Users, Comments, Forms Wo
NOT-FOR-US: WordPress plugin
CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before
6.8.1 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4118
- RESERVED
+CVE-2022-4118 (The Bitcoin / AltCoin Payment Gateway for WooCommerce &
Multivendor st ...)
+ TODO: check
CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a
parame ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
@@ -38344,8 +38353,8 @@ CVE-2022-45067 (Cross-Site Request Forgery (CSRF)
vulnerability inDevsCred Exclu
NOT-FOR-US: WordPress plugin
CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in
WooSwipe Wo ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45065
- RESERVED
+CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Squirrly ...)
+ TODO: check
CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the
RequestDisp ...)
NOT-FOR-US: Apache Sling
CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise
and es ...)
@@ -47368,7 +47377,7 @@ CVE-2022-42859 (Multiple issues were addressed by
removing the vulnerable code.
CVE-2022-42858 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2022-42857
- RESERVED
+ REJECTED
CVE-2022-42856 (A type confusion issue was addressed with improved state
handling. Thi ...)
{DSA-5309-1 DSA-5308-1 DLA-3274-1}
- webkit2gtk 2.38.3-1
@@ -47418,7 +47427,7 @@ CVE-2022-42837 (An issue existed in the parsing of
URLs. This issue was addresse
CVE-2022-42836
RESERVED
CVE-2022-42835
- RESERVED
+ REJECTED
CVE-2022-42834
RESERVED
CVE-2022-42833 (An out-of-bounds read was addressed with improved input
validation. Th ...)
@@ -47453,7 +47462,7 @@ CVE-2022-42823 (A type confusion issue was addressed
with improved memory handli
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
CVE-2022-42822
- RESERVED
+ REJECTED
CVE-2022-42821 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2022-42820 (A memory corruption issue was addressed with improved state
management ...)
@@ -47489,11 +47498,11 @@ CVE-2022-42806 (A race condition was addressed with
improved locking. This issue
CVE-2022-42805 (An integer overflow was addressed with improved input
validation. This ...)
NOT-FOR-US: Apple
CVE-2022-42804
- RESERVED
+ REJECTED
CVE-2022-42803 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-42802
- RESERVED
+ REJECTED
CVE-2022-42801 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2022-42800 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -47512,7 +47521,7 @@ CVE-2022-42796 (This issue was addressed by removing
the vulnerable code. This i
CVE-2022-42795 (A memory consumption issue was addressed with improved memory
handling ...)
NOT-FOR-US: Apple
CVE-2022-42794
- RESERVED
+ REJECTED
CVE-2022-42793 (An issue in code signature validation was addressed with
improved chec ...)
NOT-FOR-US: Apple
CVE-2022-42792
@@ -74097,7 +74106,7 @@ CVE-2022-32932 (The issue was addressed with improved
memory handling. This issu
CVE-2022-32931
RESERVED
CVE-2022-32930
- RESERVED
+ REJECTED
CVE-2022-32929 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2022-32928 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -74118,7 +74127,7 @@ CVE-2022-32923 (A correctness issue in the JIT was
addressed with improved check
CVE-2022-32922 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2022-32921
- RESERVED
+ REJECTED
CVE-2022-32920
RESERVED
CVE-2022-32919
@@ -74160,7 +74169,7 @@ CVE-2022-32903 (A use after free issue was addressed
with improved memory manage
CVE-2022-32902 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32901
- RESERVED
+ REJECTED
CVE-2022-32900 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32899 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -74204,13 +74213,13 @@ CVE-2022-32886 (A buffer overflow issue was addressed
with improved memory handl
- wpewebkit 2.38.0-1
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32885
- RESERVED
+ REJECTED
{DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
CVE-2022-32884
- RESERVED
+ REJECTED
CVE-2022-32883 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2022-32882 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -74222,7 +74231,7 @@ CVE-2022-32880 (This issue was addressed by enabling
hardened runtime. This issu
CVE-2022-32879 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32878
- RESERVED
+ REJECTED
CVE-2022-32877 (A configuration issue was addressed with additional
restrictions. This ...)
NOT-FOR-US: Apple
CVE-2022-32876
@@ -74230,9 +74239,9 @@ CVE-2022-32876
CVE-2022-32875 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32874
- RESERVED
+ REJECTED
CVE-2022-32873
- RESERVED
+ REJECTED
CVE-2022-32872 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2022-32871 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -74266,7 +74275,7 @@ CVE-2022-32858 (The issue was addressed with improved
memory handling. This issu
CVE-2022-32857 (This issue was addressed by using HTTPS when sending
information over ...)
NOT-FOR-US: Apple
CVE-2022-32856
- RESERVED
+ REJECTED
CVE-2022-32855 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32854 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -74278,7 +74287,7 @@ CVE-2022-32852 (An out-of-bounds read issue was
addressed with improved input va
CVE-2022-32851 (An out-of-bounds read issue was addressed with improved input
validati ...)
NOT-FOR-US: Apple
CVE-2022-32850
- RESERVED
+ REJECTED
CVE-2022-32849 (An information disclosure issue was addressed by removing the
vulnerab ...)
NOT-FOR-US: Apple
CVE-2022-32848 (A logic issue was addressed with improved checks. This issue
is fixed ...)
@@ -74334,7 +74343,7 @@ CVE-2022-32824 (The issue was addressed with improved
memory handling. This issu
CVE-2022-32823 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
CVE-2022-32822
- RESERVED
+ REJECTED
CVE-2022-32821 (A memory corruption issue was addressed with improved
validation. This ...)
NOT-FOR-US: Apple
CVE-2022-32820 (An out-of-bounds write issue was addressed with improved input
validat ...)
@@ -74363,17 +74372,17 @@ CVE-2022-32811 (A memory corruption vulnerability was
addressed with improved lo
CVE-2022-32810 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32809
- RESERVED
+ REJECTED
CVE-2022-32808
- RESERVED
+ REJECTED
CVE-2022-32807 (This issue was addressed with improved file handling. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2022-32806
- RESERVED
+ REJECTED
CVE-2022-32805 (The issue was addressed with improved handling of caches. This
issue i ...)
NOT-FOR-US: Apple
CVE-2022-32804
- RESERVED
+ REJECTED
CVE-2022-32803
RESERVED
CVE-2022-32802 (A logic issue was addressed with improved checks. This issue
is fixed ...)
@@ -74403,7 +74412,7 @@ CVE-2022-32792 (An out-of-bounds write issue was
addressed with improved input v
NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
NOTE:
https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/
CVE-2022-32791
- RESERVED
+ REJECTED
CVE-2022-32790 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32789 (A logic issue was addressed with improved checks. This issue
is fixed ...)
@@ -74427,7 +74436,7 @@ CVE-2022-32781 (This issue was addressed by enabling
hardened runtime. This issu
CVE-2022-32780
RESERVED
CVE-2022-32779
- RESERVED
+ REJECTED
CVE-2022-32778 (An information disclosure vulnerability exists in the cookie
functiona ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-32777 (An information disclosure vulnerability exists in the cookie
functiona ...)
@@ -92416,19 +92425,19 @@ CVE-2022-26737 (An out-of-bounds write issue was
addressed with improved bounds
CVE-2022-26736 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-26735
- RESERVED
+ REJECTED
CVE-2022-26734
- RESERVED
+ REJECTED
CVE-2022-26733
- RESERVED
+ REJECTED
CVE-2022-26732
- RESERVED
+ REJECTED
CVE-2022-26731 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-26730 (A memory corruption issue existed in the processing of ICC
profiles. T ...)
NOT-FOR-US: Apple
CVE-2022-26729
- RESERVED
+ REJECTED
CVE-2022-26728 (This issue was addressed with improved entitlements. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-26727 (This issue was addressed with improved entitlements. This
issue is fix ...)
@@ -92496,7 +92505,7 @@ CVE-2022-26707 (An issue in the handling of environment
variables was addressed
CVE-2022-26706 (An access issue was addressed with additional sandbox
restrictions on ...)
NOT-FOR-US: Apple
CVE-2022-26705
- RESERVED
+ REJECTED
CVE-2022-26704 (A validation issue existed in the handling of symlinks and was
address ...)
NOT-FOR-US: Apple
CVE-2022-26703 (An authorization issue was addressed with improved state
management. T ...)
@@ -92526,7 +92535,7 @@ CVE-2022-26694 (This issue was addressed with improved
checks. This issue is fix
CVE-2022-26693 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-26692
- RESERVED
+ REJECTED
CVE-2022-26691 (A logic issue was addressed with improved state management.
This issue ...)
{DSA-5149-1 DLA-3029-1}
- cups 2.4.2-1 (bug #1011769)
@@ -92535,7 +92544,7 @@ CVE-2022-26691 (A logic issue was addressed with
improved state management. This
CVE-2022-26690 (Description: A race condition was addressed with additional
validation ...)
NOT-FOR-US: Apple
CVE-2022-26689
- RESERVED
+ REJECTED
CVE-2022-26688 (An issue in the handling of symlinks was addressed with
improved valid ...)
NOT-FOR-US: Apple
CVE-2022-26687
@@ -106192,7 +106201,7 @@ CVE-2022-22651 (An out-of-bounds write issue was
addressed with improved bounds
CVE-2022-22650 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-22649
- RESERVED
+ REJECTED
CVE-2022-22648 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-22647 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -106200,7 +106209,7 @@ CVE-2022-22647 (This issue was addressed with
improved checks. This issue is fix
CVE-2022-22646
RESERVED
CVE-2022-22645
- RESERVED
+ REJECTED
CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This
was add ...)
NOT-FOR-US: Apple
CVE-2022-22643 (This issue was addressed with improved checks. This issue is
fixed in ...)
@@ -157039,10 +157048,10 @@ CVE-2021-29001
RESERVED
CVE-2021-29000
RESERVED
-CVE-2021-28999
- RESERVED
-CVE-2021-28998
- RESERVED
+CVE-2021-28999 (SQL Injection vulnerability in CMS Made Simple through 2.2.15
allows r ...)
+ TODO: check
+CVE-2021-28998 (File upload vulnerability in CMS Made Simple through 2.2.15
allows rem ...)
+ TODO: check
CVE-2021-28997
RESERVED
CVE-2021-28996
@@ -161332,8 +161341,8 @@ CVE-2021-27282
RESERVED
CVE-2021-27281
RESERVED
-CVE-2021-27280
- RESERVED
+CVE-2021-27280 (OS Command injection vulnerability in mblog 3.5.0 allows
attackers to ...)
+ TODO: check
CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags
with MyCo ...)
NOT-FOR-US: MyBB
CVE-2021-27278 (This vulnerability allows local attackers to escalate
privileges on af ...)
@@ -175626,8 +175635,8 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to
cause a denial of service (remo
NOTE: https://github.com/tidwall/gjson/issues/195
NOTE:
https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
NOTE: fix in golang-github-tidwall-gjson is dependency on
golang-github-tidwall-match v1.0.3
-CVE-2020-36065
- RESERVED
+CVE-2020-36065 (Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0
allows a ...)
+ TODO: check
CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain
hardcoded cr ...)
NOT-FOR-US: Online Course Registration
CVE-2020-36063
@@ -201313,8 +201322,8 @@ CVE-2020-23968 (Ilex International Sign&go
Workstation Security Suite 7.1 allows
NOT-FOR-US: Ilex International Sign&go Workstation Security Suite
CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of
privilege ...)
NOT-FOR-US: Dr.Web Security Space
-CVE-2020-23966
- RESERVED
+CVE-2020-23966 (SQL Injection vulnerability in victor cms 1.0 allows attackers
to exec ...)
+ TODO: check
CVE-2020-23965
RESERVED
CVE-2020-23964
@@ -203869,8 +203878,8 @@ CVE-2020-22757
RESERVED
CVE-2020-22756
RESERVED
-CVE-2020-22755
- RESERVED
+CVE-2020-22755 (File upload vulnerability in MCMS 5.0 allows attackers to
execute arbi ...)
+ TODO: check
CVE-2020-22754
RESERVED
CVE-2020-22753
@@ -204758,8 +204767,8 @@ CVE-2020-22336
RESERVED
CVE-2020-22335
RESERVED
-CVE-2020-22334
- RESERVED
+CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4
allows a ...)
+ TODO: check
CVE-2020-22333
RESERVED
CVE-2020-22332
@@ -207655,8 +207664,8 @@ CVE-2020-21040
RESERVED
CVE-2020-21039
RESERVED
-CVE-2020-21038
- RESERVED
+CVE-2020-21038 (Open redirect vulnerability in typecho 1.1-17.10.30-release
via the re ...)
+ TODO: check
CVE-2020-21037
RESERVED
CVE-2020-21036
@@ -210526,8 +210535,8 @@ CVE-2020-19662
RESERVED
CVE-2020-19661
RESERVED
-CVE-2020-19660
- RESERVED
+CVE-2020-19660 (Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows
attackers to ...)
+ TODO: check
CVE-2020-19659
RESERVED
CVE-2020-19658
@@ -213411,8 +213420,8 @@ CVE-2020-18284
RESERVED
CVE-2020-18283
RESERVED
-CVE-2020-18282
- RESERVED
+CVE-2020-18282 (Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0
allows remot ...)
+ TODO: check
CVE-2020-18281
RESERVED
CVE-2020-18280
@@ -213717,10 +213726,10 @@ CVE-2020-18134
RESERVED
CVE-2020-18133
RESERVED
-CVE-2020-18132
- RESERVED
-CVE-2020-18131
- RESERVED
+CVE-2020-18132 (Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0
allows attack ...)
+ TODO: check
+CVE-2020-18131 (Cross Site Request Forgery (CSRF) vulnerability in Bluethrust
Clan Scr ...)
+ TODO: check
CVE-2020-18130
RESERVED
CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to
add an ad ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c1aa1f65b9c68c9ef2cb5b09494d0924387ea0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01c1aa1f65b9c68c9ef2cb5b09494d0924387ea0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
