Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e7a21fb by security tracker role at 2023-05-22T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The
/system/bin/tctwe ...)
+ TODO: check
+CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary
/system/kaios ...)
+ TODO: check
+CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT
router firm ...)
+ TODO: check
+CVE-2023-32349 (Versions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT
router fi ...)
+ TODO: check
+CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to
4.10.0 con ...)
+ TODO: check
+CVE-2023-32347 (Teltonika\u2019s Remote Management System versions prior to
4.10.0 use ...)
+ TODO: check
+CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to
4.10.0 con ...)
+ TODO: check
+CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure
Permissions. A v ...)
+ TODO: check
+CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting
(XSS). A ...)
+ TODO: check
+CVE-2023-31742 (There is a command injection vulnerability in the Linksys
WRT54GL rout ...)
+ TODO: check
+CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a
vulnerabl ...)
+ TODO: check
+CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to
contain a ...)
+ TODO: check
+CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.2.2 ...)
+ TODO: check
+CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
+ TODO: check
+CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to
2.2.2.)
+ TODO: check
+CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac
prior to 2. ...)
+ TODO: check
+CVE-2023-2832 (SQL Injection in GitHub repository unilogies/bumsys prior to
2.2.0.)
+ TODO: check
+CVE-2023-2597 (In Eclipse Openj9 before version 0.38.0, in the implementation
of the ...)
+ TODO: check
+CVE-2023-2588 (Teltonika\u2019s Remote Management System versions prior to
4.10.0 hav ...)
+ TODO: check
+CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to
4.10.0 con ...)
+ TODO: check
+CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is
vulnerabl ...)
+ TODO: check
CVE-2023-32067
[experimental] - c-ares 1.19.1-1
- c-ares <unfixed>
@@ -33,9 +75,9 @@ CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is
affected by a remote c
NOT-FOR-US: IBM
CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel
before 5.10. ...)
- linux <unfixed>
-CVE-2023-31454
+CVE-2023-31454 (Incorrect Permission Assignment for Critical Resource
Vulnerability in ...)
NOT-FOR-US: Apache InLong
-CVE-2023-31453
+CVE-2023-31453 (Incorrect Permission Assignment for Critical Resource
Vulnerability in ...)
NOT-FOR-US: Apache InLong
CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored
Cross-Site Sc ...)
NOT-FOR-US: hledger
@@ -1491,20 +1533,20 @@ CVE-2023-31280
RESERVED
CVE-2023-31279
RESERVED
-CVE-2023-31245
- RESERVED
-CVE-2023-31241
- RESERVED
-CVE-2023-31240
- RESERVED
-CVE-2023-31193
- RESERVED
-CVE-2023-28649
- RESERVED
-CVE-2023-28412
- RESERVED
-CVE-2023-28386
- RESERVED
+CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address
when acces ...)
+ TODO: check
+CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can
use to byp ...)
+ TODO: check
+CVE-2023-31240 (Snap One OvrC Pro versions prior to 7.2 have their own locally
running ...)
+ TODO: check
+CVE-2023-31193 (Snap One OvrC Pro versions prior to 7.3 use HTTP connections
when down ...)
+ TODO: check
+CVE-2023-28649 (The Hub in the Snap One OvrC cloud platform is a device used
to centra ...)
+ TODO: check
+CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud
servers w ...)
+ TODO: check
+CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not
validate firmw ...)
+ TODO: check
CVE-2023-25183
RESERVED
CVE-2023-2319 (It was discovered that an update for PCS package in
RHBA-2023:2151 err ...)
@@ -1742,8 +1784,7 @@ CVE-2023-2272
RESERVED
CVE-2023-2271
RESERVED
-CVE-2023-31206
- RESERVED
+CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache
Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31205
RESERVED
@@ -2025,20 +2066,17 @@ CVE-2022-48477 (In JetBrains Hub before 2023.1.15725
SSRF protection in Auth Mod
NOT-FOR-US: JetBrains Hub
CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the
`resolveResource` ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2023-31103
- RESERVED
+CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache
Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31102
RESERVED
-CVE-2023-31101
- RESERVED
+CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in
Apache So ...)
NOT-FOR-US: Apache InLong
CVE-2023-31100
RESERVED
CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an
authenticated use ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2023-31098
- RESERVED
+CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software
Foundation ...)
NOT-FOR-US: Apache InLong
CVE-2023-31097
RESERVED
@@ -2107,19 +2145,15 @@ CVE-2023-31068
RESERVED
CVE-2023-31067
RESERVED
-CVE-2023-31066
- RESERVED
+CVE-2023-31066 (Files or Directories Accessible to External Parties
vulnerability in A ...)
NOT-FOR-US: Apache InLong
-CVE-2023-31065
- RESERVED
+CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache
Software Found ...)
NOT-FOR-US: Apache InLong
-CVE-2023-31064
- RESERVED
+CVE-2023-31064 (Files or Directories Accessible to External Parties
vulnerability in A ...)
NOT-FOR-US: Apache InLong
CVE-2023-31063
RESERVED
-CVE-2023-31062
- RESERVED
+CVE-2023-31062 (Improper Privilege Management Vulnerabilities in Apache
Software Found ...)
NOT-FOR-US: Apache InLong
CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection.)
NOT-FOR-US: Repetier Server
@@ -2127,8 +2161,7 @@ CVE-2023-31060 (Repetier Server through 1.4.10 executes
as SYSTEM. This can be l
NOT-FOR-US: Repetier Server
CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory
traversal for re ...)
NOT-FOR-US: Repetier Server
-CVE-2023-31058
- RESERVED
+CVE-2023-31058 (Deserialization of Untrusted Data Vulnerability in Apache
Software Fou ...)
NOT-FOR-US: Apache InLong
CVE-2023-31057
RESERVED
@@ -5519,8 +5552,8 @@ CVE-2023-29839 (A Stored Cross Site Scripting (XSS)
vulnerability exists in mult
[buster] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/jichngan/CVE-2023-29839
NOTE: Fixed upstream in 3.0.5
-CVE-2023-29838
- RESERVED
+CVE-2023-29838 (Insecure Permission vulnerability found in Botkind/Siber
Systems SyncA ...)
+ TODO: check
CVE-2023-29837 (Cross Site Scripting vulnerability found in Exelysis Unified
Communica ...)
NOT-FOR-US: Exelysis Unified Communication Solution (EUCS)
CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified
Communica ...)
@@ -9105,8 +9138,8 @@ CVE-2023-1553
RESERVED
CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a
deserialization vulne ...)
NOT-FOR-US: ToolboxST
-CVE-2023-28709
- RESERVED
+CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat
11.0.0-M2 ...)
+ TODO: check
CVE-2023-28708 (When using the RemoteIpFilter with requests received from a
reverse ...)
{DSA-5381-1 DLA-3384-1}
- tomcat10 10.1.6-1
@@ -9947,8 +9980,8 @@ CVE-2023-28469
RESERVED
CVE-2023-28468
RESERVED
-CVE-2023-28467
- RESERVED
+CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via
the user ...)
+ TODO: check
CVE-2023-28465
RESERVED
CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux
kernel throu ...)
@@ -14317,10 +14350,10 @@ CVE-2023-27069 (A stored cross-site scripting (XSS)
vulnerability in TotalJS Ope
NOT-FOR-US: TotalJS OpenPlatform
CVE-2023-27068
RESERVED
-CVE-2023-27067
- RESERVED
-CVE-2023-27066
- RESERVED
+CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience
Platform thro ...)
+ TODO: check
+CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience
Platform 10. ...)
+ TODO: check
CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to
contain a ...)
NOT-FOR-US: Tenda
CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to
contain a ...)
@@ -16713,13 +16746,13 @@ CVE-2023-26120 (This affects all versions of the
package com.xuxueli:xxl-job. HT
NOT-FOR-US: com.xuxueli:xxl-job
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from
0 and b ...)
NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
-CVE-2023-26118 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to
Regular E ...)
- angular.js <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
-CVE-2023-26117 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to
Regular E ...)
- angular.js <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
-CVE-2023-26116 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to
Regular ...)
- angular.js <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
CVE-2023-26115
@@ -18715,8 +18748,8 @@ CVE-2023-25539
RESERVED
CVE-2023-25538
RESERVED
-CVE-2023-25537
- RESERVED
+CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and
Dell Preci ...)
+ TODO: check
CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive
informati ...)
NOT-FOR-US: Dell
CVE-2023-25535
@@ -19022,10 +19055,10 @@ CVE-2023-25450
RESERVED
CVE-2023-25449
RESERVED
-CVE-2023-25448
- RESERVED
-CVE-2023-25447
- RESERVED
+CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric
Teubert Archiv ...)
+ TODO: check
+CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in
Inkthemescom ColorW ...)
+ TODO: check
CVE-2023-25446
RESERVED
CVE-2023-25445
@@ -23536,8 +23569,8 @@ CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23814
RESERVED
-CVE-2023-23813
- RESERVED
+CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
+ TODO: check
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joos ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23811
@@ -23568,8 +23601,8 @@ CVE-2023-23799 (Auth. (admin+) Stored Cross-site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23798
RESERVED
-CVE-2023-23797
- RESERVED
+CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in
SecondLineThemes Au ...)
+ TODO: check
CVE-2023-23796
RESERVED
CVE-2023-23795
@@ -23893,8 +23926,8 @@ CVE-2023-23714
RESERVED
CVE-2023-23713
RESERVED
-CVE-2023-23712
- RESERVED
+CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta
Manager p ...)
+ TODO: check
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting
A2 Optim ...)
NOT-FOR-US: A2 Hosting
CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in mini ...)
@@ -24004,8 +24037,8 @@ CVE-2023-23682 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23680
- RESERVED
+CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz
WP-TopBar ...)
+ TODO: check
CVE-2023-23679
RESERVED
CVE-2023-23678
@@ -27312,8 +27345,8 @@ CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting
vulnerability in OOPSpam OOP
NOT-FOR-US: WordPress plugin
CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Lester 'GaM ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22714
- RESERVED
+CVE-2023-22714 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Coming So ...)
+ TODO: check
CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -27322,8 +27355,8 @@ CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
chilidev ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22709
- RESERVED
+CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS
Simple H ...)
+ TODO: check
CVE-2023-22708
RESERVED
CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in
Wpsoul Gre ...)
@@ -27356,16 +27389,16 @@ CVE-2023-22694
RESERVED
CVE-2023-22693
RESERVED
-CVE-2023-22692
- RESERVED
+CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen
Peters Name ...)
+ TODO: check
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Shop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian
Apostol Auto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22688
- RESERVED
+CVE-2023-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad
WP Tabs ...)
+ TODO: check
CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in
Jose Mortel ...)
NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic
Nice Pa ...)
@@ -30536,12 +30569,12 @@ CVE-2022-47613 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland
Barker, xnau ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47611
- RESERVED
+CVE-2022-47611 (Cross-Site Request Forgery (CSRF) vulnerability in Julian
Weinert // c ...)
+ TODO: check
CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mr D ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47609
- RESERVED
+CVE-2022-47609 (Cross-Site Request Forgery (CSRF) vulnerability in Nicearma
DNUI plugi ...)
+ TODO: check
CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Full ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in User ...)
@@ -33179,8 +33212,8 @@ CVE-2022-47185
RESERVED
CVE-2022-47184
RESERVED
-CVE-2022-47183
- RESERVED
+CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP
Extra Blo ...)
+ TODO: check
CVE-2022-47182
RESERVED
CVE-2022-47181
@@ -33211,8 +33244,8 @@ CVE-2022-47169
RESERVED
CVE-2022-47168
RESERVED
-CVE-2022-47167
- RESERVED
+CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram
Kocharyan Cray ...)
+ TODO: check
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders
Void Con ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47165
@@ -33261,8 +33294,8 @@ CVE-2022-47144
RESERVED
CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle
Multiple ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47142
- RESERVED
+CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft
Mediama ...)
+ TODO: check
CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP
Dynamic K ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47140
@@ -34670,8 +34703,8 @@ CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier
does not configure its XM
NOT-FOR-US: Jenkins plugin
CVE-2022-46681
REJECTED
-CVE-2022-46680
- RESERVED
+CVE-2022-46680 (A CWE-319: Cleartext transmission of sensitive information
vulnerabili ...)
+ TODO: check
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an
insufficien ...)
NOT-FOR-US: Dell
CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper
access contr ...)
@@ -38771,8 +38804,8 @@ CVE-2022-45378 (In the default configuration of Apache
SOAP, an RPCRouterServlet
NOT-FOR-US: Apache SOAP
CVE-2022-45377
RESERVED
-CVE-2022-45376
- RESERVED
+CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side
Cart Wo ...)
+ TODO: check
CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in
iFeature Slid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45374
@@ -39570,14 +39603,14 @@ CVE-2022-45081
RESERVED
CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb
Add Multi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45079
- RESERVED
+CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous
Loginiz ...)
+ TODO: check
CVE-2022-45078
RESERVED
CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in
Betheme them ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45076
- RESERVED
+CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat
Flexible Ele ...)
+ TODO: check
CVE-2022-45075
RESERVED
CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer
Singh for ...)
@@ -40448,8 +40481,8 @@ CVE-2022-44741 (Cross-Site Request Forgery (CSRF)
vulnerability leading to Cross
NOT-FOR-US: WordPress plugin
CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Creative ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44739
- RESERVED
+CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in
ThingsForRestaurant ...)
+ TODO: check
CVE-2022-44738
RESERVED
CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities
inAll-In-One Secur ...)
@@ -51900,8 +51933,8 @@ CVE-2022-41612 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41608
- RESERVED
+CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas
Belser Asgar ...)
+ TODO: check
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and
1.3.5 job ...)
- nomad <unfixed> (bug #1021670)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
@@ -349305,7 +349338,7 @@ CVE-2018-8741 (A directory traversal flaw in
SquirrelMail 1.4.22 allows an authe
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted
using a ...)
- {DLA-2340-1 DLA-1633-1}
+ {DLA-3431-1 DLA-2340-1 DLA-1633-1}
- sqlite3 3.22.0-2 (bug #893195)
[wheezy] - sqlite3 <no-dsa> (Minor issue)
- sqlite <removed>
@@ -436945,7 +436978,7 @@ CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2
allows remote attackers to c
CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content
Management ...)
NOT-FOR-US: Ektron
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the
temporary ...)
- {DLA-543-1}
+ {DLA-3431-1 DLA-543-1}
- sqlite3 3.13.0-1
[jessie] - sqlite3 3.8.7.1-1+deb8u2
- sqlite <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e7a21fb49516e604330af56bc20d06153fe88f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e7a21fb49516e604330af56bc20d06153fe88f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
