Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9289f9b4 by security tracker role at 2023-06-19T20:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management
System 1 ...)
+ TODO: check
+CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a
failure to op ...)
+ TODO: check
+CVE-2023-3312 (A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c
in cpuf ...)
+ TODO: check
+CVE-2023-35843 (NocoDB through 0.106.0 (or 0.109.1) has a path traversal
vulnerability ...)
+ TODO: check
+CVE-2023-35779 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Seed ...)
+ TODO: check
+CVE-2023-35776 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-35775 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WP Backu ...)
+ TODO: check
+CVE-2023-35772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Alain Go ...)
+ TODO: check
+CVE-2023-34461 (PyBB is an open source bulletin board. A manual code review of
the PyB ...)
+ TODO: check
+CVE-2023-34373 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James
Zephyr ...)
+ TODO: check
+CVE-2023-34167 (Vulnerability of spoofing trustlists of Huawei
desktop.Successful expl ...)
+ TODO: check
+CVE-2023-34166 (Vulnerability of system restart triggered by abnormal
callbacks passed ...)
+ TODO: check
+CVE-2023-34163 (Permission control vulnerability in the window management
module.Succe ...)
+ TODO: check
+CVE-2023-34162 (Version update determination vulnerability in the user profile
module. ...)
+ TODO: check
+CVE-2023-34161 (nappropriate authorization vulnerability in the
SettingsProvider modul ...)
+ TODO: check
+CVE-2023-34160 (Vulnerability of spoofing trustlists of Huawei
desktop.Successful expl ...)
+ TODO: check
+CVE-2023-34159 (Improper permission control vulnerability in the Notepad
app.Successfu ...)
+ TODO: check
+CVE-2023-34158 (Vulnerability of spoofing trustlists of Huawei
desktop.Successful expl ...)
+ TODO: check
+CVE-2023-34156 (Vulnerability of services denied by early fingerprint APIs on
HarmonyO ...)
+ TODO: check
+CVE-2023-34155 (Vulnerability of unauthorized calling on HUAWEI phones and
tablets.Suc ...)
+ TODO: check
+CVE-2023-33213 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gVec ...)
+ TODO: check
+CVE-2023-31411 (A remote unprivileged attacker can modify and access
configuration set ...)
+ TODO: check
+CVE-2023-31410 (A remote unprivileged attacker can intercept the communication
via e.g ...)
+ TODO: check
+CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does
not valid ...)
+ TODO: check
+CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not
sanitise ...)
+ TODO: check
+CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise
and esc ...)
+ TODO: check
+CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not
properly sanit ...)
+ TODO: check
+CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress
plugin be ...)
+ TODO: check
+CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not
validate the ...)
+ TODO: check
+CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize
and esc ...)
+ TODO: check
+CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not
properly sanit ...)
+ TODO: check
+CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does
not san ...)
+ TODO: check
+CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not
escape a ...)
+ TODO: check
+CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not
sanitize ...)
+ TODO: check
+CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin
WordPress plugi ...)
+ TODO: check
+CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through
1.1.1 doe ...)
+ TODO: check
+CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and
escape s ...)
+ TODO: check
+CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user
input on c ...)
+ TODO: check
+CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not
check f ...)
+ TODO: check
+CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting
Systems Imag ...)
+ TODO: check
+CVE-2022-48501 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48500 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48499 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48498 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48497 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48496 (Vulnerability of lax app identity verification in the
pre-authorizatio ...)
+ TODO: check
+CVE-2022-48495 (Vulnerability of unauthorized access to foreground app
information.Suc ...)
+ TODO: check
+CVE-2022-48494 (Vulnerability of lax app identity verification in the
pre-authorizatio ...)
+ TODO: check
+CVE-2022-48493 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48492 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48491 (Vulnerability of missing authentication on certain HUAWEI
phones.Succe ...)
+ TODO: check
+CVE-2022-48490 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48489 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48488 (Vulnerability of bypassing the default desktop security
controls.Succe ...)
+ TODO: check
+CVE-2022-48487 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
+CVE-2022-48486 (Configuration defects in the secure OS module.Successful
exploitation ...)
+ TODO: check
CVE-2023-3311 (A vulnerability, which was classified as problematic, was found
in Pun ...)
NOT-FOR-US: PuneethReddyHC online-shopping-system-advanced
CVE-2023-3310 (A vulnerability, which was classified as critical, has been
found in c ...)
@@ -95,7 +209,7 @@ CVE-2023-35824 (An issue was discovered in the Linux kernel
before 6.3.2. A use-
CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1)
-CVE-2023-35005
+CVE-2023-35005 (In Apache Airflow, some potentially sensitive values were
being shown ...)
- airflow <itp> (bug #819700)
CVE-2023-3306 (A vulnerability was found in Ruijie RG-EW1200G
EW_3.0(1)B11P204. It ha ...)
NOT-FOR-US: Ruijie
@@ -1424,10 +1538,10 @@ CVE-2023-28653 (The affected application lacks proper
validation of user-supplie
NOT-FOR-US: Horner Automation
CVE-2023-27916 (The affected application lacks proper validation of
user-supplied data ...)
NOT-FOR-US: Horner Automation
-CVE-2023-34417
+CVE-2023-34417 (Memory safety bugs present in Firefox 113. Some of these bugs
showed e ...)
- firefox 114.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
-CVE-2023-34416
+CVE-2023-34416 (Memory safety bugs present in Firefox 113, Firefox ESR 102.11,
and Thu ...)
{DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
@@ -1435,10 +1549,10 @@ CVE-2023-34416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34416
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416
-CVE-2023-34415
+CVE-2023-34415 (When choosing a site-isolated process for a document loaded
from a dat ...)
- firefox 114.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415
-CVE-2023-34414
+CVE-2023-34414 (The error page for sites with invalid TLS certificates was
missing the ...)
{DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
@@ -1888,7 +2002,7 @@ CVE-2018-25086 (A vulnerability was found in sea75300
FanPress CM up to 3.6.3. I
NOT-FOR-US: sea75300 FanPress CM
CVE-2010-10010 (A vulnerability classified as problematic has been found in
Stars Alli ...)
NOT-FOR-US: Stars Alliance PsychoStats
-CVE-2023-3022
+CVE-2023-3022 (A flaw was found in the IPv6 module of the Linux kernel. The
arg.resul ...)
- linux 5.2.6-1
NOTE:
https://git.kernel.org/linus/a65120bae4b7425a39c5783aa3d4fc29677eef0e
CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository
mkucej/i-libr ...)
@@ -3905,7 +4019,7 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub
repository vim/vim prior
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE:
https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
(v9.0.1532)
-CVE-2023-32216
+CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs
showed ...)
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR
102.10. Some ...)
@@ -3916,7 +4030,7 @@ CVE-2023-32215 (Memory safety bugs present in Firefox 112
and Firefox ESR 102.10
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215
-CVE-2023-32214
+CVE-2023-32214 (Protocol handlers `ms-cxh` and `ms-cxh-full` could have been
leveraged ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Firefox ESR on Windows)
@@ -3947,13 +4061,13 @@ CVE-2023-32211 (A type checking bug would have led to
invalid code being compile
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32211
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32211
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32211
-CVE-2023-32210
+CVE-2023-32210 (Documents were incorrectly assuming an ordering of principal
objects w ...)
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32210
-CVE-2023-32209
+CVE-2023-32209 (A maliciously crafted favicon could have led to an out of
memory crash ...)
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32209
-CVE-2023-32208
+CVE-2023-32208 (Service workers could reveal script base URL due to dynamic
`import()` ...)
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208
CVE-2023-32207 (A missing delay in popup notifications could have made it
possible for ...)
@@ -4847,6 +4961,7 @@ CVE-2023-31139 (DHIS2 Core contains the service layer and
Web API for DHIS2, an
CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2,
an inform ...)
NOT-FOR-US: DHIS2
CVE-2023-31137 (MaraDNS is open-source software that implements the Domain
Name System ...)
+ {DLA-3457-1}
- maradns <unfixed> (bug #1035936)
NOTE:
https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58
NOTE:
https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c
@@ -5475,8 +5590,8 @@ CVE-2023-2223 (The Login rebuilder WordPress plugin
before 2.8.1 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2023-2222
RESERVED
-CVE-2023-2221
- RESERVED
+CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not
properly sa ...)
+ TODO: check
CVE-2022-4944 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: KodExplorer
CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5.
It has ...)
@@ -9139,12 +9254,10 @@ CVE-2023-29548 (A wrong lowering instruction in the
ARM64 Ion compiler resulted
CVE-2023-29547 (When a secure cookie existed in the Firefox cookie jar an
insecure coo ...)
- firefox 112.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29547
-CVE-2023-29546
- RESERVED
+CVE-2023-29546 (When recording the screen while in Private Browsing on Firefox
for And ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29546
-CVE-2023-29545
- RESERVED
+CVE-2023-29545 (Similar to CVE-2023-28163, this time when choosing 'Save Link
As', sug ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
@@ -9157,8 +9270,7 @@ CVE-2023-29544 (If multiple instances of resource
exhaustion occurred at the inc
CVE-2023-29543 (An attacker could have caused memory corruption and a
potentially expl ...)
- firefox 112.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29543
-CVE-2023-29542
- RESERVED
+CVE-2023-29542 (A newline in a filename could have been used to bypass the
file extens ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
@@ -9205,8 +9317,7 @@ CVE-2023-29535 (Following a Garbage Collector compaction,
weak maps may have bee
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29535
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29535
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29535
-CVE-2023-29534
- RESERVED
+CVE-2023-29534 (Different techniques existed to obscure the fullscreen
notification in ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
CVE-2023-29533 (A website could have obscured the fullscreen notification by
using a c ...)
@@ -9217,16 +9328,14 @@ CVE-2023-29533 (A website could have obscured the
fullscreen notification by usi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29533
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29533
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29533
-CVE-2023-29532
- RESERVED
+CVE-2023-29532 (A local attacker can trick the Mozilla Maintenance Service
into applyi ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29532
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29532
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29532
-CVE-2023-29531
- RESERVED
+CVE-2023-29531 (An attacker could have caused an out of bounds memory access
using Web ...)
- firefox <not-affected> (Only affects Firefox on macOS)
- firefox-esr <not-affected> (Only affects Firefox ESR on macOS)
- thunderbird <not-affected> (Only affects Thunderbird on macOS)
@@ -12548,8 +12657,8 @@ CVE-2023-1503 (A vulnerability classified as critical
has been found in SourceCo
NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System
CVE-2023-1502 (A vulnerability was found in SourceCodester Alphaware Simple
E-Commerc ...)
NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System
-CVE-2019-25136
- RESERVED
+CVE-2019-25136 (A compromised child process could have injected XBL Bindings
into priv ...)
+ TODO: check
CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0
and classi ...)
NOT-FOR-US: zwczou WeChat SDK Python
CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0
and class ...)
@@ -14726,8 +14835,8 @@ CVE-2023-27994
RESERVED
CVE-2023-27993 (A relative path traversal [CWE-23] in Fortinet FortiADC
version 7.2.0 ...)
NOT-FOR-US: FortiGuard
-CVE-2023-27992
- RESERVED
+CVE-2023-27992 (The pre-authentication command injection vulnerability in the
Zyxel NA ...)
+ TODO: check
CVE-2023-27991 (The post-authentication command injection vulnerability in the
CLI com ...)
NOT-FOR-US: Zyxel
CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions
4.32 throu ...)
@@ -21024,8 +21133,8 @@ CVE-2023-25749 (Android applications with unpatched
vulnerabilities can be launc
CVE-2023-25748 (By displaying a prompt with a long description, the fullscreen
notific ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748
-CVE-2023-25747
- RESERVED
+CVE-2023-25747 (A potential use-after-free in libaudio was fixed by disabling
the AAud ...)
+ TODO: check
CVE-2023-25746 (Memory safety bugs present in Firefox ESR 102.7. Some of these
bugs sh ...)
{DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1}
- firefox-esr 102.8.0esr-1
@@ -21085,8 +21194,7 @@ CVE-2023-25737 (An invalid downcast from
<code>nsTextNode</code> to <code>SVGEle
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25737
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25737
-CVE-2023-25736
- RESERVED
+CVE-2023-25736 (An invalid downcast from `nsHTMLDocument` to `nsIContent`
could have l ...)
- firefox 110.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25736
CVE-2023-25735 (Cross-compartment wrappers wrapping a scripted proxy could
have caused ...)
@@ -21104,8 +21212,7 @@ CVE-2023-25734 (After downloading a Windows
<code>.url</code> shortcut from the
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25734
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25734
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25734
-CVE-2023-25733
- RESERVED
+CVE-2023-25733 (The return value from `gfx::SourceSurfaceSkia::Map()` wasn't
being ver ...)
- firefox 110.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733
CVE-2023-25732 (When encoding data from an <code>inputStream</code> in
<code>xpcom</co ...)
@@ -24941,8 +25048,8 @@ CVE-2023-0491 (The Schedulicity WordPress plugin
through 2.21 does not validate
NOT-FOR-US: WordPress plugin
CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0489
- RESERVED
+CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not
validate and e ...)
+ TODO: check
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
- pyload <itp> (bug #1001980)
CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not
properly ...)
@@ -26913,8 +27020,8 @@ CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin
through 1.0.6 does not vali
NOT-FOR-US: WordPress plugin
CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0368
- RESERVED
+CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual
Compose ...)
+ TODO: check
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as
problema ...)
NOT-FOR-US: MyCMS
CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP
query h ...)
@@ -33820,8 +33927,8 @@ CVE-2022-47588
RESERVED
CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Corn ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47586
- RESERVED
+CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic
Ultimate Addons ...)
+ TODO: check
CVE-2022-47585
RESERVED
CVE-2022-47584
@@ -37324,8 +37431,8 @@ CVE-2022-46852 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force St ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46850
- RESERVED
+CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to
Arbitra ...)
+ TODO: check
CVE-2022-46849
RESERVED
CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -86584,6 +86691,7 @@ CVE-2022-30258 (An issue was discovered in Technitium
DNS Server through 8.0.2 t
CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2
that al ...)
NOT-FOR-US: Technitium DNS Server
CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021
that allo ...)
+ {DLA-3457-1}
- maradns <unfixed> (bug #1033252)
[bullseye] - maradns <no-dsa> (Minor issue)
NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9289f9b4ade5cc76e3bd84ad65ac38c244df52dd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9289f9b4ade5cc76e3bd84ad65ac38c244df52dd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
