Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e49d0371 by Moritz Muehlenhoff at 2023-10-06T10:58:26+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to
20d161a ...)
TODO: check
CVE-2023-5312 (A vulnerability classified as critical has been found in
DedeCMS 5.7.1 ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-45243 (Sensitive information disclosure due to missing authorization.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45242 (Sensitive information disclosure due to missing authorization.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45241 (Sensitive information leak through log files. The following
products a ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-45240 (Sensitive information disclosure due to missing authorization.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44214 (Sensitive information disclosure due to missing authorization.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44213 (Sensitive information disclosure due to excessive collection
of system ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44212 (Sensitive information disclosure and manipulation due to
missing autho ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-44211 (Sensitive information disclosure and manipulation due to
missing autho ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick
CMS v.6 ...)
- TODO: check
+ NOT-FOR-US: Quick CMS
CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file
upload vu ...)
- TODO: check
+ NOT-FOR-US: pigcms
CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross
Schedule ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39323 (Line directives ("//line") can be used to bypass the
restrictions on " ...)
TODO: check
CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map
Photos Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10125 (A vulnerability classified as problematic has been found in WP
Ultimat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza
Ordering ...)
NOT-FOR-US: ourceCodester Online Pizza Ordering System
CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python
services c ...)
@@ -35017,23 +35017,23 @@ CVE-2023-26155
CVE-2023-26154
RESERVED
CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are
vulnerable to Co ...)
- TODO: check
+ NOT-FOR-US: geokit-rails
CVE-2023-26152 (All versions of the package static-server are vulnerable to
Directory ...)
- TODO: check
+ NOT-FOR-US: Node static-server
CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable
to Denial ...)
- TODO: check
+ NOT-FOR-US: asyncua
CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable
to Improp ...)
- TODO: check
+ NOT-FOR-US: asyncua
CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: Node quill-mention
CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to
CRLF Injec ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to
HTTP Respo ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to
Cross-site ...)
- TODO: check
+ NOT-FOR-US: ithewei/libhv
CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A
number of ...)
- TODO: check
+ NOT-FOR-US: pydash
CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1
are vuln ...)
- node-graphql <unfixed>
[bookworm] - node-graphql <no-dsa> (Minor issue)
@@ -35042,9 +35042,9 @@ CVE-2023-26144 (Versions of the package graphql from
16.3.0 and before 16.8.1 ar
NOTE: https://github.com/graphql/graphql-js/issues/3955
NOTE:
https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226
CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to
Arbitrar ...)
- TODO: check
+ NOT-FOR-US: Node blamer
CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP
Response Split ...)
- TODO: check
+ NOT-FOR-US: Crow
CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to
Denial ...)
- ruby-sidekiq <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107
@@ -35542,7 +35542,7 @@ CVE-2023-25991 (Cross-Site Request Forgery (CSRF)
vulnerability in RegistrationM
CVE-2023-25990
RESERVED
CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video
Importer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25988
RESERVED
CVE-2023-25987
@@ -35560,7 +35560,7 @@ CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web
Design | R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Vide ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Nate ...)
@@ -36077,7 +36077,7 @@ CVE-2023-25790
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tapf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali
Saphali Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wbol ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Thom ...)
@@ -36184,7 +36184,7 @@ CVE-2023-0830 (A vulnerability classified as critical
has been found in EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a
Cross-Site Scri ...)
NOT-FOR-US: Plesk
CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of
Pandora ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-0826
@@ -37492,7 +37492,7 @@ CVE-2023-25491 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerabilityin
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eric ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk
Update T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Duc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
PixTypes ...)
@@ -37544,7 +37544,7 @@ CVE-2023-25465 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Stre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi
Ramasamy WP te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP h ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nami ...)
@@ -38617,7 +38617,7 @@ CVE-2023-25027 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-25026
RESERVED
CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole
WP-Copy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Iceg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Sale ...)
@@ -39127,31 +39127,31 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress
plugin through 1.0.8 does not pr
CVE-2023-0601
RESERVED
CVE-2023-24855 (Memory corruption in Modem while processing security related
configura ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware
respons ...)
NOT-FOR-US: Qualcomm
CVE-2023-24853 (Memory Corruption in HLOS while registering for key
provisioning notif ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24852
RESERVED
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response
message from ...)
NOT-FOR-US: Qualcomm
CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key
into Key ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP
line in an ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE
call wit ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24846
RESERVED
CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access
Control core ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G
cell.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access
control. A ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2023-24841 (HGiga MailSherlock query function for connection log has a
vulnerabili ...)
@@ -40276,7 +40276,7 @@ CVE-2023-24520 (Two OS command injection vulnerability
exist in the vtysh_ubus t
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus
toolsh_ ...)
NOT-FOR-US: Milesight UR32L
CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora
FMS allow ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability
in the P ...)
NOT-FOR-US: Pandora FMS File Manager component
CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS
Special Da ...)
@@ -40290,7 +40290,7 @@ CVE-2023-23546 (A misconfiguration vulnerability exists
in the urvpn_client func
CVE-2023-0507 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in
its 2.61 ...)
- TODO: check
+ NOT-FOR-US: ByDemes Group Airspace CCTV Web Service
CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have
CSRF che ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF
check ...)
@@ -42379,7 +42379,7 @@ CVE-2023-23768
CVE-2023-23767
RESERVED
CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
@@ -43309,7 +43309,7 @@ CVE-2023-23497 (A logic issue was addressed with
improved state management. This
CVE-2023-23496 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-23495 (A permissions issue was addressed with improved redaction of
sensitive ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management.
This issue ...)
@@ -46172,7 +46172,7 @@ CVE-2023-22646
CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE
kubewarden allo ...)
NOT-FOR-US: kubewarden
CVE-2023-22644 (An Innsertion of Sensitive Information into Log File
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SUSE Manager Server Module
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
NOT-FOR-US: SAP
CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in
FortiAna ...)
@@ -46363,7 +46363,7 @@ CVE-2021-4301 (A vulnerability was found in slackero
phpwcms up to 1.9.26 and cl
CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and
classified a ...)
NOT-FOR-US: ghostlander Halcyon
CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia
WaveLit ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in
PowerDN ...)
- pdns-recursor 4.8.1-1 (bug #1029367)
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced
later)
@@ -46767,7 +46767,7 @@ CVE-2023-22517
CVE-2023-22516
RESERVED
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a
handful of cus ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2023-22514
RESERVED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
@@ -48460,13 +48460,13 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM
gets compromised in TX write
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW
request to all ...)
NOT-FOR-US: Qualcomm
CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT
VOLTE cal ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast
Message ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-22383
RESERVED
CVE-2023-22382 (Weak configuration in Automotive while VM is processing a
listener req ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version
2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47912
@@ -48480,11 +48480,11 @@ CVE-2022-47895 (In JetBrains IntelliJ IDEA before
2022.3.1 the "Validate JSP Fil
CVE-2022-47894
RESERVED
CVE-2022-47893 (There is a remote code execution vulnerability that affects
all versio ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated
remote attac ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the
MAC and se ...)
- TODO: check
+ NOT-FOR-US: NetMan 204
CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version
2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in
initial de ...)
@@ -49443,9 +49443,9 @@ CVE-2022-47564
CVE-2022-47563
RESERVED
CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port
(111), allowi ...)
- TODO: check
+ NOT-FOR-US: ekorCCP
CVE-2022-47561 (The web application stores credentials in clear text in the
"admin.xml ...)
- TODO: check
+ NOT-FOR-US: ekorCCP
CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices
allows ...)
NOT-FOR-US: ekorCCP and ekorRCI devices
CVE-2022-47559 (Lack of device control over web requests in ekorCCP and
ekorRCI, allow ...)
@@ -50033,7 +50033,7 @@ CVE-2023-22026
CVE-2023-22025
RESERVED
CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in
UEK has ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data
Management W ...)
@@ -52855,7 +52855,7 @@ CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Le
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy
Oxygen Build ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-46840
RESERVED
CVE-2022-46839
@@ -53206,7 +53206,7 @@ CVE-2022-4323 (The Analyticator WordPress plugin before
6.5.6 unserializes user
CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an
remote low p ...)
NOT-FOR-US: CODESYS
CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory
Corrupti ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel
playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671
@@ -62458,7 +62458,7 @@ CVE-2023-20821 (In nvram, there is a possible out of
bounds write due to a missi
CVE-2023-20820 (In wlan service, there is a possible command injection due to
improper ...)
NOT-FOR-US: MediaTek
CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write
due to a ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to
imprope ...)
NOT-FOR-US: MediaTek
CVE-2023-20817 (In wlan service, there is a possible out of bounds write due
to improp ...)
@@ -62961,13 +62961,13 @@ CVE-2023-20599
CVE-2023-20598
RESERVED
CVE-2023-20597 (Improper initialization of variables in the DXE driver may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20596
RESERVED
CVE-2023-20595
RESERVED
CVE-2023-20594 (Improper initialization of variables in the DXE driver may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific
microarchitectural ...)
{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1}
- linux 6.4.4-2
@@ -63680,7 +63680,7 @@ CVE-2023-20261
CVE-2023-20260
RESERVED
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified
Communica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20258
RESERVED
CVE-2023-20257
@@ -63728,7 +63728,7 @@ CVE-2023-20237 (A vulnerability in Cisco Intersight
Virtual Appliance could allo
CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR
software cou ...)
NOT-FOR-US: Cisco
CVE-2023-20235 (A vulnerability in the on-device application development
workflow feat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
NOT-FOR-US: Cisco FXOS Software
CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM)
feature of ...)
@@ -64004,7 +64004,7 @@ CVE-2023-20103 (A vulnerability in Cisco Secure Network
Analytics could allow an
CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco
Secure ...)
NOT-FOR-US: Cisco
CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an
unauthenti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of
the Contro ...)
NOT-FOR-US: Cisco
CVE-2023-20099
@@ -72308,7 +72308,7 @@ CVE-2022-3250 (Sensitive Cookie in HTTPS Session
Without 'Secure' Attribute in G
CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not
properly sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not
enforce ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress
plugin b ...)
@@ -85423,9 +85423,9 @@ CVE-2022-2462 (The Transposh WordPress Translation
plugin for WordPress is vulne
CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is
vulnerable ...)
NOT-FOR-US: Transposh WordPress Translation plugin for WordPress
CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and
'txtDescripcion' pa ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the
'SqlWhere' p ...)
- TODO: check
+ NOT-FOR-US: TCMAN GIM
CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly
escape us ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all
versions befor ...)
@@ -147326,7 +147326,7 @@ CVE-2021-3786 (A potential vulnerability in the SMI
callback function used in CS
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3784 (Garuda Linux performs an insecure user creation and
authentication tha ...)
- TODO: check
+ NOT-FOR-US: Garuda Linux
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
CVE-2021-3782 (An internal reference count is held on the buffer pool,
incremented ev ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e49d0371105e80dcce9d42f03a1733aa9c746789
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
