Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24a7c4e7 by security tracker role at 2024-01-16T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,40 +1,216 @@
-CVE-2023-45237 [Use of a Weak PseudoRandom Number Generator]
+CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio
would exec ...)
+ TODO: check
+CVE-2024-22628 (Budget and Expense Tracker System v1.0 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2024-22627 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
+CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs
2.0 all ...)
+ TODO: check
+CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been
declared as p ...)
+ TODO: check
+CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in
net/ipv4/igmp. ...)
+ TODO: check
+CVE-2024-0582 (A memory leak flaw was found in the Linux kernel\u2019s
io_uring funct ...)
+ TODO: check
+CVE-2024-0581 (An Uncontrolled Resource Consumption vulnerability has been
found on S ...)
+ TODO: check
+CVE-2024-0579 (A vulnerability classified as critical was found in Totolink
X2000R 1. ...)
+ TODO: check
+CVE-2024-0578 (A vulnerability classified as critical has been found in
Totolink LR12 ...)
+ TODO: check
+CVE-2024-0577 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0576 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0575 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0574 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130 a ...)
+ TODO: check
+CVE-2024-0573 (A vulnerability has been found in Totolink LR1200GB
9.1.0u.6619_B20230 ...)
+ TODO: check
+CVE-2024-0572 (A vulnerability, which was classified as critical, was found in
Totoli ...)
+ TODO: check
+CVE-2024-0571 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-0570 (A vulnerability classified as critical was found in Totolink
N350RT 9. ...)
+ TODO: check
+CVE-2024-0569 (A vulnerability classified as problematic has been found in
Totolink T ...)
+ TODO: check
+CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which
uses gnuTL ...)
+ TODO: check
+CVE-2024-0556 (A Weak Cryptography for Passwords vulnerability has been
detected on W ...)
+ TODO: check
+CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been
found on WI ...)
+ TODO: check
+CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on
WIC1200, ...)
+ TODO: check
+CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to
malformed c ...)
+ TODO: check
+CVE-2024-0507 (An attacker with access to a Management Console user account
with the ...)
+ TODO: check
+CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does
not sa ...)
+ TODO: check
+CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub
Enterprise ...)
+ TODO: check
+CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does
not sanit ...)
+ TODO: check
+CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA
client has ...)
+ TODO: check
+CVE-2023-7154 (The Hubbub Lite (formerly Grow Social) WordPress plugin before
1.32.0 ...)
+ TODO: check
+CVE-2023-7151 (The Product Enquiry for WooCommerce WordPress plugin before 3.2
does n ...)
+ TODO: check
+CVE-2023-7125 (The Community by PeepSo WordPress plugin before 6.3.1.2 does
not have ...)
+ TODO: check
+CVE-2023-7084 (The Voting Record WordPress plugin through 2.0 is missing
sanitisation ...)
+ TODO: check
+CVE-2023-7083 (The Voting Record WordPress plugin through 2.0 does not have
CSRF chec ...)
+ TODO: check
+CVE-2023-6824 (The WP Customer Area WordPress plugin before 8.2.1 does not
properly v ...)
+ TODO: check
+CVE-2023-6741 (The WP Customer Area WordPress plugin before 8.2.1 does not
properly v ...)
+ TODO: check
+CVE-2023-6732 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.16
does not ...)
+ TODO: check
+CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent
directory lis ...)
+ TODO: check
+CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not
sanitize ...)
+ TODO: check
+CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
+ TODO: check
+CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
+ TODO: check
+CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
+ TODO: check
+CVE-2023-6292 (The Ecwid Ecommerce Shopping Cart WordPress plugin before
6.12.5 does ...)
+ TODO: check
+CVE-2023-6046 (The EventON WordPress plugin before 2.2 does not sanitise and
escape s ...)
+ TODO: check
+CVE-2023-6005 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
+ TODO: check
+CVE-2023-5922 (The Royal Elementor Addons and Templates WordPress plugin
before 1.3.8 ...)
+ TODO: check
+CVE-2023-5558 (The LearnPress WordPress plugin before 4.2.5.5 does not
sanitise and e ...)
+ TODO: check
+CVE-2023-5097 (Improper Input Validation vulnerability in HYPR Workforce
Access on Wi ...)
+ TODO: check
+CVE-2023-52116 (Permission management vulnerability in the multi-screen
interaction mo ...)
+ TODO: check
+CVE-2023-52115 (The iaware module has a Use-After-Free (UAF) vulnerability.
Successful ...)
+ TODO: check
+CVE-2023-52114 (Data confidentiality vulnerability in the ScreenReader module.
Success ...)
+ TODO: check
+CVE-2023-52108 (Vulnerability of process priorities being raised in the
ActivityManage ...)
+ TODO: check
+CVE-2023-52107 (Vulnerability of permissions being not strictly verified in
the WMS mo ...)
+ TODO: check
+CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API
permission ...)
+ TODO: check
+CVE-2023-52105 (The nearby module has a privilege escalation vulnerability.
Successful ...)
+ TODO: check
+CVE-2023-52104 (Vulnerability of parameters being not verified in the WMS
module. Succ ...)
+ TODO: check
+CVE-2023-52103 (Buffer overflow vulnerability in the FLP module. Successful
exploitati ...)
+ TODO: check
+CVE-2023-52102 (Vulnerability of parameters being not verified in the WMS
module. Succ ...)
+ TODO: check
+CVE-2023-52101 (Component exposure vulnerability in the Wi-Fi module.
Successful explo ...)
+ TODO: check
+CVE-2023-52100 (The Celia Keyboard module has a vulnerability in access
control. Succe ...)
+ TODO: check
+CVE-2023-52099 (Vulnerability of foreground service restrictions being
bypassed in the ...)
+ TODO: check
+CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module.
Successful ex ...)
+ TODO: check
+CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719
allows a ...)
+ TODO: check
+CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag
protectio ...)
+ TODO: check
+CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel
(even fro ...)
+ TODO: check
+CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly
escape ...)
+ TODO: check
+CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory
WordPress ...)
+ TODO: check
+CVE-2023-4703 (The All in One B2B for WooCommerce WordPress plugin through
1.0.3 does ...)
+ TODO: check
+CVE-2023-4536 (The My Account Page Editor WordPress plugin before 1.3.2 does
not vali ...)
+ TODO: check
+CVE-2023-49351 (A stack-based buffer overflow vulnerability in /bin/webs
binary in Edi ...)
+ TODO: check
+CVE-2023-3771 (The T1 WordPress theme through 19.0 is vulnerable to
unauthenticated o ...)
+ TODO: check
+CVE-2023-3647 (The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not
sanitis ...)
+ TODO: check
+CVE-2023-3372 (The Lana Shortcodes WordPress plugin before 1.2.0 does not
validate an ...)
+ TODO: check
+CVE-2023-3211 (The WordPress Database Administrator WordPress plugin through
1.0.3 do ...)
+ TODO: check
+CVE-2023-3178 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not
have prope ...)
+ TODO: check
+CVE-2023-37523 (Missing or insecure tags in the HCL BigFix Bare OSD Metal
Server WebUI ...)
+ TODO: check
+CVE-2023-37522 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower
has mis ...)
+ TODO: check
+CVE-2023-37521 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower
can som ...)
+ TODO: check
+CVE-2023-34063 (Aria Automation contains a Missing Access Control
vulnerability. An ...)
+ TODO: check
+CVE-2023-2655 (The Contact Form by WD WordPress plugin through 1.13.23 does
not prope ...)
+ TODO: check
+CVE-2021-4432 (A vulnerability was found in PCMan FTP Server 2.0.7. It has
been class ...)
+ TODO: check
+CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP
Initial Seq ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45236 [Predictable TCP Initial Sequence Numbers]
+CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP
Initial Seq ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45235 [Buffer overflow when handling Server ID option from a DHCPv6
proxy Advertise message]
+CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45234 [Buffer overflow when processing DNS Servers option in a DHCPv6
Advertise message]
+CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45233 [Infinite loop when parsing a PadN option in the Destination
Options header]
+CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop
vulnerability ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45232 [Infinite loop when parsing unknown options in the Destination
Options header]
+CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop
vulnerabilit ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45231 [Out of Bounds read when handling a ND Redirect message with
truncated options]
+CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45230 [Buffer overflow in the DHCPv6 client via a long Server ID
option]
+CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45229 [Integer underflow when processing IA_NA/IA_TA options in a
DHCPv6 Advertise message]
+CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-6395
+CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker
could p ...)
- mock <removed>
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/1
NOTE:
https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69
@@ -453,7 +629,7 @@ CVE-2023-50290 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
CVE-2023-46749 (Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible
to a pa ...)
- shiro <unfixed> (bug #1060754)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/2
-CVE-2024-0232 [use-after-free bug in jsonParseAddNodeArray]
+CVE-2024-0232 (A heap use-after-free issue has been identified in SQLite in
the jsonP ...)
- sqlite3 3.43.2-1
[bullseye] - sqlite3 <not-affected> (Vulnerable code not present)
[buster] - sqlite3 <not-affected> (Vulnerable code not present)
@@ -38503,8 +38679,8 @@ CVE-2023-2253 (A flaw was found in the `/v2/_catalog`
endpoint in distribution/d
NOTE: Fixed by:
https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54
(v2.8.2-beta.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
NOTE:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
-CVE-2023-2252
- RESERVED
+CVE-2023-2252 (The Directorist WordPress plugin before 7.5.4 is vulnerable to
Local F ...)
+ TODO: check
CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to
2.0.0-5.)
- node-yaml 2.1.3-2 (bug #1035580)
[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
@@ -47362,8 +47538,8 @@ CVE-2023-28327 (A NULL pointer dereference flaw was
found in the UNIX protocol i
NOTE:
https://git.kernel.org/linus/b3abe42e94900bdd045c472f9c9be620ba5ce553 (6.1)
CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected:
Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2023-1405
- RESERVED
+CVE-2023-1405 (The Formidable Forms WordPress plugin before 6.2 unserializes
user inp ...)
+ TODO: check
CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to
stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored
Cross-Si ...)
@@ -54843,8 +55019,8 @@ CVE-2023-0826
RESERVED
CVE-2023-0825
RESERVED
-CVE-2023-0824
- RESERVED
+CVE-2023-0824 (The User registration & user profile WordPress plugin through
2.0 does ...)
+ TODO: check
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior
to Cave ...)
@@ -55513,8 +55689,8 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub
repository gpac/gpac prior
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE:
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
-CVE-2023-0769
- RESERVED
+CVE-2023-0769 (The hiWeb Migration Simple WordPress plugin through 2.0.0.1
does not s ...)
+ TODO: check
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin
through 5.0. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25641
@@ -59101,8 +59277,8 @@ CVE-2023-22843 (An authenticated attacker with
administrative access to the appl
NOT-FOR-US: Nozomi Networks
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
NOT-FOR-US: Nozomi Networks
-CVE-2023-0479
- RESERVED
+CVE-2023-0479 (The Print Invoice & Delivery Notes for WooCommerce WordPress
plugin be ...)
+ TODO: check
CVE-2023-0478
RESERVED
CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin
before ...)
@@ -60952,8 +61128,8 @@ CVE-2023-0394 (A NULL pointer dereference flaw was
found in rawv6_push_pending_f
NOTE:
https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
CVE-2023-0390
RESERVED
-CVE-2023-0389
- RESERVED
+CVE-2023-0389 (The Calculated Fields Form WordPress plugin before 1.1.151 does
not sa ...)
+ TODO: check
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not
properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0387
@@ -60980,8 +61156,8 @@ CVE-2023-0378 (The Greenshift WordPress plugin before
5.0 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2
does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0376
- RESERVED
+CVE-2023-0376 (The Qubely WordPress plugin before 1.8.5 does not validate and
escape ...)
+ TODO: check
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not
validate and e ...)
@@ -62423,8 +62599,8 @@ CVE-2023-0226
CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on
dnsHostName a ...)
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html
-CVE-2023-0224
- RESERVED
+CVE-2023-0224 (The GiveWP WordPress plugin before 2.24.1 does not properly
escape use ...)
+ TODO: check
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with
`log_format` di ...)
@@ -64775,8 +64951,8 @@ CVE-2023-22667 (Memory Corruption in Audio while
allocating the ion buffer durin
NOT-FOR-US: Qualcomm
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with
modified ...)
NOT-FOR-US: Qualcomm
-CVE-2023-0094
- RESERVED
+CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not
validat ...)
+ TODO: check
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through
1.65.0 are ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2023-0092
@@ -64885,8 +65061,8 @@ CVE-2023-0081 (The MonsterInsights WordPress plugin
before 8.12.1 does not valid
NOT-FOR-US: WordPress plugin
CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before
5.16.0 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0079
- RESERVED
+CVE-2023-0079 (The Customer Reviews for WooCommerce WordPress plugin before
5.17.0 do ...)
+ TODO: check
CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not
sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component
in Synol ...)
@@ -65406,12 +65582,12 @@ CVE-2023-22529
RESERVED
CVE-2023-22528
RESERVED
-CVE-2023-22527 (Summary of Vulnerability A template injection vulnerability on
older v ...)
+CVE-2023-22527 (A template injection vulnerability on older versions of
Confluence Dat ...)
NOT-FOR-US: Atlassian Confluence Data Center and Server
CVE-2023-22526 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
NOT-FOR-US: Atlassian Confluence Data Center
CVE-2023-22525
- RESERVED
+ REJECTED
CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were
affecte ...)
NOT-FOR-US: Atlassian
CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to
perform privil ...)
@@ -65421,7 +65597,7 @@ CVE-2023-22522 (This Template Injection vulnerability
allows an authenticated at
CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
NOT-FOR-US: Crowd Data Center and Server
CVE-2023-22520
- RESERVED
+ REJECTED
CVE-2023-22519
RESERVED
CVE-2023-22518 (All versions of Confluence Data Center and Server are affected
by this ...)
@@ -65433,21 +65609,21 @@ CVE-2023-22516 (This High severity RCE (Remote Code
Execution) vulnerability was
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a
handful of cus ...)
NOT-FOR-US: Atlassian
CVE-2023-22514
- RESERVED
+ REJECTED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
NOT-FOR-US: Bitbucket Data Center and Server
CVE-2023-22512
- RESERVED
+ REJECTED
CVE-2023-22511
RESERVED
CVE-2023-22510
- RESERVED
+ REJECTED
CVE-2023-22509
RESERVED
CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability
known as ...)
NOT-FOR-US: Atlassian
CVE-2023-22507
- RESERVED
+ REJECTED
CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution)
vulnerabi ...)
NOT-FOR-US: Atlassian
CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability
known as ...)
@@ -65457,7 +65633,7 @@ CVE-2023-22504 (Affected versions of Atlassian
Confluence Server allow remote at
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
NOT-FOR-US: Atlassian
CVE-2023-22502
- RESERVED
+ REJECTED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service
Managem ...)
NOT-FOR-US: Atlassian
CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository
linagora/twak ...)
@@ -77303,8 +77479,8 @@ CVE-2022-45047 (Class
org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP
NOT-FOR-US: Apache Mina SSHD
CVE-2022-45046
REJECTED
-CVE-2022-3899
- RESERVED
+CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect
against C ...)
+ TODO: check
CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to
Cross- ...)
NOT-FOR-US: WP Affiliate Platform plugin for WordPress
CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to
Stored ...)
@@ -79466,8 +79642,8 @@ CVE-2022-3838 (The WPUpper Share Buttons WordPress
plugin through 3.42 does not
NOT-FOR-US: WordPress plugin
CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3836
- RESERVED
+CVE-2022-3836 (The Seed Social WordPress plugin before 2.0.4 does not sanitise
and es ...)
+ TODO: check
CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not
sanitise and e ...)
@@ -79480,8 +79656,8 @@ CVE-2022-3831 (The reCAPTCHA WordPress plugin through
1.6 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3829
- RESERVED
+CVE-2022-3829 (The Font Awesome 4 Menus WordPress plugin through 4.7.0 does
not sanit ...)
+ TODO: check
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as
critica ...)
@@ -80074,8 +80250,8 @@ CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected
in GitHub repository thors
NOT-FOR-US: phpmyfaq
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
-CVE-2022-3764
- RESERVED
+CVE-2022-3764 (The plugin does not filter the "delete_entries" parameter from
user re ...)
+ TODO: check
CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
@@ -81112,8 +81288,8 @@ CVE-2022-3741 (Impact varies for each individual
vulnerability in the applicatio
NOT-FOR-US: chatwoot
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-3739
- RESERVED
+CVE-2022-3739 (The WP Best Quiz WordPress plugin through 1.0 does not sanitize
and es ...)
+ TODO: check
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to
download ...)
NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 me ...)
@@ -84516,8 +84692,8 @@ CVE-2022-3606 (A vulnerability was found in Linux
Kernel. It has been classified
NOTE: Fixed by:
https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671
(v1.1.0)
CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not
properly es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3604
- RESERVED
+CVE-2022-3604 (The Contact Form Entries WordPress plugin before 1.3.0 does not
valida ...)
+ TODO: check
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users
csv, ex ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate
verification, s ...)
@@ -92310,8 +92486,8 @@ CVE-2022-3195 (Out of bounds write in Storage in Google
Chrome prior to 105.0.51
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3194
- RESERVED
+CVE-2022-3194 (The Dokan WordPress plugin before 3.6.4 allows vendors to
inject arbit ...)
+ TODO: check
CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS)
vulnerability w ...)
NOT-FOR-US: ovirt-engine
CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions
of EN6200 ...)
@@ -105256,8 +105432,8 @@ CVE-2022-2414 (Access to external entities when
parsing XML documents can lead t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
NOTE: https://github.com/dogtagpki/pki/pull/4021
NOTE:
https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
-CVE-2022-2413
- RESERVED
+CVE-2022-2413 (The Slide Anything WordPress plugin before 2.3.47 does not
properly sa ...)
+ TODO: check
CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not
sanitise and ...)
@@ -118976,8 +119152,8 @@ CVE-2022-1762 (The iQ Block Country WordPress plugin
before 1.2.20 does not prop
NOT-FOR-US: WordPress plugin
CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through
2.2.0 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1760
- RESERVED
+CVE-2022-1760 (The Core Control WordPress plugin through 1.2.1 does not have
CSRF che ...)
+ TODO: check
CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not
have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1
does not ...)
@@ -120908,10 +121084,10 @@ CVE-2022-1619 (Heap-based Buffer Overflow in
function cmdline_erase_chars in Git
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
NOTE:
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe
(v8.2.4899)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1618
- RESERVED
-CVE-2022-1617
- RESERVED
+CVE-2022-1618 (The Coru LFMember WordPress plugin through 1.0.2 does not have
CSRF ch ...)
+ TODO: check
+CVE-2022-1617 (The WP-Invoice WordPress plugin through 4.3.1 does not have
CSRF check ...)
+ TODO: check
CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity
is used ...)
- brave-browser <itp> (bug #864795)
CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory
traversal ...)
@@ -121044,8 +121220,8 @@ CVE-2022-1611 (The Bulk Page Creator WordPress plugin
before 1.1.4 does not prot
NOT-FOR-US: WordPress plugin
CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not
have CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1609
- RESERVED
+CVE-2022-1609 (The School Management WordPress plugin before 9.9.7 contains an
obfusc ...)
+ TODO: check
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar
Plus Sys ...)
@@ -121546,8 +121722,8 @@ CVE-2022-1565 (The plugin WP All Import is vulnerable
to arbitrary file uploads
NOT-FOR-US: WordPress plugin
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does
not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1563
- RESERVED
+CVE-2022-1563 (The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does
not prev ...)
+ TODO: check
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise
uploade ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE
versions ...)
@@ -122146,8 +122322,8 @@ CVE-2022-1540 (The PostmagThemes Demo Import
WordPress plugin through 1.0.7 does
NOT-FOR-US: WordPress plugin
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not
sanitiz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1538
- RESERVED
+CVE-2022-1538 (Theme Demo Import WordPress plugin before 1.1.1 does not
validate the ...)
+ TODO: check
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race
condit ...)
{DLA-3383-1}
- grunt 1.5.3-1
@@ -122184,8 +122360,8 @@ CVE-2022-1528 (The VikBooking Hotel Booking Engine &
PMS WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-4227
- RESERVED
+CVE-2021-4227 (The ark-commenteditor WordPress plugin through 2.15.6 does not
properl ...)
+ TODO: check
CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client
22.4.0043 ...)
NOT-FOR-US: Fabasoft
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before
6f9c8fb868345701d ...)
@@ -133406,8 +133582,8 @@ CVE-2022-0777 (Weak Password Recovery Mechanism for
Forgotten Password in GitHub
NOT-FOR-US: microweber
CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository
hakimel/reveal.j ...)
NOT-FOR-US: hakimel/reveal.js
-CVE-2022-0775
- RESERVED
+CVE-2022-0775 (The WooCommerce WordPress plugin before 6.2.1 does not have
proper aut ...)
+ TODO: check
CVE-2022-0774
RESERVED
CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize
and es ...)
@@ -139668,8 +139844,8 @@ CVE-2022-0404 (The Material Design for Contact Form 7
WordPress plugin through 2
NOT-FOR-US: WordPress plugin
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using
an out ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0402
- RESERVED
+CVE-2022-0402 (The Super Forms - Drag & Drop Form Builder WordPress plugin
before 6.0 ...)
+ TODO: check
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.)
NOT-FOR-US: Node w-zip
CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux
kernel in ...)
@@ -143472,10 +143648,10 @@ CVE-2022-23181 (The fix for bug CVE-2020-9484
introduced a time of check, time o
NOTE:
https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e
(9.0.57)
NOTE:
https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
(8.5.74)
NOTE: Issue introduced by the fix for CVE-2020-9484
-CVE-2022-23180
- RESERVED
-CVE-2022-23179
- RESERVED
+CVE-2022-23180 (The Contact Form & Lead Form Elementor Builder WordPress
plugin before ...)
+ TODO: check
+CVE-2022-23179 (The Contact Form & Lead Form Elementor Builder WordPress
plugin before ...)
+ TODO: check
CVE-2022-21199 (An information disclosure vulnerability exists due to the
hardcoded TL ...)
NOT-FOR-US: Reolink
CVE-2022-0217 (It was discovered that an internal Prosody library to load XML
based o ...)
@@ -206561,8 +206737,8 @@ CVE-2021-25119 (The AGIL WordPress plugin through 1.0
accepts all zip files and
NOT-FOR-US: WordPress plugin
CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2)
disclos ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25117
- RESERVED
+CVE-2021-25117 (The WP-PostRatings WordPress plugin before 1.86.1 does not
sanitise th ...)
+ TODO: check
CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not
have auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was
vulnerable ...)
@@ -207055,10 +207231,10 @@ CVE-2021-24872 (The Get Custom Field Values
WordPress plugin before 4.0 allows u
NOT-FOR-US: WordPress plugin
CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does
not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24870
- RESERVED
-CVE-2021-24869
- RESERVED
+CVE-2021-24870 (The WP Fastest Cache WordPress plugin before 0.9.5 is lacking
a CSRF c ...)
+ TODO: check
+CVE-2021-24869 (The WP Fastest Cache WordPress plugin before 0.9.5 does not
escape use ...)
+ TODO: check
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a
AJAX ac ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka
Access Ke ...)
@@ -207661,10 +207837,10 @@ CVE-2021-24569 (The Cookie Notice & Compliance for
GDPR / CCPA WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does
not san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24567
- RESERVED
-CVE-2021-24566
- RESERVED
+CVE-2021-24567 (The Simple Post WordPress plugin through 1.1 does not sanitize
user in ...)
+ TODO: check
+CVE-2021-24566 (The WooCommerce Currency Switcher FOX WordPress plugin before
1.3.7 wa ...)
+ TODO: check
CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225
does not sa ...)
@@ -207677,8 +207853,8 @@ CVE-2021-24561 (The WP SMS WordPress plugin before
5.4.13 does not sanitise the
NOT-FOR-US: WordPress plugin
CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8
does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24559
- RESERVED
+CVE-2021-24559 (The Qyrr WordPress plugin before 0.7 does not escape the
data-uri of t ...)
+ TODO: check
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the
Project Stat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id
POST parame ...)
@@ -207929,10 +208105,10 @@ CVE-2021-24435 (The iframe-font-preview.php file of
the titan-framework does not
NOT-FOR-US: WordPress plugin
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or
escape i ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24433
- RESERVED
-CVE-2021-24432
- RESERVED
+CVE-2021-24433 (The simple sort&search WordPress plugin through 0.0.3 does not
make su ...)
+ TODO: check
+CVE-2021-24432 (The Advanced AJAX Product Filters WordPress plugin does not
sanitise t ...)
+ TODO: check
CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not
have an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24430 (The Speed Booster Pack \u26a1 PageSpeed Optimization Suite
WordPress p ...)
@@ -208493,8 +208669,8 @@ CVE-2021-24153 (A Stored Cross-Site Scripting
vulnerability was discovered in th
NOT-FOR-US: WordPress plugin
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was
vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24151
- RESERVED
+CVE-2021-24151 (The WP Editor WordPress plugin before 1.2.7 did not sanitise
or valida ...)
+ TODO: check
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating \u2665 LikeBtn
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress
plugin, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a7c4e7cb3194227c8d4048117c3696d90047ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a7c4e7cb3194227c8d4048117c3696d90047ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
