Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e62318c9 by Salvatore Bonaccorso at 2024-01-16T21:44:18+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio
would exec ...)
- TODO: check
+ NOT-FOR-US: Meta Spark Studio
CVE-2024-22628 (Budget and Expense Tracker System v1.0 is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: Budget and Expense Tracker System
CVE-2024-22627 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs
2.0 all ...)
TODO: check
CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been
declared as p ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in
net/ipv4/igmp. ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.66-1
@@ -26,163 +26,163 @@ CVE-2024-0582 (A memory leak flaw was found in the Linux
kernel\u2019s io_uring
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2504
NOTE:
https://git.kernel.org/linus/c392cbecd8eca4c53f2bf508731257d9d0a21c2d (6.7-rc4)
CVE-2024-0581 (An Uncontrolled Resource Consumption vulnerability has been
found on S ...)
- TODO: check
+ NOT-FOR-US: Sandsprite
CVE-2024-0579 (A vulnerability classified as critical was found in Totolink
X2000R 1. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0578 (A vulnerability classified as critical has been found in
Totolink LR12 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0577 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0576 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0575 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0574 (A vulnerability was found in Totolink LR1200GB
9.1.0u.6619_B20230130 a ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0573 (A vulnerability has been found in Totolink LR1200GB
9.1.0u.6619_B20230 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0572 (A vulnerability, which was classified as critical, was found in
Totoli ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0571 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0570 (A vulnerability classified as critical was found in Totolink
N350RT 9. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0569 (A vulnerability classified as problematic has been found in
Totolink T ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which
uses gnuTL ...)
TODO: check
CVE-2024-0556 (A Weak Cryptography for Passwords vulnerability has been
detected on W ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been
found on WI ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on
WIC1200, ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to
malformed c ...)
TODO: check
CVE-2024-0507 (An attacker with access to a Management Console user account
with the ...)
TODO: check
CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub
Enterprise ...)
TODO: check
CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA
client has ...)
- TODO: check
+ NOT-FOR-US: OPCUAServerToolkit
CVE-2023-7154 (The Hubbub Lite (formerly Grow Social) WordPress plugin before
1.32.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7151 (The Product Enquiry for WooCommerce WordPress plugin before 3.2
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7125 (The Community by PeepSo WordPress plugin before 6.3.1.2 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7084 (The Voting Record WordPress plugin through 2.0 is missing
sanitisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7083 (The Voting Record WordPress plugin through 2.0 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6824 (The WP Customer Area WordPress plugin before 8.2.1 does not
properly v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6741 (The WP Customer Area WordPress plugin before 8.2.1 does not
properly v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6732 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.16
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent
directory lis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not
sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
TODO: check
CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following')
vulnera ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-6292 (The Ecwid Ecommerce Shopping Cart WordPress plugin before
6.12.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6046 (The EventON WordPress plugin before 2.2 does not sanitise and
escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6005 (The EventON WordPress plugin before 4.5.5, EventON WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5922 (The Royal Elementor Addons and Templates WordPress plugin
before 1.3.8 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5558 (The LearnPress WordPress plugin before 4.2.5.5 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5097 (Improper Input Validation vulnerability in HYPR Workforce
Access on Wi ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-52116 (Permission management vulnerability in the multi-screen
interaction mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52115 (The iaware module has a Use-After-Free (UAF) vulnerability.
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52114 (Data confidentiality vulnerability in the ScreenReader module.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52108 (Vulnerability of process priorities being raised in the
ActivityManage ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52107 (Vulnerability of permissions being not strictly verified in
the WMS mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API
permission ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52105 (The nearby module has a privilege escalation vulnerability.
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52104 (Vulnerability of parameters being not verified in the WMS
module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52103 (Buffer overflow vulnerability in the FLP module. Successful
exploitati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52102 (Vulnerability of parameters being not verified in the WMS
module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52101 (Component exposure vulnerability in the Wi-Fi module.
Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52100 (The Celia Keyboard module has a vulnerability in access
control. Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52099 (Vulnerability of foreground service restrictions being
bypassed in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module.
Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719
allows a ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag
protectio ...)
TODO: check
CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel
(even fro ...)
TODO: check
CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4703 (The All in One B2B for WooCommerce WordPress plugin through
1.0.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4536 (The My Account Page Editor WordPress plugin before 1.3.2 does
not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49351 (A stack-based buffer overflow vulnerability in /bin/webs
binary in Edi ...)
- TODO: check
+ NOT-FOR-US: Edimax BR6478AC V2 firmware
CVE-2023-3771 (The T1 WordPress theme through 19.0 is vulnerable to
unauthenticated o ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3647 (The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3372 (The Lana Shortcodes WordPress plugin before 1.2.0 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3211 (The WordPress Database Administrator WordPress plugin through
1.0.3 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3178 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not
have prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37523 (Missing or insecure tags in the HCL BigFix Bare OSD Metal
Server WebUI ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37522 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower
has mis ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37521 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower
can som ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-34063 (Aria Automation contains a Missing Access Control
vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-2655 (The Contact Form by WD WordPress plugin through 1.13.23 does
not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4432 (A vulnerability was found in PCMan FTP Server 2.0.7. It has
been class ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP
Initial Seq ...)
- edk2 <unfixed>
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
@@ -38689,7 +38689,7 @@ CVE-2023-2253 (A flaw was found in the `/v2/_catalog`
endpoint in distribution/d
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
NOTE:
https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
CVE-2023-2252 (The Directorist WordPress plugin before 7.5.4 is vulnerable to
Local F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to
2.0.0-5.)
- node-yaml 2.1.3-2 (bug #1035580)
[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
@@ -47548,7 +47548,7 @@ CVE-2023-28327 (A NULL pointer dereference flaw was
found in the UNIX protocol i
CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected:
Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2023-1405 (The Formidable Forms WordPress plugin before 6.2 unserializes
user inp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to
stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored
Cross-Si ...)
@@ -55029,7 +55029,7 @@ CVE-2023-0826
CVE-2023-0825
RESERVED
CVE-2023-0824 (The User registration & user profile WordPress plugin through
2.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior
to Cave ...)
@@ -55699,7 +55699,7 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub
repository gpac/gpac prior
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE:
https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
CVE-2023-0769 (The hiWeb Migration Simple WordPress plugin through 2.0.0.1
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin
through 5.0. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25641
@@ -59287,7 +59287,7 @@ CVE-2023-22843 (An authenticated attacker with
administrative access to the appl
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-0479 (The Print Invoice & Delivery Notes for WooCommerce WordPress
plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0478
RESERVED
CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin
before ...)
@@ -61138,7 +61138,7 @@ CVE-2023-0394 (A NULL pointer dereference flaw was
found in rawv6_push_pending_f
CVE-2023-0390
RESERVED
CVE-2023-0389 (The Calculated Fields Form WordPress plugin before 1.1.151 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not
properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0387
@@ -61166,7 +61166,7 @@ CVE-2023-0378 (The Greenshift WordPress plugin before
5.0 does not validate and
CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0376 (The Qubely WordPress plugin before 1.8.5 does not validate and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not
valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not
validate and e ...)
@@ -62609,7 +62609,7 @@ CVE-2023-0225 (A flaw was found in Samba. An incomplete
access check on dnsHostN
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html
CVE-2023-0224 (The GiveWP WordPress plugin before 2.24.1 does not properly
escape use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with
`log_format` di ...)
@@ -64961,7 +64961,7 @@ CVE-2023-22667 (Memory Corruption in Audio while
allocating the ion buffer durin
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with
modified ...)
NOT-FOR-US: Qualcomm
CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not
validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through
1.65.0 are ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2023-0092
@@ -65071,7 +65071,7 @@ CVE-2023-0081 (The MonsterInsights WordPress plugin
before 8.12.1 does not valid
CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before
5.16.0 do ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0079 (The Customer Reviews for WooCommerce WordPress plugin before
5.17.0 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not
sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component
in Synol ...)
@@ -77489,7 +77489,7 @@ CVE-2022-45047 (Class
org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP
CVE-2022-45046
REJECTED
CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect
against C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to
Cross- ...)
NOT-FOR-US: WP Affiliate Platform plugin for WordPress
CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to
Stored ...)
@@ -79652,7 +79652,7 @@ CVE-2022-3838 (The WPUpper Share Buttons WordPress
plugin through 3.42 does not
CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3836 (The Seed Social WordPress plugin before 2.0.4 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not
sanitise and e ...)
@@ -79666,7 +79666,7 @@ CVE-2022-3831 (The reCAPTCHA WordPress plugin through
1.6 does not sanitise and
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3829 (The Font Awesome 4 Menus WordPress plugin through 4.7.0 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as
critica ...)
@@ -80260,7 +80260,7 @@ CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected
in GitHub repository thors
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3764 (The plugin does not filter the "delete_entries" parameter from
user re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
@@ -81298,7 +81298,7 @@ CVE-2022-3741 (Impact varies for each individual
vulnerability in the applicatio
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2022-3739 (The WP Best Quiz WordPress plugin through 1.0 does not sanitize
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to
download ...)
NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 me ...)
@@ -84702,7 +84702,7 @@ CVE-2022-3606 (A vulnerability was found in Linux
Kernel. It has been classified
CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not
properly es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3604 (The Contact Form Entries WordPress plugin before 1.3.0 does not
valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users
csv, ex ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate
verification, s ...)
@@ -92496,7 +92496,7 @@ CVE-2022-3195 (Out of bounds write in Storage in Google
Chrome prior to 105.0.51
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3194 (The Dokan WordPress plugin before 3.6.4 allows vendors to
inject arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS)
vulnerability w ...)
NOT-FOR-US: ovirt-engine
CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions
of EN6200 ...)
@@ -105442,7 +105442,7 @@ CVE-2022-2414 (Access to external entities when
parsing XML documents can lead t
NOTE: https://github.com/dogtagpki/pki/pull/4021
NOTE:
https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
CVE-2022-2413 (The Slide Anything WordPress plugin before 2.3.47 does not
properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not
sanitise and ...)
@@ -119162,7 +119162,7 @@ CVE-2022-1762 (The iQ Block Country WordPress plugin
before 1.2.20 does not prop
CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through
2.2.0 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1760 (The Core Control WordPress plugin through 1.2.1 does not have
CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not
have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1
does not ...)
@@ -121094,9 +121094,9 @@ CVE-2022-1619 (Heap-based Buffer Overflow in function
cmdline_erase_chars in Git
NOTE:
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe
(v8.2.4899)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1618 (The Coru LFMember WordPress plugin through 1.0.2 does not have
CSRF ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1617 (The WP-Invoice WordPress plugin through 4.3.1 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity
is used ...)
- brave-browser <itp> (bug #864795)
CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory
traversal ...)
@@ -121230,7 +121230,7 @@ CVE-2022-1611 (The Bulk Page Creator WordPress plugin
before 1.1.4 does not prot
CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not
have CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1609 (The School Management WordPress plugin before 9.9.7 contains an
obfusc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar
Plus Sys ...)
@@ -121732,7 +121732,7 @@ CVE-2022-1565 (The plugin WP All Import is vulnerable
to arbitrary file uploads
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1563 (The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does
not prev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise
uploade ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE
versions ...)
@@ -122332,7 +122332,7 @@ CVE-2022-1540 (The PostmagThemes Demo Import
WordPress plugin through 1.0.7 does
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not
sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1538 (Theme Demo Import WordPress plugin before 1.1.1 does not
validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race
condit ...)
{DLA-3383-1}
- grunt 1.5.3-1
@@ -122370,7 +122370,7 @@ CVE-2022-1528 (The VikBooking Hotel Booking Engine &
PMS WordPress plugin before
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4227 (The ark-commenteditor WordPress plugin through 2.15.6 does not
properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client
22.4.0043 ...)
NOT-FOR-US: Fabasoft
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before
6f9c8fb868345701d ...)
@@ -133592,7 +133592,7 @@ CVE-2022-0777 (Weak Password Recovery Mechanism for
Forgotten Password in GitHub
CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository
hakimel/reveal.j ...)
NOT-FOR-US: hakimel/reveal.js
CVE-2022-0775 (The WooCommerce WordPress plugin before 6.2.1 does not have
proper aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0774
RESERVED
CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize
and es ...)
@@ -139854,7 +139854,7 @@ CVE-2022-0404 (The Material Design for Contact Form 7
WordPress plugin through 2
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using
an out ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0402 (The Super Forms - Drag & Drop Form Builder WordPress plugin
before 6.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.)
NOT-FOR-US: Node w-zip
CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux
kernel in ...)
@@ -143658,9 +143658,9 @@ CVE-2022-23181 (The fix for bug CVE-2020-9484
introduced a time of check, time o
NOTE:
https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
(8.5.74)
NOTE: Issue introduced by the fix for CVE-2020-9484
CVE-2022-23180 (The Contact Form & Lead Form Elementor Builder WordPress
plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23179 (The Contact Form & Lead Form Elementor Builder WordPress
plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-21199 (An information disclosure vulnerability exists due to the
hardcoded TL ...)
NOT-FOR-US: Reolink
CVE-2022-0217 (It was discovered that an internal Prosody library to load XML
based o ...)
@@ -206747,7 +206747,7 @@ CVE-2021-25119 (The AGIL WordPress plugin through 1.0
accepts all zip files and
CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2)
disclos ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25117 (The WP-PostRatings WordPress plugin before 1.86.1 does not
sanitise th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not
have auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was
vulnerable ...)
@@ -207241,9 +207241,9 @@ CVE-2021-24872 (The Get Custom Field Values WordPress
plugin before 4.0 allows u
CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does
not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24870 (The WP Fastest Cache WordPress plugin before 0.9.5 is lacking
a CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24869 (The WP Fastest Cache WordPress plugin before 0.9.5 does not
escape use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a
AJAX ac ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka
Access Ke ...)
@@ -207847,9 +207847,9 @@ CVE-2021-24569 (The Cookie Notice & Compliance for
GDPR / CCPA WordPress plugin
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does
not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24567 (The Simple Post WordPress plugin through 1.1 does not sanitize
user in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24566 (The WooCommerce Currency Switcher FOX WordPress plugin before
1.3.7 wa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225
does not sa ...)
@@ -207863,7 +207863,7 @@ CVE-2021-24561 (The WP SMS WordPress plugin before
5.4.13 does not sanitise the
CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8
does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24559 (The Qyrr WordPress plugin before 0.7 does not escape the
data-uri of t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the
Project Stat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id
POST parame ...)
@@ -208115,9 +208115,9 @@ CVE-2021-24435 (The iframe-font-preview.php file of
the titan-framework does not
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or
escape i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24433 (The simple sort&search WordPress plugin through 0.0.3 does not
make su ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24432 (The Advanced AJAX Product Filters WordPress plugin does not
sanitise t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not
have an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24430 (The Speed Booster Pack \u26a1 PageSpeed Optimization Suite
WordPress p ...)
@@ -208679,7 +208679,7 @@ CVE-2021-24153 (A Stored Cross-Site Scripting
vulnerability was discovered in th
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24151 (The WP Editor WordPress plugin before 1.2.7 did not sanitise
or valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating \u2665 LikeBtn
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress
plugin, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e62318c99d91f751a748e3e7a7c330370efa380e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e62318c99d91f751a748e3e7a7c330370efa380e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
