[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 4 21:10:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c442101f by security tracker role at 2023-04-04T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2023-29272
+ RESERVED
+CVE-2023-29271
+ RESERVED
+CVE-2023-29270
+ RESERVED
+CVE-2023-29269
+ RESERVED
+CVE-2023-29268
+ RESERVED
+CVE-2023-29267
+ RESERVED
+CVE-2023-29266
+ RESERVED
+CVE-2023-29265
+ RESERVED
+CVE-2023-29264
+ RESERVED
+CVE-2023-29263
+ RESERVED
+CVE-2023-29262
+ RESERVED
+CVE-2023-29261
+ RESERVED
+CVE-2023-29260
+ RESERVED
+CVE-2023-29259
+ RESERVED
+CVE-2023-29258
+ RESERVED
+CVE-2023-29257
+ RESERVED
+CVE-2023-29256
+ RESERVED
+CVE-2023-29255
+ RESERVED
+CVE-2023-29254
+ RESERVED
+CVE-2023-29253
+ RESERVED
+CVE-2023-29252
+ RESERVED
+CVE-2023-29251
+ RESERVED
+CVE-2023-29250
+ RESERVED
+CVE-2023-29249
+ RESERVED
+CVE-2023-29248
+ RESERVED
+CVE-2023-29247
+ RESERVED
+CVE-2023-29246
+ RESERVED
+CVE-2023-29239
+ RESERVED
+CVE-2023-29238
+ RESERVED
+CVE-2023-29237
+ RESERVED
+CVE-2023-29236
+ RESERVED
+CVE-2023-29235
+ RESERVED
+CVE-2023-29234
+ RESERVED
+CVE-2023-23581
+ RESERVED
+CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-1839
+ RESERVED
+CVE-2023-1838
+ RESERVED
+CVE-2023-1837
+ RESERVED
+CVE-2023-1836
+ RESERVED
+CVE-2023-1835
+ RESERVED
+CVE-2023-1834
+ RESERVED
+CVE-2023-1833
+ RESERVED
+CVE-2023-1832
+ RESERVED
+CVE-2023-1831
+ RESERVED
+CVE-2023-1830
+ RESERVED
+CVE-2023-1829
+ RESERVED
+CVE-2023-1828
+ RESERVED
+CVE-2023-1827 (A vulnerability has been found in SourceCodester Centralized Covid Vac ...)
+ TODO: check
+CVE-2023-1826 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1825
+ RESERVED
+CVE-2022-48435 (In JetBrains PhpStorm before 2023.1 source code could be logged in the ...)
+ TODO: check
CVE-2023-29233
RESERVED
CVE-2023-29232
@@ -488,16 +590,16 @@ CVE-2023-1754 (Improper Input Validation in GitHub repository thorsten/phpmyfaq
NOT-FOR-US: phpmyfaq
CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
-CVE-2023-1752
- RESERVED
-CVE-2023-1751
- RESERVED
-CVE-2023-1750
- RESERVED
-CVE-2023-1749
- RESERVED
-CVE-2023-1748
- RESERVED
+CVE-2023-1752 (The listed versions of Nexx Smart Home devices could allow any user to ...)
+ TODO: check
+CVE-2023-1751 (The listed versions of Nexx Smart Home devices use a WebSocket server ...)
+ TODO: check
+CVE-2023-1750 (The listed versions of Nexx Smart Home devices lack proper access cont ...)
+ TODO: check
+CVE-2023-1749 (The listed versions of Nexx Smart Home devices lack proper access cont ...)
+ TODO: check
+CVE-2023-1748 (The listed versions of Nexx Smart Home devices use hard-coded credenti ...)
+ TODO: check
CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...)
NOT-FOR-US: IBOS
CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...)
@@ -590,8 +692,8 @@ CVE-2023-1730
RESERVED
CVE-2023-1729
RESERVED
-CVE-2023-1728
- RESERVED
+CVE-2023-1728 (Unrestricted Upload of File with Dangerous Type vulnerability in Fernu ...)
+ TODO: check
CVE-2023-1727
RESERVED
CVE-2023-1726
@@ -694,14 +796,14 @@ CVE-2023-29002
RESERVED
CVE-2023-29001
RESERVED
-CVE-2023-29000
- RESERVED
-CVE-2023-28999
- RESERVED
-CVE-2023-28998
- RESERVED
-CVE-2023-28997
- RESERVED
+CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
+CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...)
+ TODO: check
+CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
+CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ TODO: check
CVE-2023-28996
RESERVED
CVE-2023-28995
@@ -934,17 +1036,17 @@ CVE-2023-28744
RESERVED
CVE-2023-1672
RESERVED
-CVE-2023-1671
- RESERVED
+CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed handler ...)
+ TODO: check
CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
CVE-2023-1669
RESERVED
-CVE-2022-4934
- RESERVED
-CVE-2020-36692
- RESERVED
+CVE-2022-4934 (A post-auth command injection vulnerability in the exception wizard of ...)
+ TODO: check
+CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...)
+ TODO: check
CVE-2023-28934
RESERVED
CVE-2023-28933
@@ -1116,6 +1218,7 @@ CVE-2023-28881
CVE-2023-28880
RESERVED
CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...)
+ {DLA-3381-1}
- ghostscript 10.0.0~dfsg-11 (bug #1033757)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
@@ -1242,8 +1345,8 @@ CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that a
NOT-FOR-US: Pimcore Perspective Editor
CVE-2023-28849
RESERVED
-CVE-2023-28848
- RESERVED
+CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...)
+ TODO: check
CVE-2023-28847
RESERVED
CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
@@ -2051,8 +2154,8 @@ CVE-2023-28615
RESERVED
CVE-2023-28614
RESERVED
-CVE-2023-28613
- RESERVED
+CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and Baseban ...)
+ TODO: check
CVE-2023-28612
RESERVED
CVE-2023-28611 (Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and ...)
@@ -4915,32 +5018,32 @@ CVE-2023-27773
RESERVED
CVE-2023-27772
RESERVED
-CVE-2023-27771
- RESERVED
-CVE-2023-27770
- RESERVED
-CVE-2023-27769
- RESERVED
-CVE-2023-27768
- RESERVED
-CVE-2023-27767
- RESERVED
-CVE-2023-27766
- RESERVED
-CVE-2023-27765
- RESERVED
-CVE-2023-27764
- RESERVED
-CVE-2023-27763
- RESERVED
-CVE-2023-27762
- RESERVED
-CVE-2023-27761
- RESERVED
-CVE-2023-27760
- RESERVED
-CVE-2023-27759
- RESERVED
+CVE-2023-27771 (An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1. ...)
+ TODO: check
+CVE-2023-27770 (An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 al ...)
+ TODO: check
+CVE-2023-27769 (An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 al ...)
+ TODO: check
+CVE-2023-27768 (An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 all ...)
+ TODO: check
+CVE-2023-27767 (An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allo ...)
+ TODO: check
+CVE-2023-27766 (An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows ...)
+ TODO: check
+CVE-2023-27765 (An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 al ...)
+ TODO: check
+CVE-2023-27764 (An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allo ...)
+ TODO: check
+CVE-2023-27763 (An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 a ...)
+ TODO: check
+CVE-2023-27762 (An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 ...)
+ TODO: check
+CVE-2023-27761 (An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0. ...)
+ TODO: check
+CVE-2023-27760 (An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allo ...)
+ TODO: check
+CVE-2023-27759 (An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 al ...)
+ TODO: check
CVE-2023-27758
RESERVED
CVE-2023-27757 (An arbitrary file upload vulnerability in the /admin/user/uploadImg co ...)
@@ -4989,8 +5092,8 @@ CVE-2023-27736
RESERVED
CVE-2023-27735
RESERVED
-CVE-2023-27734
- RESERVED
+CVE-2023-27734 (An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker ...)
+ TODO: check
CVE-2023-27733
RESERVED
CVE-2023-27732
@@ -5695,18 +5798,18 @@ CVE-2023-27494 (Streamlit, software for turning data scripts into web applicatio
NOT-FOR-US: Streamlit
CVE-2023-27493
RESERVED
-CVE-2023-27492
- RESERVED
-CVE-2023-27491
- RESERVED
+CVE-2023-27492 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
+CVE-2023-27491 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...)
NOT-FOR-US: NextAuth.js
CVE-2023-27489 (Kiwi TCMS is an open source test management system for both manual and ...)
NOT-FOR-US: Kiwi TCMS
-CVE-2023-27488
- RESERVED
-CVE-2023-27487
- RESERVED
+CVE-2023-27488 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
+CVE-2023-27487 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+ TODO: check
CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...)
NOT-FOR-US: xCAT
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
@@ -6751,12 +6854,12 @@ CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attac
NOT-FOR-US: My-Blog
CVE-2023-27092
RESERVED
-CVE-2023-27091
- RESERVED
+CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...)
+ TODO: check
CVE-2023-27090
RESERVED
-CVE-2023-27089
- RESERVED
+CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...)
+ TODO: check
CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
NOT-FOR-US: feiqu-opensource Background Vertical
CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...)
@@ -6951,8 +7054,8 @@ CVE-2023-26993
RESERVED
CVE-2023-26992
RESERVED
-CVE-2023-26991
- RESERVED
+CVE-2023-26991 (SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in t ...)
+ TODO: check
CVE-2023-26990
RESERVED
CVE-2023-26989
@@ -6985,8 +7088,8 @@ CVE-2023-26976 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack o
NOT-FOR-US: Tenda
CVE-2023-26975
RESERVED
-CVE-2023-26974
- RESERVED
+CVE-2023-26974 (Irfanview v4.62 allows a user-mode write access violation via a crafte ...)
+ TODO: check
CVE-2023-26973
RESERVED
CVE-2023-26972
@@ -7096,8 +7199,8 @@ CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability
NOTE: Vulnerability triggered only on Windows codepath
CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
NOT-FOR-US: Varisicte
-CVE-2023-26921
- RESERVED
+CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...)
+ TODO: check
CVE-2023-26920
RESERVED
CVE-2023-26919
@@ -7206,8 +7309,8 @@ CVE-2023-26868
RESERVED
CVE-2023-26867
RESERVED
-CVE-2023-26866
- RESERVED
+CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...)
+ TODO: check
CVE-2023-26865
RESERVED
CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
@@ -7384,12 +7487,12 @@ CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization
NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-26778
RESERVED
-CVE-2023-26777
- RESERVED
-CVE-2023-26776
- RESERVED
-CVE-2023-26775
- RESERVED
+CVE-2023-26777 (Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.1 ...)
+ TODO: check
+CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a ...)
+ TODO: check
+CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...)
+ TODO: check
CVE-2023-26774
RESERVED
CVE-2023-26773
@@ -7452,8 +7555,8 @@ CVE-2023-26752
RESERVED
CVE-2023-26751
RESERVED
-CVE-2023-26750
- RESERVED
+CVE-2023-26750 (SQL injection vulnerability found in Yii Framework Yii 2 Framework bef ...)
+ TODO: check
CVE-2023-26749
RESERVED
CVE-2023-26748
@@ -7486,8 +7589,8 @@ CVE-2023-26735
RESERVED
CVE-2023-26734
RESERVED
-CVE-2023-26733
- RESERVED
+CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...)
+ TODO: check
CVE-2023-26732
RESERVED
CVE-2023-26731
@@ -8309,8 +8412,7 @@ CVE-2023-26439
RESERVED
CVE-2023-26438
RESERVED
-CVE-2023-26437
- RESERVED
+CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...)
- pdns-recursor <unfixed> (bug #1033941)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html
CVE-2023-26436
@@ -9634,12 +9736,12 @@ CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ord
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-25943
RESERVED
-CVE-2023-25942
- RESERVED
-CVE-2023-25941
- RESERVED
-CVE-2023-25940
- RESERVED
+CVE-2023-25942 (Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled res ...)
+ TODO: check
+CVE-2023-25941 (Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of p ...)
+ TODO: check
+CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link resolutio ...)
+ TODO: check
CVE-2023-25939
RESERVED
CVE-2023-25938
@@ -11597,10 +11699,10 @@ CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild
NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683
CVE-2023-25357
RESERVED
-CVE-2023-25356
- RESERVED
-CVE-2023-25355
- RESERVED
+CVE-2023-25356 (CoreDial sipXcom up to and including 21.04 is vulnerable to Improper N ...)
+ TODO: check
+CVE-2023-25355 (CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure P ...)
+ TODO: check
CVE-2023-25354
RESERVED
CVE-2023-25353
@@ -11699,12 +11801,12 @@ CVE-2023-25307
RESERVED
CVE-2023-25306
RESERVED
-CVE-2023-25305
- RESERVED
+CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mr ...)
+ TODO: check
CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...)
NOT-FOR-US: Prism Launcher
-CVE-2023-25303
- RESERVED
+CVE-2023-25303 (ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpa ...)
+ TODO: check
CVE-2023-25302
RESERVED
CVE-2023-25301
@@ -15306,8 +15408,8 @@ CVE-2023-23979
RESERVED
CVE-2023-23978
RESERVED
-CVE-2023-23977
- RESERVED
+CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23976
RESERVED
CVE-2023-23975
@@ -15608,8 +15710,8 @@ CVE-2023-23880
RESERVED
CVE-2023-23879
RESERVED
-CVE-2023-23878
- RESERVED
+CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...)
+ TODO: check
CVE-2023-23877
RESERVED
CVE-2023-23876
@@ -15624,8 +15726,8 @@ CVE-2023-23872
RESERVED
CVE-2023-23871
RESERVED
-CVE-2023-23870
- RESERVED
+CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...)
+ TODO: check
CVE-2023-23869
RESERVED
CVE-2023-23868
@@ -15780,8 +15882,8 @@ CVE-2023-23823
RESERVED
CVE-2023-23822
RESERVED
-CVE-2023-23821
- RESERVED
+CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
+ TODO: check
CVE-2023-23820
RESERVED
CVE-2023-23819
@@ -16251,10 +16353,10 @@ CVE-2023-23688
RESERVED
CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube short ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23686
- RESERVED
-CVE-2023-23685
- RESERVED
+CVE-2023-23686 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-23685 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23684
RESERVED
CVE-2023-23683
@@ -19700,22 +19802,22 @@ CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) con
NOT-FOR-US: Proofpoint
CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...)
NOT-FOR-US: Proofpoint
-CVE-2022-48228
- RESERVED
-CVE-2022-48227
- RESERVED
-CVE-2022-48226
- RESERVED
-CVE-2022-48225
- RESERVED
-CVE-2022-48224
- RESERVED
-CVE-2022-48223
- RESERVED
-CVE-2022-48222
- RESERVED
-CVE-2022-48221
- RESERVED
+CVE-2022-48228 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...)
+ TODO: check
+CVE-2022-48227 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...)
+ TODO: check
+CVE-2022-48226 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...)
+ TODO: check
+CVE-2022-48225 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...)
+ TODO: check
+CVE-2022-48224 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...)
+ TODO: check
+CVE-2022-48223 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...)
+ TODO: check
+CVE-2022-48222 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...)
+ TODO: check
+CVE-2022-48221 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Mult ...)
+ TODO: check
CVE-2017-20163 (A vulnerability has been found in Red Snapper NView and classified as ...)
NOT-FOR-US: Red Snapper NView
CVE-2014-125045 (A vulnerability has been found in meol1 and classified as critical. Af ...)
@@ -22149,8 +22251,8 @@ CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request for
NOT-FOR-US: maccms10
CVE-2022-47871
RESERVED
-CVE-2022-47870
- RESERVED
+CVE-2022-47870 (A Cross Site Scripting (XSS) vulnerability in the web SQL monitor logi ...)
+ TODO: check
CVE-2022-47869
RESERVED
CVE-2022-47868
@@ -43936,8 +44038,8 @@ CVE-2022-41635
RESERVED
CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41633
- RESERVED
+CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
+ TODO: check
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
NOT-FOR-US: Villatheme ALD
CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPr ...)
@@ -73049,7 +73151,7 @@ CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have CSR
NOT-FOR-US: WordPress plugin
CVE-2022-1763 (Due to missing checks the Static Page eXtended WordPress plugin throug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1762 (The iQ Block Country WordPress plugin through 1.2.13 does not properly ...)
+CVE-2022-1762 (The iQ Block Country WordPress plugin before 1.2.20 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1761 (The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 ...)
NOT-FOR-US: WordPress plugin
@@ -130027,7 +130129,7 @@ CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36827 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+CVE-2021-36827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Satu ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...)
NOT-FOR-US: WordPress plugin
@@ -143075,8 +143177,8 @@ CVE-2021-31709
RESERVED
CVE-2021-31708
RESERVED
-CVE-2021-31707
- RESERVED
+CVE-2021-31707 (Permissions vulnerability found in KiteCMS allows a remote attacker to ...)
+ TODO: check
CVE-2021-31706
RESERVED
CVE-2021-31705
@@ -152077,8 +152179,8 @@ CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflo
- libredwg <itp> (bug #595191)
CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference ...)
- libredwg <itp> (bug #595191)
-CVE-2021-28235
- RESERVED
+CVE-2021-28235 (Authentication vulnerability found in Etcd-io v.3.4.10 allows remote a ...)
+ TODO: check
CVE-2021-28234
RESERVED
CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...)
@@ -158045,8 +158147,8 @@ CVE-2021-3269
RESERVED
CVE-2021-3268
RESERVED
-CVE-2021-3267
- RESERVED
+CVE-2021-3267 (File Upload vulnerability found in KiteCMS v.1.1 allows a remote attac ...)
+ TODO: check
CVE-2021-3266
RESERVED
CVE-2021-3265
@@ -177900,8 +178002,8 @@ CVE-2020-29314
RESERVED
CVE-2020-29313
RESERVED
-CVE-2020-29312
- RESERVED
+CVE-2020-29312 (An issue found in Zend Framework v.3.1.3 and before allow a remote att ...)
+ TODO: check
CVE-2020-29311 (Ubilling v1.0.9 allows Remote Command Execution as Root user by execut ...)
NOT-FOR-US: Ubilling
CVE-2020-29310
@@ -195759,8 +195861,8 @@ CVE-2020-23329
RESERVED
CVE-2020-23328
RESERVED
-CVE-2020-23327
- RESERVED
+CVE-2020-23327 (Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 all ...)
+ TODO: check
CVE-2020-23326
RESERVED
CVE-2020-23325
@@ -195958,14 +196060,14 @@ CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a maliciou
NOT-FOR-US: ming-soft MCMS
CVE-2020-23261
RESERVED
-CVE-2020-23260
- RESERVED
-CVE-2020-23259
- RESERVED
-CVE-2020-23258
- RESERVED
-CVE-2020-23257
- RESERVED
+CVE-2020-23260 (An issue found in Jsish v.3.0.11 and before allows an attacker to caus ...)
+ TODO: check
+CVE-2020-23259 (An issue found in Jsish v.3.0.11 and before allows an attacker to caus ...)
+ TODO: check
+CVE-2020-23258 (An issue found in Jsish v.3.0.11 allows a remote attacker to cause a d ...)
+ TODO: check
+CVE-2020-23257 (Buffer Overflow vulnerability found in Espruino 2v05.41 allows an atta ...)
+ TODO: check
CVE-2020-23256 (An issue was discovered in Electerm 1.3.22, allows attackers to execut ...)
NOT-FOR-US: Electerm
CVE-2020-23255
@@ -197468,8 +197570,8 @@ CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the
NOT-FOR-US: PbootCMS
CVE-2020-22534
RESERVED
-CVE-2020-22533
- RESERVED
+CVE-2020-22533 (Cross Site Scripting vulnerability found in Zentao allows a remote att ...)
+ TODO: check
CVE-2020-22532
RESERVED
CVE-2020-22531
@@ -199798,8 +199900,8 @@ CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.
NOT-FOR-US: FeehiCMS
CVE-2020-21515
RESERVED
-CVE-2020-21514
- RESERVED
+CVE-2020-21514 (An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2. ...)
+ TODO: check
CVE-2020-21513
RESERVED
CVE-2020-21512
@@ -199852,8 +199954,8 @@ CVE-2020-21489
RESERVED
CVE-2020-21488
RESERVED
-CVE-2020-21487
- RESERVED
+CVE-2020-21487 (Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ...)
+ TODO: check
CVE-2020-21486
RESERVED
CVE-2020-21485
@@ -200711,8 +200813,8 @@ CVE-2020-21062
RESERVED
CVE-2020-21061
RESERVED
-CVE-2020-21060
- RESERVED
+CVE-2020-21060 (SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote a ...)
+ TODO: check
CVE-2020-21059
RESERVED
CVE-2020-21058
@@ -201019,12 +201121,12 @@ CVE-2020-20917
RESERVED
CVE-2020-20916
RESERVED
-CVE-2020-20915
- RESERVED
-CVE-2020-20914
- RESERVED
-CVE-2020-20913
- RESERVED
+CVE-2020-20915 (SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote a ...)
+ TODO: check
+CVE-2020-20914 (SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a ...)
+ TODO: check
+CVE-2020-20913 (SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a r ...)
+ TODO: check
CVE-2020-20912
RESERVED
CVE-2020-20911
@@ -201843,10 +201945,10 @@ CVE-2020-20524
RESERVED
CVE-2020-20523
RESERVED
-CVE-2020-20522
- RESERVED
-CVE-2020-20521
- RESERVED
+CVE-2020-20522 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...)
+ TODO: check
+CVE-2020-20521 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...)
+ TODO: check
CVE-2020-20520
RESERVED
CVE-2020-20519
@@ -203231,8 +203333,8 @@ CVE-2020-19852
RESERVED
CVE-2020-19851
RESERVED
-CVE-2020-19850
- RESERVED
+CVE-2020-19850 (An issue found in Directus API v.2.2.0 allows a remote attacker to cau ...)
+ TODO: check
CVE-2020-19849
RESERVED
CVE-2020-19848
@@ -203554,22 +203656,22 @@ CVE-2020-19701
RESERVED
CVE-2020-19700
RESERVED
-CVE-2020-19699
- RESERVED
-CVE-2020-19698
- RESERVED
-CVE-2020-19697
- RESERVED
+CVE-2020-19699 (Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 all ...)
+ TODO: check
+CVE-2020-19698 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...)
+ TODO: check
+CVE-2020-19697 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...)
+ TODO: check
CVE-2020-19696
RESERVED
-CVE-2020-19695
- RESERVED
+CVE-2020-19695 (Buffer Overflow found in Nginx NJS allows a remote attacker to execute ...)
+ TODO: check
CVE-2020-19694
RESERVED
-CVE-2020-19693
- RESERVED
-CVE-2020-19692
- RESERVED
+CVE-2020-19693 (An issue found in Espruino Espruino 6ea4c0a allows an attacker to exec ...)
+ TODO: check
+CVE-2020-19692 (Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a rem ...)
+ TODO: check
CVE-2020-19691
RESERVED
CVE-2020-19690
@@ -204468,12 +204570,12 @@ CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage
NOT-FOR-US: Jeesns
CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...)
NOT-FOR-US: Jeesns
-CVE-2020-19279
- RESERVED
-CVE-2020-19278
- RESERVED
-CVE-2020-19277
- RESERVED
+CVE-2020-19279 (Directory Traversal vulnerability found in B3log Wide allows a an atta ...)
+ TODO: check
+CVE-2020-19278 (Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0. ...)
+ TODO: check
+CVE-2020-19277 (Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 al ...)
+ TODO: check
CVE-2020-19276
RESERVED
CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c442101fb06d78ddd98cddac4e5ba4d433530fa7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c442101fb06d78ddd98cddac4e5ba4d433530fa7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230404/a674b40a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list