[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 7 08:10:30 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11d16059 by security tracker role at 2023-02-07T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2023-25534
+ RESERVED
+CVE-2023-25533
+ RESERVED
+CVE-2023-25532
+ RESERVED
+CVE-2023-25531
+ RESERVED
+CVE-2023-25530
+ RESERVED
+CVE-2023-25529
+ RESERVED
+CVE-2023-25528
+ RESERVED
+CVE-2023-25527
+ RESERVED
+CVE-2023-25526
+ RESERVED
+CVE-2023-25525
+ RESERVED
+CVE-2023-25524
+ RESERVED
+CVE-2023-25523
+ RESERVED
+CVE-2023-25522
+ RESERVED
+CVE-2023-25521
+ RESERVED
+CVE-2023-25520
+ RESERVED
+CVE-2023-25519
+ RESERVED
+CVE-2023-25518
+ RESERVED
+CVE-2023-25517
+ RESERVED
+CVE-2023-25516
+ RESERVED
+CVE-2023-25515
+ RESERVED
+CVE-2023-25514
+ RESERVED
+CVE-2023-25513
+ RESERVED
+CVE-2023-25512
+ RESERVED
+CVE-2023-25511
+ RESERVED
+CVE-2023-25510
+ RESERVED
+CVE-2023-25509
+ RESERVED
+CVE-2023-25508
+ RESERVED
+CVE-2023-25507
+ RESERVED
+CVE-2023-25506
+ RESERVED
+CVE-2023-25505
+ RESERVED
+CVE-2023-25504
+ RESERVED
+CVE-2023-25503
+ RESERVED
+CVE-2023-25502
+ RESERVED
+CVE-2023-25501
+ RESERVED
+CVE-2023-25500
+ RESERVED
+CVE-2023-25499
+ RESERVED
+CVE-2023-24019
+ RESERVED
+CVE-2023-0705
+ RESERVED
+CVE-2023-0704
+ RESERVED
+CVE-2023-0703
+ RESERVED
+CVE-2023-0702
+ RESERVED
+CVE-2023-0701
+ RESERVED
+CVE-2023-0700
+ RESERVED
+CVE-2023-0699
+ RESERVED
+CVE-2023-0698
+ RESERVED
+CVE-2023-0697
+ RESERVED
+CVE-2023-0696
+ RESERVED
+CVE-2023-0695
+ RESERVED
+CVE-2023-0694
+ RESERVED
+CVE-2023-0693
+ RESERVED
+CVE-2023-0692
+ RESERVED
+CVE-2023-0691
+ RESERVED
+CVE-2023-0690
+ RESERVED
+CVE-2023-0689
+ RESERVED
+CVE-2023-0688
+ RESERVED
+CVE-2011-10003
+ RESERVED
CVE-2023-25498
RESERVED
CVE-2023-25497
@@ -649,10 +761,10 @@ CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo C
TODO: check
CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...)
NOT-FOR-US: paxswill EVE Ship Replacement Program
-CVE-2017-20177
- RESERVED
-CVE-2015-10073
- RESERVED
+CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...)
+ TODO: check
CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...)
- harfbuzz <unfixed> (bug #1030612)
[bullseye] - harfbuzz <no-dsa> (Minor issue)
@@ -721,8 +833,8 @@ CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.
- froxlor <itp> (bug #581792)
CVE-2023-0670
RESERVED
-CVE-2023-0669
- RESERVED
+CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
+ TODO: check
CVE-2023-0668
RESERVED
CVE-2023-0667
@@ -735,8 +847,8 @@ CVE-2023-0664
RESERVED
CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...)
NOT-FOR-US: Calendar Event Management System
-CVE-2022-48311
- RESERVED
+CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...)
+ TODO: check
CVE-2023-25173
RESERVED
CVE-2023-25172
@@ -1123,8 +1235,8 @@ CVE-2023-25018
RESERVED
CVE-2023-25017
RESERVED
-CVE-2023-25016
- RESERVED
+CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...)
+ TODO: check
CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
NOT-FOR-US: Clockwork Web
CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
@@ -1242,8 +1354,7 @@ CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has
NOT-FOR-US: TRENDnet
CVE-2023-0616
RESERVED
-CVE-2023-0615
- RESERVED
+CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer overflow w ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166287
CVE-2023-0614
@@ -1635,8 +1746,8 @@ CVE-2023-24831
RESERVED
CVE-2023-24828
RESERVED
-CVE-2023-24827
- RESERVED
+CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...)
+ TODO: check
CVE-2023-24826
RESERVED
CVE-2023-24825
@@ -1673,8 +1784,8 @@ CVE-2023-24810
RESERVED
CVE-2023-24809
RESERVED
-CVE-2023-24808
- RESERVED
+CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
+ TODO: check
CVE-2023-24807
RESERVED
CVE-2023-24806
@@ -2527,6 +2638,7 @@ CVE-2023-0495
RESERVED
CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
RESERVED
+ {DLA-3310-1}
- xorg-server <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
@@ -3940,12 +4052,12 @@ CVE-2023-23946
RESERVED
CVE-2023-23945
RESERVED
-CVE-2023-23944
- RESERVED
-CVE-2023-23943
- RESERVED
-CVE-2023-23942
- RESERVED
+CVE-2023-23944 (Nextcloud mail is an email app for the nextcloud home server platform. ...)
+ TODO: check
+CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server platform. ...)
+ TODO: check
+CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...)
+ TODO: check
CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...)
NOT-FOR-US: SwagPayPal
CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
@@ -4143,8 +4255,8 @@ CVE-2023-23851
RESERVED
CVE-2023-23850
RESERVED
-CVE-2023-23849
- RESERVED
+CVE-2023-23849 (Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an u ...)
+ TODO: check
CVE-2023-23848
RESERVED
CVE-2023-23847
@@ -5174,8 +5286,8 @@ CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk all
- check-mk <removed>
CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
-CVE-2023-0282
- RESERVED
+CVE-2023-0282 (The YourChannel WordPress plugin before 1.2.2 does not sanitize and es ...)
+ TODO: check
CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...)
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280
@@ -5522,8 +5634,8 @@ CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vuln
NOT-FOR-US: Simple Membership WP user Import plugin for WordPress
CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin ...)
NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress
-CVE-2023-0252
- RESERVED
+CVE-2023-0252 (The Contextual Related Posts WordPress plugin before 3.3.1 does not va ...)
+ TODO: check
CVE-2023-0251
RESERVED
CVE-2023-0250
@@ -5557,12 +5669,12 @@ CVE-2023-0238
RESERVED
CVE-2023-0237
REJECTED
-CVE-2023-0236
- RESERVED
+CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...)
+ TODO: check
CVE-2023-0235
REJECTED
-CVE-2023-0234
- RESERVED
+CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...)
+ TODO: check
CVE-2023-0233
RESERVED
CVE-2023-0232
@@ -5845,8 +5957,8 @@ CVE-2023-23335
RESERVED
CVE-2023-23334
RESERVED
-CVE-2023-23333
- RESERVED
+CVE-2023-23333 (There is a command injection vulnerability in SolarView Compact throug ...)
+ TODO: check
CVE-2023-23332
RESERVED
CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...)
@@ -6807,24 +6919,24 @@ CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2
NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/
-CVE-2023-0178
- RESERVED
+CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not validate and ...)
+ TODO: check
CVE-2023-0177
RESERVED
-CVE-2023-0176
- RESERVED
+CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...)
+ TODO: check
CVE-2023-0175
RESERVED
-CVE-2023-0174
- RESERVED
-CVE-2023-0173
- RESERVED
+CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and escape s ...)
+ TODO: check
+CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
+ TODO: check
CVE-2023-0172
RESERVED
-CVE-2023-0171
- RESERVED
-CVE-2023-0170
- RESERVED
+CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...)
+ TODO: check
+CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
+ TODO: check
CVE-2023-0169
RESERVED
CVE-2023-0168
@@ -6906,24 +7018,24 @@ CVE-2023-0156
RESERVED
CVE-2023-0155
RESERVED
-CVE-2023-0154
- RESERVED
-CVE-2023-0153
- RESERVED
+CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
+ TODO: check
+CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
+ TODO: check
CVE-2023-0152
RESERVED
CVE-2023-0151
RESERVED
-CVE-2023-0150
- RESERVED
-CVE-2023-0149
- RESERVED
-CVE-2023-0148
- RESERVED
-CVE-2023-0147
- RESERVED
-CVE-2023-0146
- RESERVED
+CVE-2023-0150 (The Cloak Front End Email WordPress plugin through 1.9.1 does not vali ...)
+ TODO: check
+CVE-2023-0149 (The WordPrezi WordPress plugin through 0.8.2 does not validate and esc ...)
+ TODO: check
+CVE-2023-0148 (The Gallery Factory Lite WordPress plugin through 2.0.0 does not valid ...)
+ TODO: check
+CVE-2023-0147 (The Flexible Captcha WordPress plugin through 4.1 does not validate an ...)
+ TODO: check
+CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate and esc ...)
+ TODO: check
CVE-2023-0145
RESERVED
CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...)
@@ -6994,10 +7106,10 @@ CVE-2023-22885
REJECTED
CVE-2023-22884 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- airflow <itp> (bug #819700)
-CVE-2023-0144
- RESERVED
-CVE-2023-0143
- RESERVED
+CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce WordPress ...)
+ TODO: check
+CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...)
+ TODO: check
CVE-2023-0142
RESERVED
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
@@ -7205,8 +7317,7 @@ CVE-2022-46285
[buster] - libxpm <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15)
-CVE-2022-44617
- RESERVED
+CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
[buster] - libxpm <no-dsa> (Minor issue)
@@ -7803,10 +7914,10 @@ CVE-2023-0098
RESERVED
CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0096
- RESERVED
-CVE-2023-0095
- RESERVED
+CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate and es ...)
+ TODO: check
+CVE-2023-0095 (The Page View Count WordPress plugin before 2.6.1 does not validate an ...)
+ TODO: check
CVE-2022-4879 (A vulnerability was found in Forged Alliance Forever up to 3746. It ha ...)
NOT-FOR-US: Forged Alliance Forever
CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS. Affect ...)
@@ -7951,10 +8062,10 @@ CVE-2023-0084
RESERVED
CVE-2023-0083
RESERVED
-CVE-2023-0082
- RESERVED
-CVE-2023-0081
- RESERVED
+CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and ...)
+ TODO: check
+CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...)
+ TODO: check
CVE-2023-0080
RESERVED
CVE-2023-0079
@@ -8047,12 +8158,12 @@ CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not valid
NOT-FOR-US: WordPress plugin
CVE-2023-0073
RESERVED
-CVE-2023-0072
- RESERVED
+CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...)
+ TODO: check
CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0070
- RESERVED
+CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does ...)
+ TODO: check
CVE-2023-0069
RESERVED
CVE-2023-0068
@@ -8067,8 +8178,8 @@ CVE-2023-0064
RESERVED
CVE-2023-0063
RESERVED
-CVE-2023-0062
- RESERVED
+CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...)
+ TODO: check
CVE-2023-0061
RESERVED
CVE-2023-0060
@@ -8754,18 +8865,18 @@ CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
NOT-FOR-US: usememos
CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
NOT-FOR-US: usememos
-CVE-2022-4838
- RESERVED
+CVE-2022-4838 (The Clean Login WordPress plugin before 1.13.7 does not validate and e ...)
+ TODO: check
CVE-2022-4837 (The CPO Companion WordPress plugin before 1.1.0 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4836
- RESERVED
+CVE-2022-4836 (The Breadcrumb WordPress plugin before 1.5.33 does not validate and es ...)
+ TODO: check
CVE-2022-4835 (The Social Sharing Toolkit WordPress plugin through 2.6 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4834 (The CPT Bootstrap Carousel WordPress plugin through 1.12 does not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4833
- RESERVED
+CVE-2022-4833 (The YourChannel: Everything you want in a YouTube plugin WordPress plu ...)
+ TODO: check
CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin ...)
@@ -8778,12 +8889,12 @@ CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not val
NOT-FOR-US: WordPress plugin
CVE-2022-4827
RESERVED
-CVE-2022-4826
- RESERVED
-CVE-2022-4825
- RESERVED
-CVE-2022-4824
- RESERVED
+CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...)
+ TODO: check
+CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...)
+ TODO: check
+CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...)
+ TODO: check
CVE-2022-48190
RESERVED
CVE-2022-48189
@@ -8914,8 +9025,8 @@ CVE-2022-48168
RESERVED
CVE-2022-48167
RESERVED
-CVE-2022-48166
- RESERVED
+CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...)
+ TODO: check
CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
NOT-FOR-US: Wavlink
CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...)
@@ -9620,8 +9731,8 @@ CVE-2022-4764
RESERVED
CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4762
- RESERVED
+CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does not valid ...)
+ TODO: check
CVE-2022-4761
RESERVED
CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
@@ -9632,8 +9743,8 @@ CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not valid
NOT-FOR-US: WordPress plugin
CVE-2022-4757
RESERVED
-CVE-2022-4756
- RESERVED
+CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...)
+ TODO: check
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
NOT-FOR-US: FlatPress
CVE-2022-4754
@@ -9650,8 +9761,8 @@ CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 d
NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
NOT-FOR-US: FlatPress
-CVE-2022-4747
- RESERVED
+CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin before 1 ...)
+ TODO: check
CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...)
NOT-FOR-US: OpenMRS
CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...)
@@ -9788,16 +9899,19 @@ CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
CVE-2022-4731 (A vulnerability, which was classified as problematic, was found in mya ...)
NOT-FOR-US: myapnea
CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...)
+ {DLA-3309-1}
- graphite-web <unfixed> (bug #1026992)
NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2746
NOTE: https://github.com/graphite-project/graphite-web/pull/2785
CVE-2022-4729 (A vulnerability was found in Graphite Web and classified as problemati ...)
+ {DLA-3309-1}
- graphite-web <unfixed> (bug #1026992)
NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2745
NOTE: https://github.com/graphite-project/graphite-web/pull/2785
CVE-2022-4728 (A vulnerability has been found in Graphite Web and classified as probl ...)
+ {DLA-3309-1}
- graphite-web <unfixed> (bug #1026992)
NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
NOTE: https://github.com/graphite-project/graphite-web/issues/2744
@@ -9845,8 +9959,8 @@ CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior
- rdiffweb <itp> (bug #969974)
CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4717
- RESERVED
+CVE-2022-4717 (The Strong Testimonials WordPress plugin before 3.0.3 does not validat ...)
+ TODO: check
CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...)
@@ -9926,8 +10040,8 @@ CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
NOT-FOR-US: usememos
CVE-2022-4682
RESERVED
-CVE-2022-4681
- RESERVED
+CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly sanitiz ...)
+ TODO: check
CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -9992,14 +10106,14 @@ CVE-2022-4679
RESERVED
CVE-2022-4678
RESERVED
-CVE-2022-4677
- RESERVED
+CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
+ TODO: check
CVE-2022-4676
RESERVED
CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4674
- RESERVED
+CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...)
+ TODO: check
CVE-2022-46739
RESERVED
CVE-2022-46735
@@ -10012,8 +10126,8 @@ CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2
NOT-FOR-US: WordPress plugin
CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4670
- RESERVED
+CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...)
+ TODO: check
CVE-2022-4669
RESERVED
CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
@@ -10024,8 +10138,8 @@ CVE-2022-4666
RESERVED
CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...)
- ampache <removed>
-CVE-2022-4664
- RESERVED
+CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate and es ...)
+ TODO: check
CVE-2022-46419
RESERVED
CVE-2022-45878
@@ -10065,8 +10179,8 @@ CVE-2022-4659
REJECTED
CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4657
- RESERVED
+CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not validate an ...)
+ TODO: check
CVE-2022-4656
RESERVED
CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...)
@@ -10187,8 +10301,8 @@ CVE-2022-4628
RESERVED
CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4626
- RESERVED
+CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and escape so ...)
+ TODO: check
CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...)
@@ -12238,8 +12352,8 @@ CVE-2022-4579
REJECTED
CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4577
- RESERVED
+CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not validate ...)
+ TODO: check
CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4575
@@ -12724,8 +12838,8 @@ CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not val
NOT-FOR-US: WordPress plugin
CVE-2022-4490
RESERVED
-CVE-2022-4489
- RESERVED
+CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...)
+ TODO: check
CVE-2022-4488
RESERVED
CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
@@ -12922,8 +13036,8 @@ CVE-2022-4461
RESERVED
CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4459
- RESERVED
+CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not validate and ...)
+ TODO: check
CVE-2022-4458
RESERVED
CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App ...)
@@ -14413,8 +14527,8 @@ CVE-2022-4386
RESERVED
CVE-2022-4385
RESERVED
-CVE-2022-4384
- RESERVED
+CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users with l ...)
+ TODO: check
CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
@@ -15002,8 +15116,8 @@ CVE-2022-43474
RESERVED
CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...)
NOT-FOR-US: maku-boot
-CVE-2022-4321
- RESERVED
+CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...)
+ TODO: check
CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4319
@@ -15413,8 +15527,8 @@ CVE-2022-46498
RESERVED
CVE-2022-46497
RESERVED
-CVE-2022-46496
- RESERVED
+CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...)
+ TODO: check
CVE-2022-46495
RESERVED
CVE-2022-46494
@@ -17440,8 +17554,8 @@ CVE-2022-45856
RESERVED
CVE-2022-45855
RESERVED
-CVE-2022-45854
- RESERVED
+CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
+ TODO: check
CVE-2022-45853
RESERVED
CVE-2022-45852
@@ -18055,8 +18169,8 @@ CVE-2022-45591
RESERVED
CVE-2022-45590
RESERVED
-CVE-2022-45589
- RESERVED
+CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT th ...)
+ TODO: check
CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...)
TODO: check
CVE-2022-45587
@@ -18587,8 +18701,8 @@ CVE-2022-45442 (Sinatra is a domain-specific language for creating web applicati
NOTE: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw
NOTE: https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b (v3.0.4)
NOTE: https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a (v2.2.3)
-CVE-2022-45441
- RESERVED
+CVE-2022-45441 (A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmwa ...)
+ TODO: check
CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmwa ...)
NOT-FOR-US: Zyxel
CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration file o ...)
@@ -23070,10 +23184,10 @@ CVE-2022-44270
RESERVED
CVE-2022-44269
RESERVED
-CVE-2022-44268
- RESERVED
-CVE-2022-44267
- RESERVED
+CVE-2022-44268 (ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it ...)
+ TODO: check
+CVE-2022-44267 (ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parse ...)
+ TODO: check
CVE-2022-44266
RESERVED
CVE-2022-44265
@@ -24173,42 +24287,42 @@ CVE-2023-20621
RESERVED
CVE-2023-20620
RESERVED
-CVE-2023-20619
- RESERVED
-CVE-2023-20618
- RESERVED
+CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...)
+ TODO: check
+CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...)
+ TODO: check
CVE-2023-20617
RESERVED
-CVE-2023-20616
- RESERVED
-CVE-2023-20615
- RESERVED
-CVE-2023-20614
- RESERVED
-CVE-2023-20613
- RESERVED
-CVE-2023-20612
- RESERVED
-CVE-2023-20611
- RESERVED
-CVE-2023-20610
- RESERVED
-CVE-2023-20609
- RESERVED
-CVE-2023-20608
- RESERVED
-CVE-2023-20607
- RESERVED
-CVE-2023-20606
- RESERVED
-CVE-2023-20605
- RESERVED
-CVE-2023-20604
- RESERVED
+CVE-2023-20616 (In ion, there is a possible out of bounds read due to type confusion. ...)
+ TODO: check
+CVE-2023-20615 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20614 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20613 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20612 (In ril, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20611 (In gpu, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2023-20610 (In display drm, there is a possible memory corruption due to a race co ...)
+ TODO: check
+CVE-2023-20609 (In ccu, there is a possible out of bounds read due to a logic error. T ...)
+ TODO: check
+CVE-2023-20608 (In display drm, there is a possible use after free due to a race condi ...)
+ TODO: check
+CVE-2023-20607 (In ccu, there is a possible memory corruption due to a race condition. ...)
+ TODO: check
+CVE-2023-20606 (In apusys, there is a possible out of bounds read due to a missing bou ...)
+ TODO: check
+CVE-2023-20605 (In keyinstall, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20604 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2023-20603
RESERVED
-CVE-2023-20602
- RESERVED
+CVE-2023-20602 (In ged, there is a possible out of bounds write due to an integer over ...)
+ TODO: check
CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices before 3.7 ...)
NOT-FOR-US: GE
CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...)
@@ -28322,10 +28436,10 @@ CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720,
NOT-FOR-US: ZKTeco
CVE-2022-42952
RESERVED
-CVE-2022-42951
- RESERVED
-CVE-2022-42950
- RESERVED
+CVE-2022-42951 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6 ...)
+ TODO: check
+CVE-2022-42950 (An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x ...)
+ TODO: check
CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...)
NOT-FOR-US: Silverstripe
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...)
@@ -29812,8 +29926,8 @@ CVE-2022-42441
RESERVED
CVE-2022-42440
RESERVED
-CVE-2022-42439
- RESERVED
+CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...)
+ TODO: check
CVE-2022-42438
RESERVED
CVE-2022-42437
@@ -30174,8 +30288,8 @@ CVE-2022-42293
RESERVED
CVE-2022-42292
RESERVED
-CVE-2022-42291
- RESERVED
+CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the installer, w ...)
+ TODO: check
CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
NOT-FOR-US: NVIDIA
CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...)
@@ -34204,8 +34318,8 @@ CVE-2022-3231 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms
NOT-FOR-US: LibreNMS
CVE-2022-3230
RESERVED
-CVE-2022-3229
- RESERVED
+CVE-2022-3229 (Because the web management interface for Unified Intents' Unified Remo ...)
+ TODO: check
CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...)
NOT-FOR-US: Host Engineering
CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...)
@@ -39990,8 +40104,8 @@ CVE-2022-38549
RESERVED
CVE-2022-38548
RESERVED
-CVE-2022-38547
- RESERVED
+CVE-2022-38547 (A post-authentication command injection vulnerability in the CLI comma ...)
+ TODO: check
CVE-2022-38546 (A DNS misconfiguration was found in Zyxel NBG7510 firmware versions pr ...)
NOT-FOR-US: Zyxel
CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...)
@@ -55924,8 +56038,8 @@ CVE-2022-32665 (In Boa, there is a possible command injection due to improper in
TODO: check
CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...)
TODO: check
-CVE-2022-32663
- RESERVED
+CVE-2022-32663 (In Wi-Fi driver, there is a possible system crash due to null pointer ...)
+ TODO: check
CVE-2022-32662
RESERVED
CVE-2022-32661
@@ -55938,12 +56052,12 @@ CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to i
TODO: check
CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
TODO: check
-CVE-2022-32656
- RESERVED
-CVE-2022-32655
- RESERVED
-CVE-2022-32654
- RESERVED
+CVE-2022-32656 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
+CVE-2022-32655 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
+CVE-2022-32654 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...)
+ TODO: check
CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic error. T ...)
TODO: check
CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic error. T ...)
@@ -55964,10 +56078,10 @@ CVE-2022-32645 (In vow, there is a possible information disclosure due to a race
TODO: check
CVE-2022-32644 (In vow, there is a possible use after free due to a race condition. Th ...)
TODO: check
-CVE-2022-32643
- RESERVED
-CVE-2022-32642
- RESERVED
+CVE-2022-32643 (In ccd, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-32642 (In ccd, there is a possible memory corruption due to a race condition. ...)
+ TODO: check
CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a missing ...)
TODO: check
CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a missing ...)
@@ -56060,8 +56174,8 @@ CVE-2022-32597 (In widevine, there is a possible out of bounds write due to an i
NOT-FOR-US: Mediatek
CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an incorre ...)
NOT-FOR-US: Mediatek
-CVE-2022-32595
- RESERVED
+CVE-2022-32595 (In widevine, there is a possible out of bounds read due to an incorrec ...)
+ TODO: check
CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an incorre ...)
NOT-FOR-US: Mediatek
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...)
@@ -59120,8 +59234,8 @@ CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability i
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA drivers for Windows
-CVE-2022-31611
- RESERVED
+CVE-2022-31611 (NVIDIA GeForce Experience contains an uncontrolled search path vulnera ...)
+ TODO: check
CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -67137,8 +67251,8 @@ CVE-2022-28925
RESERVED
CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...)
NOT-FOR-US: UniverSIS
-CVE-2022-28923
- RESERVED
+CVE-2022-28923 (Caddy v2.4.6 was discovered to contain an open redirection vulnerabili ...)
+ TODO: check
CVE-2022-28922
RESERVED
CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...)
@@ -131111,18 +131225,18 @@ CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager E
NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...)
NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
-CVE-2021-31578
- RESERVED
-CVE-2021-31577
- RESERVED
-CVE-2021-31576
- RESERVED
-CVE-2021-31575
- RESERVED
-CVE-2021-31574
- RESERVED
-CVE-2021-31573
- RESERVED
+CVE-2021-31578 (In Boa, there is a possible escalation of privilege due to a stack buf ...)
+ TODO: check
+CVE-2021-31577 (In Boa, there is a possible escalation of privilege due to a missing p ...)
+ TODO: check
+CVE-2021-31576 (In Boa, there is a possible information disclosure due to a missing pe ...)
+ TODO: check
+CVE-2021-31575 (In Config Manager, there is a possible command injection due to improp ...)
+ TODO: check
+CVE-2021-31574 (In Config Manager, there is a possible command injection due to improp ...)
+ TODO: check
+CVE-2021-31573 (In Config Manager, there is a possible command injection due to improp ...)
+ TODO: check
CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
NOT-FOR-US: Buffalo
CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d16059c71b16e323b7787f8ddc427a4a4486f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d16059c71b16e323b7787f8ddc427a4a4486f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230207/81ce772b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list