[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 13 20:10:33 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a3d76d5 by security tracker role at 2023-02-13T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-25754
+	RESERVED
+CVE-2023-25753
+	RESERVED
+CVE-2023-25752
+	RESERVED
+CVE-2023-25751
+	RESERVED
+CVE-2023-25750
+	RESERVED
+CVE-2023-25749
+	RESERVED
+CVE-2023-25748
+	RESERVED
+CVE-2023-25747
+	RESERVED
+CVE-2023-25746
+	RESERVED
+CVE-2023-25745
+	RESERVED
+CVE-2023-25744
+	RESERVED
+CVE-2023-25743
+	RESERVED
+CVE-2023-25742
+	RESERVED
+CVE-2023-25741
+	RESERVED
+CVE-2023-25740
+	RESERVED
+CVE-2023-25739
+	RESERVED
+CVE-2023-25738
+	RESERVED
+CVE-2023-25737
+	RESERVED
+CVE-2023-25736
+	RESERVED
+CVE-2023-25735
+	RESERVED
+CVE-2023-25734
+	RESERVED
+CVE-2023-25733
+	RESERVED
+CVE-2023-25732
+	RESERVED
+CVE-2023-25731
+	RESERVED
+CVE-2023-25730
+	RESERVED
+CVE-2023-25729
+	RESERVED
+CVE-2023-25728
+	RESERVED
+CVE-2023-24585
+	RESERVED
+CVE-2023-0816
+	RESERVED
+CVE-2023-0815
+	RESERVED
+CVE-2023-0814
+	RESERVED
+CVE-2023-0813
+	RESERVED
+CVE-2023-0812
+	RESERVED
+CVE-2023-0811
+	RESERVED
+CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
+	TODO: check
+CVE-2023-0809
+	RESERVED
+CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_540 ...)
+	TODO: check
+CVE-2023-0807
+	RESERVED
+CVE-2023-0806
+	RESERVED
 CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...)
 	- phpmyadmin 4:5.2.1+dfsg-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
@@ -1588,8 +1666,8 @@ CVE-2023-25161
 	RESERVED
 CVE-2023-25160
 	RESERVED
-CVE-2023-25159
-	RESERVED
+CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+	TODO: check
 CVE-2023-25158
 	RESERVED
 CVE-2023-25157
@@ -2504,8 +2582,8 @@ CVE-2023-24806
 	REJECTED
 CVE-2023-24805
 	RESERVED
-CVE-2023-24804
-	RESERVED
+CVE-2023-24804 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
+	TODO: check
 CVE-2023-0584
 	RESERVED
 CVE-2023-0583
@@ -2902,8 +2980,8 @@ CVE-2023-24621
 	RESERVED
 CVE-2023-24620
 	RESERVED
-CVE-2023-24619
-	RESERVED
+CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...)
+	TODO: check
 CVE-2023-24618
 	RESERVED
 CVE-2023-24617
@@ -3177,8 +3255,8 @@ CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains a
 	NOT-FOR-US: Dell
 CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...)
 	NOT-FOR-US: Dell
-CVE-2023-24572
-	RESERVED
+CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...)
+	TODO: check
 CVE-2023-24571
 	RESERVED
 CVE-2023-24570
@@ -4762,8 +4840,8 @@ CVE-2023-23950 (User’s supplied input (usually a CRLF sequence) can be use
 	NOT-FOR-US: Symantec
 CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...)
 	NOT-FOR-US: Symantec
-CVE-2023-23948
-	RESERVED
+CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...)
+	TODO: check
 CVE-2023-23947
 	RESERVED
 CVE-2023-23946
@@ -4943,8 +5021,8 @@ CVE-2023-23550
 	RESERVED
 CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
 	NOT-FOR-US: Modoboa
-CVE-2023-0405
-	RESERVED
+CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & ...)
+	TODO: check
 CVE-2023-0404 (The Events Made Easy plugin for WordPress is vulnerable to authorizati ...)
 	NOT-FOR-US: Events Made Easy plugin for WordPress
 CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -5214,8 +5292,8 @@ CVE-2023-0381
 	RESERVED
 CVE-2023-0380
 	RESERVED
-CVE-2023-0379
-	RESERVED
+CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...)
+	TODO: check
 CVE-2023-0378
 	RESERVED
 CVE-2023-0377
@@ -5226,8 +5304,8 @@ CVE-2023-0375
 	RESERVED
 CVE-2023-0374
 	RESERVED
-CVE-2023-0373
-	RESERVED
+CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...)
+	TODO: check
 CVE-2023-0372
 	RESERVED
 CVE-2023-0371
@@ -5314,8 +5392,8 @@ CVE-2023-0364
 	RESERVED
 CVE-2023-0363
 	RESERVED
-CVE-2023-0362
-	RESERVED
+CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...)
+	TODO: check
 CVE-2023-0361
 	RESERVED
 	- gnutls28 3.7.8-5
@@ -5323,8 +5401,8 @@ CVE-2023-0361
 	NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14
 	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a (3.8.0)
 	NOTE: Code cleanup: https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558 (3.8.0)
-CVE-2023-0360
-	RESERVED
+CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not validate a ...)
+	TODO: check
 CVE-2023-0359
 	RESERVED
 CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. ...)
@@ -5496,8 +5574,8 @@ CVE-2023-0335
 	RESERVED
 CVE-2023-0334
 	RESERVED
-CVE-2023-0333
-	RESERVED
+CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...)
+	TODO: check
 CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
 	NOT-FOR-US: SourceCodester Online Food Ordering System
 CVE-2020-36654 (A vulnerability classified as problematic has been found in GENI Porta ...)
@@ -5523,8 +5601,8 @@ CVE-2023-XXXX [RUSTSEC-2022-0078]
 	NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111
 CVE-2023-23698 (Dell Command | Update, Dell Update, and Alienware Update versions befo ...)
 	NOT-FOR-US: Dell
-CVE-2023-23697
-	RESERVED
+CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain  ...)
+	TODO: check
 CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain  ...)
 	NOT-FOR-US: Dell
 CVE-2023-23695
@@ -6040,8 +6118,8 @@ CVE-2023-0277
 	RESERVED
 CVE-2023-0276
 	RESERVED
-CVE-2023-0275
-	RESERVED
+CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
+	TODO: check
 CVE-2023-0274
 	RESERVED
 CVE-2023-0273
@@ -6050,8 +6128,8 @@ CVE-2023-0272
 	RESERVED
 CVE-2023-0271
 	RESERVED
-CVE-2023-0270
-	RESERVED
+CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...)
+	TODO: check
 CVE-2023-0269
 	REJECTED
 CVE-2023-0268
@@ -6097,12 +6175,12 @@ CVE-2023-23556
 	RESERVED
 CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2023-23553
-	RESERVED
+CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting  ...)
+	TODO: check
 CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2023-23551
-	RESERVED
+CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are vulnerable to co ...)
+	TODO: check
 CVE-2023-23543
 	RESERVED
 CVE-2023-23542
@@ -6255,16 +6333,16 @@ CVE-2023-0265
 	RESERVED
 CVE-2023-0264
 	RESERVED
-CVE-2023-0263
-	RESERVED
-CVE-2023-0262
-	RESERVED
-CVE-2023-0261
-	RESERVED
-CVE-2023-0260
-	RESERVED
-CVE-2023-0259
-	RESERVED
+CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not properl ...)
+	TODO: check
+CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does not prope ...)
+	TODO: check
+CVE-2023-0261 (The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not ...)
+	TODO: check
+CVE-2023-0260 (The WP Review Slider WordPress plugin before 12.2 does not properly sa ...)
+	TODO: check
+CVE-2023-0259 (The WP Google Review Slider WordPress plugin before 11.8 does not prop ...)
+	TODO: check
 CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
 	NOT-FOR-US: SourceCodester
 CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
@@ -6368,8 +6446,8 @@ CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in Pack
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381
 	NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4
 	NOTE: https://github.com/upx/upx/issues/632
-CVE-2023-0255
-	RESERVED
+CVE-2023-0255 (The Enable Media Replace WordPress plugin before 4.0.2 does not preven ...)
+	TODO: check
 CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: Simple Membership WP user Import plugin for WordPress
 CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin ...)
@@ -7197,8 +7275,8 @@ CVE-2023-0222
 	RESERVED
 CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3.4 al ...)
 	NOT-FOR-US: Trellix
-CVE-2023-0220
-	RESERVED
+CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...)
+	TODO: check
 CVE-2023-0219
 	RESERVED
 CVE-2023-0218
@@ -7676,8 +7754,8 @@ CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN
 	NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/
 CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not validate and ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0177
-	RESERVED
+CVE-2023-0177 (The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.4 ...)
+	TODO: check
 CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0175
@@ -7692,14 +7770,14 @@ CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 d
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0169
-	RESERVED
+CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate and esc ...)
+	TODO: check
 CVE-2023-0168
 	RESERVED
 CVE-2023-0167
 	RESERVED
-CVE-2023-0166
-	RESERVED
+CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...)
+	TODO: check
 CVE-2023-0165
 	RESERVED
 CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
@@ -7763,8 +7841,8 @@ CVE-2023-0161
 	REJECTED
 CVE-2023-0160
 	RESERVED
-CVE-2023-0159
-	RESERVED
+CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugin bef ...)
+	TODO: check
 CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...)
 	NOT-FOR-US: NLnet Labs Krill
 CVE-2023-0157
@@ -7779,8 +7857,8 @@ CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 do
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0152
 	RESERVED
-CVE-2023-0151
-	RESERVED
+CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate ...)
+	TODO: check
 CVE-2023-0150 (The Cloak Front End Email WordPress plugin through 1.9.1 does not vali ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0149 (The WordPrezi WordPress plugin through 0.8.2 does not validate and esc ...)
@@ -8138,8 +8216,8 @@ CVE-2007-10002 (A vulnerability, which was classified as critical, has been foun
 	NOT-FOR-US: web-cyradm
 CVE-2023-22855
 	RESERVED
-CVE-2023-22854
-	RESERVED
+CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 ...)
+	TODO: check
 CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...)
 	- tikiwiki <removed>
 CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to tiki-importe ...)
@@ -8657,10 +8735,10 @@ CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus ver
 	NOT-FOR-US: Nessus
 CVE-2023-0100
 	RESERVED
-CVE-2023-0099
-	RESERVED
-CVE-2023-0098
-	RESERVED
+CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise and esca ...)
+	TODO: check
+CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape some param ...)
+	TODO: check
 CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate and es ...)
@@ -8815,8 +8893,8 @@ CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0080
-	RESERVED
+CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 do ...)
+	TODO: check
 CVE-2023-0079
 	RESERVED
 CVE-2023-0078
@@ -8901,8 +8979,8 @@ CVE-2023-22619
 	RESERVED
 CVE-2023-0076
 	RESERVED
-CVE-2023-0075
-	RESERVED
+CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and esca ...)
+	TODO: check
 CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0073
@@ -8929,10 +9007,10 @@ CVE-2023-0063
 	RESERVED
 CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0061
-	RESERVED
-CVE-2023-0060
-	RESERVED
+CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin before 1 ...)
+	TODO: check
+CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does not val ...)
+	TODO: check
 CVE-2023-0059
 	RESERVED
 CVE-2023-0058
@@ -9149,8 +9227,8 @@ CVE-2012-10003 (A vulnerability, which was classified as problematic, has been f
 	NOT-FOR-US: ahmyi RivetTracker
 CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been declared  ...)
 	NOT-FOR-US: ahmyi RivetTracker
-CVE-2023-0034
-	RESERVED
+CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin through 1.0.13 does not  ...)
+	TODO: check
 CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4870
@@ -9606,8 +9684,8 @@ CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4830
-	RESERVED
+CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...)
+	TODO: check
 CVE-2022-4829
 	RESERVED
 CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
@@ -9928,8 +10006,8 @@ CVE-2022-48079 (Monnai aaPanel host system v1.5 contains an access control issue
 	NOT-FOR-US: Monnai aaPanel host system
 CVE-2022-48078 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...)
 	NOT-FOR-US: pycdc
-CVE-2022-48077
-	RESERVED
+CVE-2022-48077 (Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vu ...)
+	TODO: check
 CVE-2022-48076
 	RESERVED
 CVE-2022-48075
@@ -10206,8 +10284,8 @@ CVE-2022-4785
 	RESERVED
 CVE-2022-4784
 	RESERVED
-CVE-2022-4783
-	RESERVED
+CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...)
+	TODO: check
 CVE-2022-4782
 	RESERVED
 CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...)
@@ -10462,8 +10540,8 @@ CVE-2022-4761
 	RESERVED
 CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4759
-	RESERVED
+CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and esca ...)
+	TODO: check
 CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4757
@@ -10529,8 +10607,8 @@ CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceD
 	NOT-FOR-US: Zoho
 CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a vis ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4745
-	RESERVED
+CVE-2022-4745 (The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF  ...)
+	TODO: check
 CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as  ...)
 	NOT-FOR-US: Brave UX for-the-badge
 CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...)
@@ -10764,8 +10842,8 @@ CVE-2022-4684 (Improper Access Control in GitHub repository usememos/memos prior
 	NOT-FOR-US: usememos
 CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
 	NOT-FOR-US: usememos
-CVE-2022-4682
-	RESERVED
+CVE-2022-4682 (The Lightbox Gallery WordPress plugin before 0.9.5 does not validate a ...)
+	TODO: check
 CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly sanitiz ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...)
@@ -10830,8 +10908,8 @@ CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4679
 	RESERVED
-CVE-2022-4678
-	RESERVED
+CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not valid ...)
+	TODO: check
 CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4676
@@ -10907,8 +10985,8 @@ CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate an
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4656
-	RESERVED
+CVE-2022-4656 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before  ...)
+	TODO: check
 CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does ...)
@@ -11023,8 +11101,8 @@ CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before 2.6.4
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46286
 	RESERVED
-CVE-2022-4628
-	RESERVED
+CVE-2022-4628 (The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not  ...)
+	TODO: check
 CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and escape so ...)
@@ -13071,8 +13149,8 @@ CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
 	NOT-FOR-US: Microsoft
 CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-4580
-	RESERVED
+CVE-2022-4580 (The Twenty20 Image Before-After WordPress plugin through 1.5.9 does no ...)
+	TODO: check
 CVE-2022-4579
 	REJECTED
 CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...)
@@ -13147,8 +13225,8 @@ CVE-2022-4564 (A vulnerability classified as problematic has been found in Unive
 	NOT-FOR-US: University of Central Florida Materia
 CVE-2022-4563 (A vulnerability was found in Freedom of the Press SecureDrop. It has b ...)
 	NOT-FOR-US: Freedom of the Press SecureDrop
-CVE-2022-4562
-	RESERVED
+CVE-2022-4562 (The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not va ...)
+	TODO: check
 CVE-2022-4561 (A vulnerability classified as problematic has been found in SemanticDr ...)
 	NOT-FOR-US: SemanticDrilldown MediaWiki extension
 CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been rated as  ...)
@@ -13175,8 +13253,8 @@ CVE-2022-4553 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4551
-	RESERVED
+CVE-2022-4551 (The Rich Table of Contents WordPress plugin through 1.3.7 does not val ...)
+	TODO: check
 CVE-2022-4550
 	RESERVED
 CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
@@ -13185,8 +13263,8 @@ CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPre
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4546
-	RESERVED
+CVE-2022-4546 (The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise a ...)
+	TODO: check
 CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and escape s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
@@ -13402,8 +13480,8 @@ CVE-2022-4514 (A vulnerability, which was classified as problematic, was found i
 	NOT-FOR-US: OpenCaching oc-server3
 CVE-2022-4513 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: European Environment Agency eionet.contreg
-CVE-2022-4512
-	RESERVED
+CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not validat ...)
+	TODO: check
 CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...)
 	NOT-FOR-US: RainyGao DocSys
 CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...)
@@ -13566,8 +13644,8 @@ CVE-2022-4490
 	RESERVED
 CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4488
-	RESERVED
+CVE-2022-4488 (The Widgets on Pages WordPress plugin through 1.6.0 does not validate  ...)
+	TODO: check
 CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not validate and ...)
@@ -13734,12 +13812,12 @@ CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not valid
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4473
-	RESERVED
+CVE-2022-4473 (The Widget Shortcode WordPress plugin through 0.3.5 does not validate  ...)
+	TODO: check
 CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not validate and ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4471
-	RESERVED
+CVE-2022-4471 (The YARPP WordPress plugin through 5.30.1 does not validate and escape ...)
+	TODO: check
 CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does not va ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not validate  ...)
@@ -13764,8 +13842,8 @@ CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 do
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not validate and  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4458
-	RESERVED
+CVE-2022-4458 (The amr shortcode any widget WordPress plugin through 4.0 does not val ...)
+	TODO: check
 CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App  ...)
 	NOT-FOR-US: KDDI +Message App, NTT DOCOMO +Message App and SoftBank +Message App
 CVE-2023-21723
@@ -13898,14 +13976,14 @@ CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and pa
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b (OpenSSL_1_1_1t)
 CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4448
-	RESERVED
+CVE-2022-4448 (The GiveWP WordPress plugin before 2.24.0 does not validate and escape ...)
+	TODO: check
 CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly sanitize a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior  ...)
 	NOT-FOR-US: Corebos
-CVE-2022-4445
-	RESERVED
+CVE-2022-4445 (The FL3R FeelBox WordPress plugin through 8.1 does not properly saniti ...)
+	TODO: check
 CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...)
 	NOT-FOR-US: ipti br.tag
 CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF check in  ...)
@@ -14706,7 +14784,8 @@ CVE-2022-47018
 	RESERVED
 CVE-2022-47017
 	RESERVED
-CVE-2022-47016 (A null pointer dereference issue was discovered in function window_pan ...)
+CVE-2022-47016
+	REJECTED
 	- tmux <unfixed> (unimportant)
 	NOTE: https://github.com/tmux/tmux/issues/3312
 	NOTE: https://github.com/tmux/tmux/issues/3447
@@ -18638,10 +18717,10 @@ CVE-2022-45727
 	RESERVED
 CVE-2022-45726
 	RESERVED
-CVE-2022-45725
-	RESERVED
-CVE-2022-45724
-	RESERVED
+CVE-2022-45725 (Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a ...)
+	TODO: check
+CVE-2022-45724 (Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a  ...)
+	TODO: check
 CVE-2022-45723
 	RESERVED
 CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...)
@@ -19347,10 +19426,10 @@ CVE-2022-45457
 	RESERVED
 CVE-2022-45456
 	RESERVED
-CVE-2022-45455
-	RESERVED
-CVE-2022-45454
-	RESERVED
+CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...)
+	TODO: check
+CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...)
+	TODO: check
 CVE-2022-45453
 	RESERVED
 CVE-2022-45452
@@ -20849,8 +20928,8 @@ CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu e
 	NOT-FOR-US: BlueSpice
 CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3891
-	RESERVED
+CVE-2022-3891 (The WP FullCalendar WordPress plugin before 1.5 does not ensure that t ...)
+	TODO: check
 CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...)
 	NOT-FOR-US: Xiongmai
 CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to  ...)
@@ -23943,11 +24022,13 @@ CVE-2022-44270
 CVE-2022-44269
 	RESERVED
 CVE-2022-44268 (ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it  ...)
+	{DSA-5347-1}
 	- imagemagick <unfixed> (bug #1030767)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763
 	NOTE: https://www.metabaseq.com/imagemagick-zero-days/
 	NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027
 CVE-2022-44267 (ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parse ...)
+	{DSA-5347-1}
 	- imagemagick <unfixed> (bug #1030767)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763
 	NOTE: https://www.metabaseq.com/imagemagick-zero-days/
@@ -32912,8 +32993,8 @@ CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Store
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2. ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-41134
-	RESERVED
+CVE-2022-41134 (Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit In ...)
+	TODO: check
 CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40975
@@ -36906,8 +36987,8 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression
 	[bullseye] - mako <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2)
 	NOTE: https://github.com/sqlalchemy/mako/issues/366
-CVE-2022-40022
-	RESERVED
+CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...)
+	TODO: check
 CVE-2022-40021
 	RESERVED
 CVE-2022-40020
@@ -39018,8 +39099,8 @@ CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function
 	NOT-FOR-US: RONDS EPM
 CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1  ...)
 	NOT-FOR-US: Red Lion Controls Crimson
-CVE-2022-3089
-	RESERVED
+CVE-2022-3089 (Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credent ...)
+	TODO: check
 CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...)
 	NOT-FOR-US: Moxa
 CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are  ...)
@@ -52484,8 +52565,8 @@ CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buff
 	TODO: check
 CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local  ...)
 	TODO: check
-CVE-2022-34397
-	RESERVED
+CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
+	TODO: check
 CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earli ...)
 	TODO: check
 CVE-2022-34395



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3d76d562e825a196ffd18a48df0d57612ca09b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a3d76d562e825a196ffd18a48df0d57612ca09b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230213/0469e1a5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list