[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 27 20:10:44 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6bb1ae82 by security tracker role at 2023-02-27T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2023-27291
+ RESERVED
+CVE-2023-27290
+ RESERVED
+CVE-2023-27289
+ RESERVED
+CVE-2023-27288
+ RESERVED
+CVE-2023-27287
+ RESERVED
+CVE-2023-27286
+ RESERVED
+CVE-2023-27285
+ RESERVED
+CVE-2023-27284
+ RESERVED
+CVE-2023-27283
+ RESERVED
+CVE-2023-27282
+ RESERVED
+CVE-2023-27281
+ RESERVED
+CVE-2023-27280
+ RESERVED
+CVE-2023-27279
+ RESERVED
+CVE-2023-27278
+ RESERVED
+CVE-2023-27277
+ RESERVED
+CVE-2023-27276
+ RESERVED
+CVE-2023-27275
+ RESERVED
+CVE-2023-27274
+ RESERVED
+CVE-2023-27273
+ RESERVED
+CVE-2023-27272
+ RESERVED
+CVE-2023-27271
+ RESERVED
+CVE-2023-27270
+ RESERVED
+CVE-2023-27269
+ RESERVED
+CVE-2023-27268
+ RESERVED
+CVE-2023-27267
+ RESERVED
+CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
+ TODO: check
+CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
+ TODO: check
+CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermost allo ...)
+ TODO: check
+CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...)
+ TODO: check
+CVE-2023-1079
+ RESERVED
+CVE-2023-1078
+ RESERVED
+CVE-2023-1077
+ RESERVED
+CVE-2023-1076
+ RESERVED
+CVE-2023-1075
+ RESERVED
+CVE-2023-1074
+ RESERVED
+CVE-2023-1073
+ RESERVED
+CVE-2023-1072
+ RESERVED
+CVE-2023-1071
+ RESERVED
+CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...)
+ TODO: check
+CVE-2023-1069
+ RESERVED
+CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-1066
+ RESERVED
+CVE-2023-1065
+ RESERVED
+CVE-2023-1064
+ RESERVED
+CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors Appointment S ...)
+ TODO: check
+CVE-2023-1062 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1061 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1060
+ RESERVED
+CVE-2023-1059 (A vulnerability classified as critical was found in SourceCodester Doc ...)
+ TODO: check
+CVE-2023-1058 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-1057 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
+ TODO: check
+CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment System ...)
+ TODO: check
+CVE-2023-1055
+ RESERVED
+CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
+ TODO: check
+CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 1.0 and ...)
+ TODO: check
+CVE-2023-1052
+ RESERVED
+CVE-2023-1051
+ RESERVED
+CVE-2023-1050
+ RESERVED
+CVE-2023-1049
+ RESERVED
CVE-2023-XXXX [RUSTSEC-2023-0015]
- rust-ascii 0.9.3-1
[bullseye] - rust-ascii <no-dsa> (Minor issue)
@@ -1004,16 +1124,16 @@ CVE-2023-26764
RESERVED
CVE-2023-26763
RESERVED
-CVE-2023-26762
- RESERVED
+CVE-2023-26762 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary fi ...)
+ TODO: check
CVE-2023-26761
RESERVED
-CVE-2023-26760
- RESERVED
-CVE-2023-26759
- RESERVED
-CVE-2023-26758
- RESERVED
+CVE-2023-26760 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information ...)
+ TODO: check
+CVE-2023-26759 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command i ...)
+ TODO: check
+CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file d ...)
+ TODO: check
CVE-2023-26757
RESERVED
CVE-2023-26756
@@ -2925,8 +3045,8 @@ CVE-2023-26044
RESERVED
CVE-2023-26043
RESERVED
-CVE-2023-26042
- RESERVED
+CVE-2023-26042 (Part-DB is an open source inventory management system for your electro ...)
+ TODO: check
CVE-2023-26041
RESERVED
CVE-2023-26040
@@ -4476,6 +4596,7 @@ CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affecte
CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
NOT-FOR-US: Starlite
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
+ {DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
NOTE: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 (2.2.3)
NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
@@ -5286,16 +5407,16 @@ CVE-2023-25237
RESERVED
CVE-2023-25236
RESERVED
-CVE-2023-25235
- RESERVED
-CVE-2023-25234
- RESERVED
-CVE-2023-25233
- RESERVED
+CVE-2023-25235 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
+ TODO: check
+CVE-2023-25234 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
+ TODO: check
+CVE-2023-25233 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...)
+ TODO: check
CVE-2023-25232
RESERVED
-CVE-2023-25231
- RESERVED
+CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
+ TODO: check
CVE-2023-25230
RESERVED
CVE-2023-25229
@@ -6493,8 +6614,8 @@ CVE-2023-0575 (External Control of Critical State Data, Improper Control of Gene
- yugabyte-db <itp> (bug #989673)
CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...)
- yugabyte-db <itp> (bug #989673)
-CVE-2022-48305
- RESERVED
+CVE-2022-48305 (There is an identity authentication bypass vulnerability in Huawei Chi ...)
+ TODO: check
CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
@@ -6793,18 +6914,18 @@ CVE-2023-24658
RESERVED
CVE-2023-24657
RESERVED
-CVE-2023-24656
- RESERVED
+CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
CVE-2023-24655
RESERVED
-CVE-2023-24654
- RESERVED
-CVE-2023-24653
- RESERVED
-CVE-2023-24652
- RESERVED
-CVE-2023-24651
- RESERVED
+CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
+CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
+CVE-2023-24652 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
+CVE-2023-24651 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
CVE-2023-24650
RESERVED
CVE-2023-24649
@@ -7031,16 +7152,16 @@ CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to C
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
-CVE-2023-0552
- RESERVED
+CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...)
+ TODO: check
CVE-2023-0551
RESERVED
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
-CVE-2022-48284
- RESERVED
-CVE-2022-48283
- RESERVED
+CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...)
+ TODO: check
+CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...)
+ TODO: check
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...)
NOT-FOR-US: NYUCCL psiTurk
CVE-2023-24595
@@ -7057,8 +7178,8 @@ CVE-2023-22299
RESERVED
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: YAFNET
-CVE-2023-0548
- RESERVED
+CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...)
+ TODO: check
CVE-2023-0547
RESERVED
CVE-2023-0546
@@ -7067,24 +7188,24 @@ CVE-2023-0545
RESERVED
CVE-2023-0544
RESERVED
-CVE-2023-0543
- RESERVED
+CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...)
+ TODO: check
CVE-2023-0542
RESERVED
CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0539
- RESERVED
+CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...)
+ TODO: check
CVE-2023-0538
RESERVED
CVE-2023-0537
RESERVED
CVE-2023-0536
RESERVED
-CVE-2023-0535
- RESERVED
+CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0 does not v ...)
+ TODO: check
CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -7395,8 +7516,8 @@ CVE-2023-0489
RESERVED
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...)
- pyload <itp> (bug #1001980)
-CVE-2023-0487
- RESERVED
+CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...)
+ TODO: check
CVE-2023-0486
RESERVED
CVE-2023-0485
@@ -7795,8 +7916,8 @@ CVE-2023-24366
RESERVED
CVE-2023-24365
RESERVED
-CVE-2023-24364
- RESERVED
+CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
CVE-2023-24363
RESERVED
CVE-2023-24362
@@ -8026,16 +8147,16 @@ CVE-2023-24255
RESERVED
CVE-2023-24254
RESERVED
-CVE-2023-24253
- RESERVED
+CVE-2023-24253 (Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain ...)
+ TODO: check
CVE-2023-24252
RESERVED
-CVE-2023-24251
- RESERVED
+CVE-2023-24251 (WangEditor v5 was discovered to contain a cross-site scripting (XSS) v ...)
+ TODO: check
CVE-2023-24250
RESERVED
-CVE-2023-24249
- RESERVED
+CVE-2023-24249 (An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows ...)
+ TODO: check
CVE-2023-24248
RESERVED
CVE-2023-24247
@@ -8120,8 +8241,8 @@ CVE-2023-24208
RESERVED
CVE-2023-24207
RESERVED
-CVE-2023-24206
- RESERVED
+CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...)
NOT-FOR-US: Clash for Windows
CVE-2023-24204
@@ -8809,6 +8930,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version
CVE-2023-23935
RESERVED
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
+ {DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
NOTE: https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028 (2.2.3)
NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
@@ -9249,8 +9371,8 @@ CVE-2023-0383
RESERVED
CVE-2023-0382
RESERVED
-CVE-2023-0381
- RESERVED
+CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...)
+ TODO: check
CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...)
@@ -9533,8 +9655,8 @@ CVE-2023-0336
RESERVED
CVE-2023-0335
RESERVED
-CVE-2023-0334
- RESERVED
+CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...)
+ TODO: check
CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
@@ -9682,8 +9804,8 @@ CVE-2023-23639
RESERVED
CVE-2023-23638
RESERVED
-CVE-2023-0331
- RESERVED
+CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...)
+ TODO: check
CVE-2023-0330
RESERVED
- qemu <unfixed> (bug #1029155)
@@ -9692,8 +9814,8 @@ CVE-2023-0330
NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html
CVE-2023-0329
RESERVED
-CVE-2022-48261
- RESERVED
+CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
+ TODO: check
CVE-2020-36652
RESERVED
CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and classifi ...)
@@ -10078,10 +10200,10 @@ CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking
NOT-FOR-US: SourceCodester Online Flight Booking Management System
CVE-2023-0280
RESERVED
-CVE-2023-0279
- RESERVED
-CVE-2023-0278
- RESERVED
+CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not prop ...)
+ TODO: check
+CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...)
+ TODO: check
CVE-2023-0277
RESERVED
CVE-2023-0276
@@ -10321,10 +10443,10 @@ CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering
NOT-FOR-US: SourceCodester
CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
NOT-FOR-US: SourceCodester
-CVE-2022-48260
- RESERVED
-CVE-2022-48259
- RESERVED
+CVE-2022-48260 (There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. ...)
+ TODO: check
+CVE-2022-48259 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...)
+ TODO: check
CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...)
- eternal-terminal <itp> (bug #861635)
CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...)
@@ -10471,8 +10593,8 @@ CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user in
NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0230
- RESERVED
+CVE-2023-0230 (The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does ...)
+ TODO: check
CVE-2022-4887
RESERVED
CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-system and ...)
@@ -10713,10 +10835,10 @@ CVE-2023-0223
RESERVED
CVE-2022-4886
RESERVED
-CVE-2022-48255
- RESERVED
-CVE-2022-48254
- RESERVED
+CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...)
+ TODO: check
+CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0.49(M0 ...)
+ TODO: check
CVE-2023-23348
RESERVED
CVE-2023-23347
@@ -11097,14 +11219,14 @@ CVE-2023-23160
RESERVED
CVE-2023-23159
RESERVED
-CVE-2023-23158
- RESERVED
-CVE-2023-23157
- RESERVED
-CVE-2023-23156
- RESERVED
-CVE-2023-23155
- RESERVED
+CVE-2023-23158 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...)
+ TODO: check
+CVE-2023-23157 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...)
+ TODO: check
+CVE-2023-23156 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...)
+ TODO: check
+CVE-2023-23155 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...)
+ TODO: check
CVE-2023-23154
RESERVED
CVE-2023-23153
@@ -11201,10 +11323,10 @@ CVE-2023-23111
RESERVED
CVE-2023-23110 (An exploitable firmware modification vulnerability was discovered in c ...)
NOT-FOR-US: Netgear
-CVE-2023-23109
- RESERVED
-CVE-2023-23108
- RESERVED
+CVE-2023-23109 (In crasm 1.8-3, invalid input validation, specific files passed to the ...)
+ TODO: check
+CVE-2023-23108 (In crasm 1.8-3, invalid input validation, specific files passed to the ...)
+ TODO: check
CVE-2023-23107
RESERVED
CVE-2023-23106
@@ -11330,8 +11452,8 @@ CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Softwa
NOTE: https://github.com/xbmc/xbmc/pull/22380
CVE-2023-23081
RESERVED
-CVE-2023-23080
- RESERVED
+CVE-2023-23080 (Certain Tenda products are vulnerable to command injection. This affec ...)
+ TODO: check
CVE-2023-23079
RESERVED
CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...)
@@ -11751,8 +11873,8 @@ CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not va
NOT-FOR-US: WordPress plugin
CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0168
- RESERVED
+CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not valid ...)
+ TODO: check
CVE-2023-0167
RESERVED
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...)
@@ -12053,8 +12175,8 @@ CVE-2023-22862
RESERVED
CVE-2023-22861
RESERVED
-CVE-2023-22860
- RESERVED
+CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...)
+ TODO: check
CVE-2023-22859
RESERVED
CVE-2023-22459
@@ -12120,8 +12242,8 @@ CVE-2022-48232
RESERVED
CVE-2022-48231
RESERVED
-CVE-2022-48230
- RESERVED
+CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...)
+ TODO: check
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm <no-dsa> (Minor issue)
@@ -12843,8 +12965,8 @@ CVE-2023-22638 (Several improper neutralization of inputs during web page genera
NOT-FOR-US: FortiGuard
CVE-2023-22637
RESERVED
-CVE-2023-22636
- RESERVED
+CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...)
+ TODO: check
CVE-2023-22635
RESERVED
CVE-2023-22634
@@ -13150,8 +13272,8 @@ CVE-2023-22588
RESERVED
CVE-2023-22587
RESERVED
-CVE-2023-0043
- RESERVED
+CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...)
+ TODO: check
CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-0041
@@ -13674,8 +13796,8 @@ CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4829
- RESERVED
+CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does no ...)
+ TODO: check
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4827
@@ -14248,8 +14370,8 @@ CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in GitH
NOT-FOR-US: usememos
CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
NOT-FOR-US: usememos
-CVE-2022-4795
- RESERVED
+CVE-2022-4795 (The Galleries by Angie Makes WordPress plugin through 1.67 does not va ...)
+ TODO: check
CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate and ...)
@@ -14262,8 +14384,8 @@ CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.
NOT-FOR-US: WordPress plugin
CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4788
- RESERVED
+CVE-2022-4788 (The Embed PDF WordPress plugin through 1.0.6 does not validate and esc ...)
+ TODO: check
CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate and esca ...)
@@ -14534,8 +14656,8 @@ CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4757
- RESERVED
+CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not valida ...)
+ TODO: check
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
@@ -14896,8 +15018,8 @@ CVE-2022-47914
RESERVED
CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes user ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4679
- RESERVED
+CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not validate and ...)
+ TODO: check
CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...)
@@ -17249,8 +17371,8 @@ CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4550
- RESERVED
+CVE-2022-4550 (The User Activity WordPress plugin through 1.0.1 checks headers such a ...)
+ TODO: check
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress pl ...)
@@ -22771,8 +22893,8 @@ CVE-2022-45699 (Command injection in the administration interface in APSystems E
NOT-FOR-US: APSystems
CVE-2022-45698
RESERVED
-CVE-2022-45697
- RESERVED
+CVE-2022-45697 (Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 ...)
+ TODO: check
CVE-2022-45696
RESERVED
CVE-2022-45695
@@ -24605,7 +24727,7 @@ CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not sanitize
NOT-FOR-US: WordPress plugin
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize and escap ...)
+CVE-2022-3934 (The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...)
NOT-FOR-US: WordPress plugin
@@ -24627,14 +24749,14 @@ CVE-2022-45141
RESERVED
- samba 2:4.16.0+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html
-CVE-2022-45140
- RESERVED
-CVE-2022-45139
- RESERVED
-CVE-2022-45138
- RESERVED
-CVE-2022-45137
- RESERVED
+CVE-2022-45140 (The configuration backend allows an unauthenticated user to write arbi ...)
+ TODO: check
+CVE-2022-45139 (A CORS Misconfiguration in the web-based management allows a malicious ...)
+ TODO: check
+CVE-2022-45138 (The configuration backend of the web-based management can be used by u ...)
+ TODO: check
+CVE-2022-45137 (The configuration backend of the web-based management is vulnerable to ...)
+ TODO: check
CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is ...)
- apache-jena 4.5.0-1 (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
@@ -40513,8 +40635,8 @@ CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x throu
NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431
NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28
NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64
-CVE-2022-40237
- RESERVED
+CVE-2022-40237 (IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service atta ...)
+ TODO: check
CVE-2022-40236
RESERVED
CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to cause a ...)
@@ -55024,12 +55146,12 @@ CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ..
[buster] - vim <not-affected> (vulnerable code introduced in 8.2.4763)
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025)
-CVE-2022-34910
- RESERVED
-CVE-2022-34909
- RESERVED
-CVE-2022-34908
- RESERVED
+CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
+ TODO: check
+CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
+ TODO: check
+CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
+ TODO: check
CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...)
NOT-FOR-US: FileWave
CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...)
@@ -129203,8 +129325,8 @@ CVE-2021-34250
NOT-FOR-US: baijiacms
CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...)
TODO: check
-CVE-2021-34248 (SQL injection vulnerability in sourcecodester mobile-shop-system-php-m ...)
- TODO: check
+CVE-2021-34248
+ REJECTED
CVE-2021-34247
RESERVED
CVE-2021-34246
@@ -134192,8 +134314,8 @@ CVE-2021-32304
RESERVED
CVE-2021-32303
RESERVED
-CVE-2021-32302
- RESERVED
+CVE-2021-32302 (Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router ...)
+ TODO: check
CVE-2021-32301
RESERVED
CVE-2021-32300
@@ -308780,185 +308902,185 @@ CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There
CVE-2018-18189
RESERVED
CVE-2018-18188
- RESERVED
+ REJECTED
CVE-2018-18187
- RESERVED
+ REJECTED
CVE-2018-18186
- RESERVED
+ REJECTED
CVE-2018-18185
- RESERVED
+ REJECTED
CVE-2018-18184
- RESERVED
+ REJECTED
CVE-2018-18183
- RESERVED
+ REJECTED
CVE-2018-18182
- RESERVED
+ REJECTED
CVE-2018-18181
- RESERVED
+ REJECTED
CVE-2018-18180
- RESERVED
+ REJECTED
CVE-2018-18179
- RESERVED
+ REJECTED
CVE-2018-18178
- RESERVED
+ REJECTED
CVE-2018-18177
- RESERVED
+ REJECTED
CVE-2018-18176
- RESERVED
+ REJECTED
CVE-2018-18175
- RESERVED
+ REJECTED
CVE-2018-18174
- RESERVED
+ REJECTED
CVE-2018-18173
- RESERVED
+ REJECTED
CVE-2018-18172
- RESERVED
+ REJECTED
CVE-2018-18171
- RESERVED
+ REJECTED
CVE-2018-18170
- RESERVED
+ REJECTED
CVE-2018-18169
- RESERVED
+ REJECTED
CVE-2018-18168
- RESERVED
+ REJECTED
CVE-2018-18167
- RESERVED
+ REJECTED
CVE-2018-18166
- RESERVED
+ REJECTED
CVE-2018-18165
- RESERVED
+ REJECTED
CVE-2018-18164
- RESERVED
+ REJECTED
CVE-2018-18163
- RESERVED
+ REJECTED
CVE-2018-18162
- RESERVED
+ REJECTED
CVE-2018-18161
- RESERVED
+ REJECTED
CVE-2018-18160
- RESERVED
+ REJECTED
CVE-2018-18159
- RESERVED
+ REJECTED
CVE-2018-18158
- RESERVED
+ REJECTED
CVE-2018-18157
- RESERVED
+ REJECTED
CVE-2018-18156
- RESERVED
+ REJECTED
CVE-2018-18155
- RESERVED
+ REJECTED
CVE-2018-18154
- RESERVED
+ REJECTED
CVE-2018-18153
- RESERVED
+ REJECTED
CVE-2018-18152
- RESERVED
+ REJECTED
CVE-2018-18151
- RESERVED
+ REJECTED
CVE-2018-18150
- RESERVED
+ REJECTED
CVE-2018-18149
- RESERVED
+ REJECTED
CVE-2018-18148
- RESERVED
+ REJECTED
CVE-2018-18147
- RESERVED
+ REJECTED
CVE-2018-18146
- RESERVED
+ REJECTED
CVE-2018-18145
- RESERVED
+ REJECTED
CVE-2018-18144
- RESERVED
+ REJECTED
CVE-2018-18143
- RESERVED
+ REJECTED
CVE-2018-18142
- RESERVED
+ REJECTED
CVE-2018-18141
- RESERVED
+ REJECTED
CVE-2018-18140
- RESERVED
+ REJECTED
CVE-2018-18139
- RESERVED
+ REJECTED
CVE-2018-18138
- RESERVED
+ REJECTED
CVE-2018-18137
- RESERVED
+ REJECTED
CVE-2018-18136
- RESERVED
+ REJECTED
CVE-2018-18135
- RESERVED
+ REJECTED
CVE-2018-18134
- RESERVED
+ REJECTED
CVE-2018-18133
- RESERVED
+ REJECTED
CVE-2018-18132
- RESERVED
+ REJECTED
CVE-2018-18131
- RESERVED
+ REJECTED
CVE-2018-18130
- RESERVED
+ REJECTED
CVE-2018-18129
- RESERVED
+ REJECTED
CVE-2018-18128
- RESERVED
+ REJECTED
CVE-2018-18127
- RESERVED
+ REJECTED
CVE-2018-18126
- RESERVED
+ REJECTED
CVE-2018-18125
- RESERVED
+ REJECTED
CVE-2018-18124
- RESERVED
+ REJECTED
CVE-2018-18123
- RESERVED
+ REJECTED
CVE-2018-18122
- RESERVED
+ REJECTED
CVE-2018-18121
- RESERVED
+ REJECTED
CVE-2018-18120
- RESERVED
+ REJECTED
CVE-2018-18119
- RESERVED
+ REJECTED
CVE-2018-18118
- RESERVED
+ REJECTED
CVE-2018-18117
- RESERVED
+ REJECTED
CVE-2018-18116
- RESERVED
+ REJECTED
CVE-2018-18115
- RESERVED
+ REJECTED
CVE-2018-18114
- RESERVED
+ REJECTED
CVE-2018-18113
- RESERVED
+ REJECTED
CVE-2018-18112
- RESERVED
+ REJECTED
CVE-2018-18111
- RESERVED
+ REJECTED
CVE-2018-18110
- RESERVED
+ REJECTED
CVE-2018-18109
- RESERVED
+ REJECTED
CVE-2018-18108
- RESERVED
+ REJECTED
CVE-2018-18107
- RESERVED
+ REJECTED
CVE-2018-18106
- RESERVED
+ REJECTED
CVE-2018-18105
- RESERVED
+ REJECTED
CVE-2018-18104
- RESERVED
+ REJECTED
CVE-2018-18103
- RESERVED
+ REJECTED
CVE-2018-18102
- RESERVED
+ REJECTED
CVE-2018-18101
- RESERVED
+ REJECTED
CVE-2018-18100
- RESERVED
+ REJECTED
CVE-2018-18099
- RESERVED
+ REJECTED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox befo ...)
@@ -308972,7 +309094,7 @@ CVE-2018-18094 (Improper directory permissions in installer for Intel(R) Media S
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune Amplifier 2 ...)
NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
- RESERVED
+ REJECTED
CVE-2018-18091 (Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for W ...)
NOT-FOR-US: Intel
CVE-2018-18090 (Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Wind ...)
@@ -324536,13 +324658,13 @@ CVE-2018-12199 (Buffer overflow in an OS component in Intel CSME before versions
CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform Services HEC ...)
NOT-FOR-US: Intel
CVE-2018-12197
- RESERVED
+ REJECTED
CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before ...)
NOT-FOR-US: Intel
CVE-2018-12195
- RESERVED
+ REJECTED
CVE-2018-12194
- RESERVED
+ REJECTED
CVE-2018-12193 (Insufficient access control in driver stack for Intel QuickAssist Tech ...)
NOT-FOR-US: Intel
CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11 ...)
@@ -324558,11 +324680,11 @@ CVE-2018-12188 (Insufficient input validation in Intel CSME before versions 11.8
CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management Technology ...)
NOT-FOR-US: Intel
CVE-2018-12186
- RESERVED
+ REJECTED
CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before ...)
NOT-FOR-US: Intel
CVE-2018-12184
- RESERVED
+ REJECTED
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...)
- edk2 0~20181115.85588389-1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -324611,7 +324733,7 @@ CVE-2018-12172 (Improper password hashing in firmware in Intel Server Board (S72
CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) fi ...)
NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
- RESERVED
+ REJECTED
CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor, ...)
NOT-FOR-US: Intel
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
@@ -324622,9 +324744,9 @@ CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SS
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD ...)
NOT-FOR-US: Intel
CVE-2018-12165
- RESERVED
+ REJECTED
CVE-2018-12164
- RESERVED
+ REJECTED
CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 inst ...)
NOT-FOR-US: Intel IoT Developers Kit
CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...)
@@ -324638,9 +324760,9 @@ CVE-2018-12159 (Buffer overflow in the command-line interface for Intel(R) PROSe
CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel NUC FW k ...)
NOT-FOR-US: Intel
CVE-2018-12157
- RESERVED
+ REJECTED
CVE-2018-12156
- RESERVED
+ REJECTED
CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before 2019 upda ...)
NOT-FOR-US: Intel
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
@@ -324660,35 +324782,35 @@ CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Sup
CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) CSME befor ...)
NOT-FOR-US: Intel
CVE-2018-12146
- RESERVED
+ REJECTED
CVE-2018-12145
- RESERVED
+ REJECTED
CVE-2018-12144
- RESERVED
+ REJECTED
CVE-2018-12143
- RESERVED
+ REJECTED
CVE-2018-12142
- RESERVED
+ REJECTED
CVE-2018-12141
- RESERVED
+ REJECTED
CVE-2018-12140
- RESERVED
+ REJECTED
CVE-2018-12139
- RESERVED
+ REJECTED
CVE-2018-12138
- RESERVED
+ REJECTED
CVE-2018-12137
- RESERVED
+ REJECTED
CVE-2018-12136
- RESERVED
+ REJECTED
CVE-2018-12135
- RESERVED
+ REJECTED
CVE-2018-12134
- RESERVED
+ REJECTED
CVE-2018-12133
- RESERVED
+ REJECTED
CVE-2018-12132
- RESERVED
+ REJECTED
CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before versio ...)
NOT-FOR-US: Intel
CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on ...)
@@ -324705,9 +324827,9 @@ CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffe
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12129
- RESERVED
+ REJECTED
CVE-2018-12128
- RESERVED
+ REJECTED
CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some ...)
{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
- intel-microcode 3.20190514.1
@@ -324735,7 +324857,7 @@ CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS): Store buf
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12125
- RESERVED
+ REJECTED
CVE-2018-12124
RESERVED
CVE-2018-12123 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb1ae8299e4ad5a964506bfbefa7564f1fa5de6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bb1ae8299e4ad5a964506bfbefa7564f1fa5de6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230227/79b983dd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list