[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 10 08:10:22 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1fbc5f5 by security tracker role at 2023-01-10T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2023-22907
+ RESERVED
+CVE-2023-22906
+ RESERVED
+CVE-2023-22905
+ RESERVED
+CVE-2023-22904
+ RESERVED
+CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...)
+ TODO: check
+CVE-2023-22902
+ RESERVED
+CVE-2023-22901
+ RESERVED
+CVE-2023-22900
+ RESERVED
+CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...)
+ TODO: check
+CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...)
+ TODO: check
+CVE-2023-22897
+ RESERVED
+CVE-2023-22896
+ RESERVED
+CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...)
+ TODO: check
+CVE-2023-22894
+ RESERVED
+CVE-2023-22893
+ RESERVED
+CVE-2023-22892
+ RESERVED
+CVE-2023-22891
+ RESERVED
+CVE-2023-22890
+ RESERVED
+CVE-2023-22889
+ RESERVED
+CVE-2023-22888
+ RESERVED
+CVE-2023-22887
+ RESERVED
+CVE-2023-22886
+ RESERVED
+CVE-2023-22885
+ RESERVED
+CVE-2023-22884
+ RESERVED
+CVE-2023-0144
+ RESERVED
+CVE-2023-0143
+ RESERVED
+CVE-2023-0142
+ RESERVED
+CVE-2023-0141
+ RESERVED
+CVE-2023-0140
+ RESERVED
+CVE-2023-0139
+ RESERVED
+CVE-2023-0138
+ RESERVED
+CVE-2023-0137
+ RESERVED
+CVE-2023-0136
+ RESERVED
+CVE-2023-0135
+ RESERVED
+CVE-2023-0134
+ RESERVED
+CVE-2023-0133
+ RESERVED
+CVE-2023-0132
+ RESERVED
+CVE-2023-0131
+ RESERVED
+CVE-2023-0130
+ RESERVED
+CVE-2023-0129
+ RESERVED
+CVE-2023-0128
+ RESERVED
+CVE-2023-0127
+ RESERVED
+CVE-2023-0126
+ RESERVED
+CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been declared as ...)
+ TODO: check
+CVE-2023-0124
+ RESERVED
+CVE-2023-0123
+ RESERVED
+CVE-2022-48251 (** DISPUTED ** The AES instructions on the ARMv8 platform do not have ...)
+ TODO: check
+CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows ...)
+ TODO: check
+CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated with the in ...)
+ TODO: check
+CVE-2015-10035 (A vulnerability was found in gperson angular-test-reporter and classif ...)
+ TODO: check
+CVE-2015-10034 (A vulnerability has been found in j-nowak workout-organizer and classi ...)
+ TODO: check
+CVE-2015-10033 (A vulnerability, which was classified as problematic, was found in jvv ...)
+ TODO: check
+CVE-2014-125072 (A vulnerability classified as critical has been found in CherishSin kl ...)
+ TODO: check
+CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...)
+ TODO: check
CVE-2023-22883
RESERVED
CVE-2023-22882
@@ -2266,8 +2374,8 @@ CVE-2023-22324
RESERVED
CVE-2023-22322
RESERVED
-CVE-2023-22320
- RESERVED
+CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...)
+ TODO: check
CVE-2023-22316
RESERVED
CVE-2023-22304
@@ -2810,10 +2918,10 @@ CVE-2023-0025
RESERVED
CVE-2023-0024
RESERVED
-CVE-2023-0023
- RESERVED
-CVE-2023-0022
- RESERVED
+CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...)
+ TODO: check
+CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...)
+ TODO: check
CVE-2023-0021
RESERVED
CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...)
@@ -3033,10 +3141,10 @@ CVE-2023-0020
RESERVED
CVE-2023-0019
RESERVED
-CVE-2023-0018
- RESERVED
-CVE-2023-0017
- RESERVED
+CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...)
+ TODO: check
+CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...)
+ TODO: check
CVE-2022-47890
RESERVED
CVE-2022-47889
@@ -5102,16 +5210,16 @@ CVE-2022-4543 [KASLR Leakage Achievable even with KPTI through Prefetch Side-Cha
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
NOTE: https://www.willsroot.io/2022/12/entrybleed.html
-CVE-2023-0016
- RESERVED
-CVE-2023-0015
- RESERVED
-CVE-2023-0014
- RESERVED
-CVE-2023-0013
- RESERVED
-CVE-2023-0012
- RESERVED
+CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...)
+ TODO: check
+CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...)
+ TODO: check
+CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, ...)
+ TODO: check
+CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Server - v ...)
+ TODO: check
+CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...)
+ TODO: check
CVE-2022-4542
RESERVED
CVE-2022-4541
@@ -5453,8 +5561,8 @@ CVE-2022-4499
RESERVED
CVE-2022-4498
RESERVED
-CVE-2022-4497
- RESERVED
+CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...)
+ TODO: check
CVE-2022-4496
RESERVED
CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -5465,8 +5573,8 @@ CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affec
NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
CVE-2022-4492
RESERVED
-CVE-2022-4491
- RESERVED
+CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...)
+ TODO: check
CVE-2022-4490
RESERVED
CVE-2022-4489
@@ -5489,8 +5597,8 @@ CVE-2022-4481
RESERVED
CVE-2022-4480
RESERVED
-CVE-2022-4479
- RESERVED
+CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...)
+ TODO: check
CVE-2022-4478
RESERVED
CVE-2022-4477
@@ -5649,8 +5757,8 @@ CVE-2022-4470
RESERVED
CVE-2022-4469
RESERVED
-CVE-2022-4468
- RESERVED
+CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
+ TODO: check
CVE-2022-4467
RESERVED
CVE-2022-4466
@@ -6818,8 +6926,8 @@ CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
[buster] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2022-07
-CVE-2022-4426
- RESERVED
+CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...)
+ TODO: check
CVE-2022-4425
RESERVED
CVE-2022-4424
@@ -6952,12 +7060,12 @@ CVE-2022-46893
RESERVED
CVE-2022-4395
RESERVED
-CVE-2022-4394
- RESERVED
-CVE-2022-4393
- RESERVED
-CVE-2022-4392
- RESERVED
+CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...)
+ TODO: check
+CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...)
+ TODO: check
+CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...)
+ TODO: check
CVE-2022-46892
RESERVED
CVE-2022-46891
@@ -7111,8 +7219,8 @@ CVE-2022-46839
RESERVED
CVE-2022-46838
RESERVED
-CVE-2022-4391
- RESERVED
+CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...)
+ TODO: check
CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...)
NOT-FOR-US: Netgear
CVE-2022-4389
@@ -7164,8 +7272,8 @@ CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x
NOT-FOR-US: SICK
CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...)
NOT-FOR-US: Mingsoft MCMS
-CVE-2022-4374
- RESERVED
+CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does not sanit ...)
+ TODO: check
CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...)
@@ -7176,8 +7284,8 @@ CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not pro
NOT-FOR-US: WordPress plugin
CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4368
- RESERVED
+CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and esca ...)
+ TODO: check
CVE-2022-4367
RESERVED
CVE-2022-43501
@@ -7448,8 +7556,8 @@ CVE-2022-4327
RESERVED
CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...)
NOT-FOR-US: Trellix Endpoint Agent (xAgent)
-CVE-2022-4325
- RESERVED
+CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does not ...)
+ TODO: check
CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4323
@@ -7772,8 +7880,8 @@ CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (
NOT-FOR-US: Siemens
CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file path. S ...)
NOT-FOR-US: Roxio
-CVE-2022-4310
- RESERVED
+CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise ...)
+ TODO: check
CVE-2022-4309
RESERVED
CVE-2022-4308
@@ -7790,8 +7898,8 @@ CVE-2022-4303
RESERVED
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4301
- RESERVED
+CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...)
+ TODO: check
CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...)
NOT-FOR-US: FastCMS
CVE-2022-4299
@@ -7918,8 +8026,8 @@ CVE-2022-46605
RESERVED
CVE-2022-46604
RESERVED
-CVE-2022-46603
- RESERVED
+CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...)
+ TODO: check
CVE-2022-46602
RESERVED
CVE-2022-46601 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...)
@@ -9058,8 +9166,8 @@ CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4196
- RESERVED
+CVE-2022-4196 (The Multi Step Form WordPress plugin before 1.7.8 does not sanitise an ...)
+ TODO: check
CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
{DSA-5293-1}
- chromium 108.0.5359.71-1
@@ -10977,10 +11085,10 @@ CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript whi
NOT-FOR-US: kiwi Test Plan
CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...)
NOT-FOR-US: Tenable
-CVE-2022-4103
- RESERVED
-CVE-2022-4102
- RESERVED
+CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...)
+ TODO: check
+CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...)
+ TODO: check
CVE-2022-4101
RESERVED
CVE-2022-4100
@@ -11170,8 +11278,8 @@ CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an aut
- mattermost-server <itp> (bug #823556)
CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-4043
- RESERVED
+CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...)
+ TODO: check
CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4041
@@ -12420,8 +12528,8 @@ CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-3924
RESERVED
-CVE-2022-3923
- RESERVED
+CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
+ TODO: check
CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45134
@@ -14623,8 +14731,8 @@ CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-44665
RESERVED
-CVE-2022-3855
- RESERVED
+CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not sanitise and ...)
+ TODO: check
CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
RESERVED
- ceph 16.2.10+ds-5 (bug #1027151)
@@ -16906,14 +17014,14 @@ CVE-2022-43975
RESERVED
CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...)
TODO: check
-CVE-2022-43973
- RESERVED
-CVE-2022-43972
- RESERVED
-CVE-2022-43971
- RESERVED
-CVE-2022-43970
- RESERVED
+CVE-2022-43973 (An arbitrary code execution vulnerability exisits in Linksys WRT54GL W ...)
+ TODO: check
+CVE-2022-43972 (A null pointer dereference vulnerability exists in Linksys WRT54GL Wir ...)
+ TODO: check
+CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC710 Wir ...)
+ TODO: check
+CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...)
+ TODO: check
CVE-2022-43969
RESERVED
CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -18926,8 +19034,8 @@ CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyo
NOT-FOR-US: Kyocera Document Solutions
CVE-2022-3680
RESERVED
-CVE-2022-3679
- RESERVED
+CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...)
+ TODO: check
CVE-2022-3678
RESERVED
CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
@@ -22396,10 +22504,10 @@ CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery s
NOT-FOR-US: Bluespice skin
CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3417
- RESERVED
-CVE-2022-3416
- RESERVED
+CVE-2022-3417 (The WPtouch WordPress plugin before 4.3.45 unserialises the content of ...)
+ TODO: check
+CVE-2022-3416 (The WPtouch WordPress plugin before 4.3.45 does not properly validate ...)
+ TODO: check
CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
@@ -24690,8 +24798,8 @@ CVE-2022-3345
CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...)
- linux 6.0.12-1
NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
-CVE-2022-3343
- RESERVED
+CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...)
+ TODO: check
CVE-2022-3342
RESERVED
CVE-2022-3341
@@ -110964,8 +111072,8 @@ CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). Th
NOT-FOR-US: engineercms
CVE-2021-36604
RESERVED
-CVE-2021-36603
- RESERVED
+CVE-2021-36603 (Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote att ...)
+ TODO: check
CVE-2021-36602
RESERVED
CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1fbc5f55727fa1aa1b8f9e7ce1045eb50c2d424
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1fbc5f55727fa1aa1b8f9e7ce1045eb50c2d424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230110/22f3794e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list