[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 23 20:10:31 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fec92388 by security tracker role at 2023-01-23T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2023-24459
+	RESERVED
+CVE-2023-24458
+	RESERVED
+CVE-2023-24457
+	RESERVED
+CVE-2023-24456
+	RESERVED
+CVE-2023-24455
+	RESERVED
+CVE-2023-24454
+	RESERVED
+CVE-2023-24453
+	RESERVED
+CVE-2023-24452
+	RESERVED
+CVE-2023-24451
+	RESERVED
+CVE-2023-24450
+	RESERVED
+CVE-2023-24449
+	RESERVED
+CVE-2023-24448
+	RESERVED
+CVE-2023-24447
+	RESERVED
+CVE-2023-24446
+	RESERVED
+CVE-2023-24445
+	RESERVED
+CVE-2023-24444
+	RESERVED
+CVE-2023-24443
+	RESERVED
+CVE-2023-24442
+	RESERVED
+CVE-2023-24441
+	RESERVED
+CVE-2023-24440
+	RESERVED
+CVE-2023-24439
+	RESERVED
+CVE-2023-24438
+	RESERVED
+CVE-2023-24437
+	RESERVED
+CVE-2023-24436
+	RESERVED
+CVE-2023-24435
+	RESERVED
+CVE-2023-24434
+	RESERVED
+CVE-2023-24433
+	RESERVED
+CVE-2023-24432
+	RESERVED
+CVE-2023-24431
+	RESERVED
+CVE-2023-24430
+	RESERVED
+CVE-2023-24429
+	RESERVED
+CVE-2023-24428
+	RESERVED
+CVE-2023-24427
+	RESERVED
+CVE-2023-24426
+	RESERVED
+CVE-2023-24425
+	RESERVED
+CVE-2023-24424
+	RESERVED
+CVE-2023-24423
+	RESERVED
+CVE-2023-24422
+	RESERVED
+CVE-2023-24421
+	RESERVED
+CVE-2023-24420
+	RESERVED
+CVE-2023-24419
+	RESERVED
+CVE-2023-24418
+	RESERVED
+CVE-2023-24417
+	RESERVED
+CVE-2023-24416
+	RESERVED
+CVE-2023-24415
+	RESERVED
+CVE-2023-24414
+	RESERVED
+CVE-2023-24413
+	RESERVED
+CVE-2023-24412
+	RESERVED
+CVE-2023-24411
+	RESERVED
+CVE-2023-24410
+	RESERVED
+CVE-2023-24409
+	RESERVED
+CVE-2023-24408
+	RESERVED
+CVE-2023-24407
+	RESERVED
+CVE-2023-24406
+	RESERVED
+CVE-2023-24405
+	RESERVED
+CVE-2023-24404
+	RESERVED
+CVE-2023-24403
+	RESERVED
+CVE-2023-24402
+	RESERVED
+CVE-2023-24401
+	RESERVED
+CVE-2023-24400
+	RESERVED
+CVE-2023-24399
+	RESERVED
+CVE-2023-24398
+	RESERVED
+CVE-2023-24397
+	RESERVED
+CVE-2023-24396
+	RESERVED
+CVE-2023-24395
+	RESERVED
+CVE-2023-24394
+	RESERVED
+CVE-2023-24393
+	RESERVED
+CVE-2023-24392
+	RESERVED
+CVE-2023-24391
+	RESERVED
+CVE-2023-24390
+	RESERVED
+CVE-2023-24389
+	RESERVED
+CVE-2023-24388
+	RESERVED
+CVE-2023-24387
+	RESERVED
+CVE-2023-24386
+	RESERVED
+CVE-2023-24385
+	RESERVED
+CVE-2023-24384
+	RESERVED
+CVE-2023-24383
+	RESERVED
+CVE-2023-24382
+	RESERVED
+CVE-2023-24381
+	RESERVED
+CVE-2023-24380
+	RESERVED
+CVE-2023-24379
+	RESERVED
+CVE-2023-24378
+	RESERVED
+CVE-2023-24377
+	RESERVED
+CVE-2023-24376
+	RESERVED
+CVE-2023-24375
+	RESERVED
+CVE-2023-24374
+	RESERVED
+CVE-2023-24373
+	RESERVED
+CVE-2023-24372
+	RESERVED
+CVE-2023-23579
+	RESERVED
+CVE-2023-22846
+	RESERVED
+CVE-2023-22354
+	RESERVED
+CVE-2023-22321
+	RESERVED
+CVE-2023-22295
+	RESERVED
+CVE-2023-0452
+	RESERVED
+CVE-2023-0451
+	RESERVED
+CVE-2023-0450
+	RESERVED
+CVE-2023-0449
+	RESERVED
+CVE-2023-0448
+	RESERVED
+CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...)
+	TODO: check
+CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2023-0445
+	RESERVED
+CVE-2023-0444
+	RESERVED
+CVE-2023-0443
+	RESERVED
+CVE-2023-0442
+	RESERVED
+CVE-2023-0441
+	RESERVED
+CVE-2023-0440 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+	TODO: check
+CVE-2023-0439
+	RESERVED
+CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
+	TODO: check
+CVE-2023-0437
+	RESERVED
+CVE-2023-0436
+	RESERVED
+CVE-2022-48282
+	RESERVED
 CVE-2023-24371
 	RESERVED
 CVE-2023-24370
@@ -542,16 +764,16 @@ CVE-2023-24101
 	RESERVED
 CVE-2023-24100
 	RESERVED
-CVE-2023-24099
-	RESERVED
-CVE-2023-24098
-	RESERVED
-CVE-2023-24097
-	RESERVED
-CVE-2023-24096
-	RESERVED
-CVE-2023-24095
-	RESERVED
+CVE-2023-24099 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
+CVE-2023-24098 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
+CVE-2023-24097 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
+CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
+CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
 CVE-2023-24094
 	RESERVED
 CVE-2023-24093
@@ -1257,8 +1479,8 @@ CVE-2023-23826
 	RESERVED
 CVE-2023-23825
 	RESERVED
-CVE-2023-23824
-	RESERVED
+CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versi ...)
+	TODO: check
 CVE-2023-23823
 	RESERVED
 CVE-2023-23822
@@ -1377,6 +1599,7 @@ CVE-2023-22288
 	RESERVED
 CVE-2023-0394 [ipv6: raw: Deduct extension header length in rawv6_push_pending_frames]
 	RESERVED
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
 	NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
@@ -1725,8 +1948,8 @@ CVE-2023-23689
 	RESERVED
 CVE-2023-23688
 	RESERVED
-CVE-2023-23687
-	RESERVED
+CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube short ...)
+	TODO: check
 CVE-2023-23686
 	RESERVED
 CVE-2023-23685
@@ -2402,6 +2625,7 @@ CVE-2023-22281
 	RESERVED
 CVE-2023-0266 [ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF]
 	RESERVED
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
 CVE-2023-0265
@@ -2579,9 +2803,11 @@ CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-syst
 CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...)
 	NOT-FOR-US: manikandan170890 php-form-builder-class
 CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...)
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b
 CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4  ...)
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
 CVE-2023-23453
@@ -3637,7 +3863,7 @@ CVE-2023-22966
 	RESERVED
 CVE-2023-22965
 	RESERVED
-CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP through 13003 is vulnerable to  ...)
+CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13 ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...)
 	NOT-FOR-US: Dart language (different from src:dart)
@@ -3799,6 +4025,7 @@ CVE-2023-0180
 	RESERVED
 CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits]
 	RESERVED
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2
@@ -4655,8 +4882,8 @@ CVE-2023-22723
 	RESERVED
 CVE-2023-22722
 	RESERVED
-CVE-2023-22721
-	RESERVED
+CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPres ...)
+	TODO: check
 CVE-2023-22720
 	RESERVED
 CVE-2023-22719
@@ -5690,8 +5917,8 @@ CVE-2022-4834
 	RESERVED
 CVE-2022-4833
 	RESERVED
-CVE-2022-4832
-	RESERVED
+CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and  ...)
+	TODO: check
 CVE-2022-4831
 	RESERVED
 CVE-2022-4830
@@ -6194,8 +6421,8 @@ CVE-2018-25057 (A vulnerability was found in simple_php_link_shortener. It has b
 	NOT-FOR-US: simple_php_link_shortener
 CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been declar ...)
 	NOT-FOR-US: centic9 jgit-cookbook
-CVE-2022-4816
-	RESERVED
+CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...)
+	TODO: check
 CVE-2022-4815
 	RESERVED
 CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
@@ -6280,10 +6507,10 @@ CVE-2022-4792
 	RESERVED
 CVE-2022-4791
 	RESERVED
-CVE-2022-4790
-	RESERVED
-CVE-2022-4789
-	RESERVED
+CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...)
+	TODO: check
+CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...)
+	TODO: check
 CVE-2022-4788
 	RESERVED
 CVE-2022-4787
@@ -6423,8 +6650,8 @@ CVE-2022-4777
 	RESERVED
 CVE-2022-4776
 	RESERVED
-CVE-2022-4775
-	RESERVED
+CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and  ...)
+	TODO: check
 CVE-2022-4774
 	RESERVED
 CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
@@ -6545,12 +6772,12 @@ CVE-2022-4762
 	RESERVED
 CVE-2022-4761
 	RESERVED
-CVE-2022-4760
-	RESERVED
+CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...)
+	TODO: check
 CVE-2022-4759
 	RESERVED
-CVE-2022-4758
-	RESERVED
+CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...)
+	TODO: check
 CVE-2022-4757
 	RESERVED
 CVE-2022-4756
@@ -6559,12 +6786,12 @@ CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problema
 	NOT-FOR-US: FlatPress
 CVE-2022-4754
 	RESERVED
-CVE-2022-4753
-	RESERVED
+CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and  ...)
+	TODO: check
 CVE-2022-4752
 	RESERVED
-CVE-2022-4751
-	RESERVED
+CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate and  ...)
+	TODO: check
 CVE-2022-4750
 	RESERVED
 CVE-2022-4749
@@ -6612,8 +6839,8 @@ CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been
 	NOT-FOR-US: Fuji Electric
 CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Pl ...)
 	NOT-FOR-US: Zoho
-CVE-2022-4746
-	RESERVED
+CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a vis ...)
+	TODO: check
 CVE-2022-4745
 	RESERVED
 CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as  ...)
@@ -6759,14 +6986,14 @@ CVE-2022-4720 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
 	- rdiffweb <itp> (bug #969974)
-CVE-2022-4718
-	RESERVED
+CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...)
+	TODO: check
 CVE-2022-4717
 	RESERVED
-CVE-2022-4716
-	RESERVED
-CVE-2022-4715
-	RESERVED
+CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...)
+	TODO: check
+CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...)
+	TODO: check
 CVE-2022-4714
 	RESERVED
 CVE-2022-4713
@@ -6789,8 +7016,8 @@ CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to
 	NOT-FOR-US: Royal Elementor Addons plugin for WordPress
 CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...)
 	NOT-FOR-US: Royal Elementor Addons plugin for WordPress
-CVE-2022-4706
-	RESERVED
+CVE-2022-4706 (The Genesis Columns Advanced WordPress plugin before 2.0.4 does not va ...)
+	TODO: check
 CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
 	NOT-FOR-US: Royal Elementor Addons plugin for WordPress
 CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
@@ -6810,6 +7037,7 @@ CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cro
 CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: ProfilePress plugin for WordPress
 CVE-2022-4696 (There exists a use-after-free vulnerability in the Linux kernel throug ...)
+	{DSA-5324-1}
 	- linux 5.14.6-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
@@ -6817,8 +7045,8 @@ CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos
 	NOT-FOR-US: usememos
 CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
 	NOT-FOR-US: usememos
-CVE-2022-4693
-	RESERVED
+CVE-2022-4693 (The User Verification WordPress plugin before 1.0.94 was affected by a ...)
+	TODO: check
 CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
 	NOT-FOR-US: usememos
 CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
@@ -6888,6 +7116,7 @@ CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values
 CVE-2022-47930
 	RESERVED
 CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...)
+	{DSA-5324-1}
 	- linux 6.1.7-1
 	NOTE: https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4)
 CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
@@ -6910,8 +7139,8 @@ CVE-2022-4677
 	RESERVED
 CVE-2022-4676
 	RESERVED
-CVE-2022-4675
-	RESERVED
+CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...)
+	TODO: check
 CVE-2022-4674
 	RESERVED
 CVE-2022-46739
@@ -6920,18 +7149,18 @@ CVE-2022-46735
 	RESERVED
 CVE-2022-46734
 	RESERVED
-CVE-2022-4673
-	RESERVED
-CVE-2022-4672
-	RESERVED
+CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not validate and e ...)
+	TODO: check
+CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does  ...)
+	TODO: check
 CVE-2022-4671
 	RESERVED
 CVE-2022-4670
 	RESERVED
 CVE-2022-4669
 	RESERVED
-CVE-2022-4668
-	RESERVED
+CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...)
+	TODO: check
 CVE-2022-4667
 	RESERVED
 CVE-2022-4666
@@ -6993,8 +7222,8 @@ CVE-2022-4652
 	RESERVED
 CVE-2022-4651
 	RESERVED
-CVE-2022-4650
-	RESERVED
+CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
+	TODO: check
 CVE-2022-4649
 	RESERVED
 CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.g ...)
@@ -7093,20 +7322,20 @@ CVE-2022-46300
 	RESERVED
 CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal ...)
 	NOT-FOR-US: daloRADIUS
-CVE-2022-4629
-	RESERVED
+CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before 2.6.4 does  ...)
+	TODO: check
 CVE-2022-46286
 	RESERVED
 CVE-2022-4628
 	RESERVED
-CVE-2022-4627
-	RESERVED
+CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...)
+	TODO: check
 CVE-2022-4626
 	RESERVED
-CVE-2022-4625
-	RESERVED
-CVE-2022-4624
-	RESERVED
+CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate  ...)
+	TODO: check
+CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...)
+	TODO: check
 CVE-2022-4623
 	RESERVED
 CVE-2022-45876
@@ -9150,8 +9379,8 @@ CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 d
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4577
 	RESERVED
-CVE-2022-4576
-	RESERVED
+CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...)
+	TODO: check
 CVE-2022-4575
 	RESERVED
 CVE-2022-4574
@@ -9162,8 +9391,8 @@ CVE-2022-4572 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: UBI reader
 CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4570
-	RESERVED
+CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and escape  ...)
+	TODO: check
 CVE-2022-4569
 	RESERVED
 CVE-2022-4568
@@ -9252,14 +9481,14 @@ CVE-2022-4550
 	RESERVED
 CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4548
-	RESERVED
+CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress pl ...)
+	TODO: check
 CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4546
 	RESERVED
-CVE-2022-4545
-	RESERVED
+CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and escape s ...)
+	TODO: check
 CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...)
@@ -9276,8 +9505,8 @@ CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Serve
 	NOT-FOR-US: SAP
 CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...)
 	NOT-FOR-US: SAP
-CVE-2022-4542
-	RESERVED
+CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does not val ...)
+	TODO: check
 CVE-2022-4541
 	RESERVED
 CVE-2022-4540
@@ -9479,8 +9708,8 @@ CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified
 	NOT-FOR-US: RainyGao DocSys
 CVE-2022-4510
 	RESERVED
-CVE-2022-4509
-	RESERVED
+CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not validate a ...)
+	TODO: check
 CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...)
 	NOT-FOR-US: GE Digital
 CVE-2022-38469 (An unauthorized user with network access and the decryption key could  ...)
@@ -9641,8 +9870,8 @@ CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validat
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not validate and ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4485
-	RESERVED
+CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and escape ...)
+	TODO: check
 CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not validate and e ...)
@@ -9799,10 +10028,10 @@ CVE-2022-47376
 	RESERVED
 CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...)
 	NOT-FOR-US: Squirrel.Windows
-CVE-2022-4475
-	RESERVED
-CVE-2022-4474
-	RESERVED
+CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...)
+	TODO: check
+CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not validate a ...)
+	TODO: check
 CVE-2022-4473
 	RESERVED
 CVE-2022-4472
@@ -9815,8 +10044,8 @@ CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not vali
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4467
-	RESERVED
+CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...)
+	TODO: check
 CVE-2022-4466
 	RESERVED
 CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate  ...)
@@ -9973,8 +10202,8 @@ CVE-2022-4445
 	RESERVED
 CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...)
 	NOT-FOR-US: ipti br.tag
-CVE-2022-4443
-	RESERVED
+CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF check in  ...)
+	TODO: check
 CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress plugin befor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...)
@@ -10667,8 +10896,8 @@ CVE-2022-47067
 	RESERVED
 CVE-2022-47066
 	RESERVED
-CVE-2022-47065
-	RESERVED
+CVE-2022-47065 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...)
+	TODO: check
 CVE-2022-47064
 	RESERVED
 CVE-2022-47063
@@ -11305,8 +11534,8 @@ CVE-2022-4385
 	RESERVED
 CVE-2022-4384
 	RESERVED
-CVE-2022-4383
-	RESERVED
+CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly  ...)
+	TODO: check
 CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
@@ -11530,8 +11759,8 @@ CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x th
 	NOT-FOR-US: qubes-mirage-firewall
 CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...)
 	NOT-FOR-US: Apache Sling
-CVE-2022-4346
-	RESERVED
+CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...)
+	TODO: check
 CVE-2022-4343
 	RESERVED
 CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -11622,8 +11851,8 @@ CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4323
-	RESERVED
+CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
+	TODO: check
 CVE-2018-25048
 	RESERVED
 CVE-2023-21673
@@ -11948,16 +12177,16 @@ CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF c
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4308
 	RESERVED
-CVE-2022-4307
-	RESERVED
+CVE-2022-4307 (The پلاگین پرد&# ...)
+	TODO: check
 CVE-2022-4306
 	RESERVED
-CVE-2022-4305
-	RESERVED
+CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...)
+	TODO: check
 CVE-2022-4304
 	RESERVED
-CVE-2022-4303
-	RESERVED
+CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...)
+	TODO: check
 CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...)
@@ -12986,8 +13215,8 @@ CVE-2022-4232 (A vulnerability, which was classified as critical, was found in S
 	NOT-FOR-US: SourceCodester Event Registration System
 CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Tribal Systems Zenario CMS
-CVE-2022-4230
-	RESERVED
+CVE-2022-4230 (The WP Statistics WordPress plugin before 13.2.9 does not escape a par ...)
+	TODO: check
 CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...)
 	NOT-FOR-US: SourceCodester Book Store Management System
 CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -14097,6 +14326,7 @@ CVE-2022-4146
 CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...)
 	NOT-FOR-US: Apache James
 CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...)
+	{DSA-5324-1}
 	- linux 6.1.4-1
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
 CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...)
@@ -15430,8 +15660,8 @@ CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plu
 	NOT-FOR-US: Mattermost plugin
 CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...)
 	- rdiffweb <itp> (bug #969974)
-CVE-2022-4017
-	RESERVED
+CVE-2022-4017 (The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plu ...)
+	TODO: check
 CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...)
@@ -19229,8 +19459,8 @@ CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC
 	NOT-FOR-US: airMAX
 CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...)
 	NOT-FOR-US: Huawei
-CVE-2022-3811
-	RESERVED
+CVE-2022-3811 (The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does no ...)
+	TODO: check
 CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified  ...)
 	NOT-FOR-US: Bento4
 CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...)
@@ -23790,6 +24020,7 @@ CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as probl
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1)
 CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
+	{DSA-5324-1}
 	- linux 6.0.3-1
 	[buster] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
@@ -24998,6 +25229,7 @@ CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage M
 CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
 	NOT-FOR-US: SourceCodester Simple Cold Storage Management System
 CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...)
+	{DSA-5324-1}
 	- linux 6.0.2-1
 	NOTE: https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1)
 CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...)
@@ -26480,8 +26712,8 @@ CVE-2022-3432
 	RESERVED
 CVE-2022-3431
 	RESERVED
-CVE-2022-3430
-	RESERVED
+CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...)
+	TODO: check
 CVE-2022-42493
 	RESERVED
 CVE-2022-42492
@@ -26556,8 +26788,8 @@ CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Re
 	NOT-FOR-US: Corner Ad plugin for WordPress
 CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3425
-	RESERVED
+CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
+	TODO: check
 CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os]
 	RESERVED
 	- linux 6.1.4-1
@@ -28417,7 +28649,7 @@ CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directo
 	NOT-FOR-US: Ultimate Member plugin for WordPress
 CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3359 (The Shortcodes and extra features for Phlox WordPress plugin through 2 ...)
+CVE-2022-3359 (The Shortcodes and extra features for Phlox theme WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
 	- openssl 3.0.7-1 (bug #1021620)
@@ -29218,8 +29450,8 @@ CVE-2022-41507
 	RESERVED
 CVE-2022-41506
 	RESERVED
-CVE-2022-41505
-	RESERVED
+CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows physica ...)
+	TODO: check
 CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...)
 	NOT-FOR-US: Billing System Project
 CVE-2022-41503
@@ -29962,6 +30194,7 @@ CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via
 CVE-2022-41219
 	RESERVED
 CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...)
+	{DSA-5324-1}
 	- linux 6.1.4-1
 	NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
@@ -32582,6 +32815,7 @@ CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
 	NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries are public
 CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx  ...)
+	{DSA-5324-1}
 	- linux 6.1.4-1
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
 	NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
@@ -36289,8 +36523,8 @@ CVE-2022-38727
 	RESERVED
 CVE-2022-38726
 	RESERVED
-CVE-2022-38725
-	RESERVED
+CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...)
+	TODO: check
 CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...)
 	NOT-FOR-US: SilverStripe CMS
 CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...)
@@ -37355,6 +37589,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 	NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...)
+	{DSA-5324-1}
 	- linux 6.1.4-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
 	NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
@@ -37992,7 +38227,7 @@ CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existin
 	- gitea <removed>
 CVE-2022-38182
 	RESERVED
-CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel driver allows ...)
+CVE-2022-38181 (The Arm Mali GPU kernel driver allows unprivileged users to access fre ...)
 	NOT-FOR-US: ARM Mali GPU driver
 CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
 	NOT-FOR-US: OpenBMC
@@ -39186,10 +39421,10 @@ CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_
 	NOT-FOR-US: PyroCMS
 CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...)
 	NOT-FOR-US: Orchard CMS
-CVE-2022-37719
-	RESERVED
-CVE-2022-37718
-	RESERVED
+CVE-2022-37719 (A Cross-Site Request Forgery (CSRF) in the management portal of JetNex ...)
+	TODO: check
+CVE-2022-37718 (The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was di ...)
+	TODO: check
 CVE-2022-37717
 	RESERVED
 CVE-2022-37716
@@ -55216,7 +55451,7 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-ba
 CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...)
 	NOT-FOR-US: Apache Tapestry
 CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...)
-	{DSA-5206-1}
+	{DSA-5206-1 DLA-3279-1}
 	- trafficserver 9.1.3+ds-1
 	NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...)
@@ -66313,7 +66548,7 @@ CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go
 CVE-2022-28130
 	RESERVED
 CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of  ...)
-	{DSA-5206-1}
+	{DSA-5206-1 DLA-3279-1}
 	- trafficserver 9.1.3+ds-1
 	NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
@@ -73071,7 +73306,7 @@ CVE-2022-25769
 CVE-2022-25768
 	RESERVED
 CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
-	{DSA-5206-1}
+	{DSA-5206-1 DLA-3279-1}
 	- trafficserver 9.1.3+ds-1
 	NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
@@ -79940,8 +80175,8 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
 	NOT-FOR-US: go-attestation
-CVE-2022-0316
-	RESERVED
+CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress theme, a ...)
+	TODO: check
 CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to  ...)
 	NOT-FOR-US: horovod
 CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...)
@@ -95438,18 +95673,18 @@ CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record
 	NOT-FOR-US: PHPGURUKUL
 CVE-2021-43450
 	RESERVED
-CVE-2021-43449
-	RESERVED
-CVE-2021-43448
-	RESERVED
-CVE-2021-43447
-	RESERVED
-CVE-2021-43446
-	RESERVED
-CVE-2021-43445
-	RESERVED
-CVE-2021-43444
-	RESERVED
+CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side  ...)
+	TODO: check
+CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Inp ...)
+	TODO: check
+CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
+	TODO: check
+CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site S ...)
+	TODO: check
+CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
+	TODO: check
+CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
+	TODO: check
 CVE-2021-43443
 	RESERVED
 CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc Annexxus Cam ...)
@@ -113873,7 +114108,7 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
 CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
-	{DSA-5206-1}
+	{DSA-5206-1 DLA-3279-1}
 	- trafficserver 9.1.3+ds-1
 	NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
@@ -145130,8 +145365,8 @@ CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24881
-	RESERVED
+CVE-2021-24881 (The Passster WordPress plugin before 3.5.5.9 does not properly check f ...)
+	TODO: check
 CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
@@ -145218,8 +145453,8 @@ CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have aut
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24838 (The AnyComment WordPress plugin before 0.3.5 has an API endpoint which ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-24837
-	RESERVED
+CVE-2021-24837 (The Passster WordPress plugin before 3.5.5.8 does not escape the area  ...)
+	TODO: check
 CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec92388390c1c4402846e94c74782e62b02fc79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec92388390c1c4402846e94c74782e62b02fc79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230123/412b387b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list