[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 28 08:10:21 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f6ea926 by security tracker role at 2023-01-28T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-0559
+ RESERVED
+CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2023-0556 (The ContentStudio plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2023-0555 (The Quick Restaurant Menu plugin for WordPress is vulnerable to author ...)
+ TODO: check
+CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-0552
+ RESERVED
+CVE-2023-0551
+ RESERVED
+CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...)
+ TODO: check
+CVE-2022-48284
+ RESERVED
+CVE-2022-48283
+ RESERVED
+CVE-2021-4315
+ RESERVED
CVE-2023-24595
RESERVED
CVE-2023-24583
@@ -2588,34 +2614,34 @@ CVE-2023-23631
RESERVED
CVE-2023-23630
RESERVED
-CVE-2023-23629
- RESERVED
-CVE-2023-23628
- RESERVED
-CVE-2023-23627
- RESERVED
+CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...)
+ TODO: check
+CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...)
+ TODO: check
+CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ...)
+ TODO: check
CVE-2023-23626
RESERVED
CVE-2023-23625
RESERVED
-CVE-2023-23624
- RESERVED
+CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-23623
RESERVED
CVE-2023-23622
RESERVED
-CVE-2023-23621
- RESERVED
-CVE-2023-23620
- RESERVED
+CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
+CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-23619 (Modelina is a library for generating data models based on inputs such ...)
TODO: check
CVE-2023-23618
RESERVED
-CVE-2023-23617
- RESERVED
-CVE-2023-23616
- RESERVED
+CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and ...)
+ TODO: check
+CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-23615
RESERVED
CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides a centr ...)
@@ -5375,8 +5401,8 @@ CVE-2023-22739 (Discourse is an open source platform for community discussion. V
NOT-FOR-US: Discourse
CVE-2023-22738
RESERVED
-CVE-2023-22737
- RESERVED
+CVE-2023-22737 (wire-server provides back end services for Wire, a team communication ...)
+ TODO: check
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22735
@@ -5881,7 +5907,7 @@ CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143
CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior to maste ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0047
- RESERVED
+ REJECTED
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
@@ -6694,12 +6720,12 @@ CVE-2022-48120 (SQL Injection vulnerability in kishan0725 Hospital Management Sy
NOT-FOR-US: kishan0725 Hospital Management System
CVE-2022-48119
RESERVED
-CVE-2022-48118
- RESERVED
+CVE-2022-48118 (Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vul ...)
+ TODO: check
CVE-2022-48117
RESERVED
-CVE-2022-48116
- RESERVED
+CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-48115
RESERVED
CVE-2022-48114
@@ -6714,10 +6740,10 @@ CVE-2022-48110
RESERVED
CVE-2022-48109
RESERVED
-CVE-2022-48108
- RESERVED
-CVE-2022-48107
- RESERVED
+CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2022-48107 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...)
+ TODO: check
CVE-2022-48106
RESERVED
CVE-2022-48105
@@ -11461,7 +11487,7 @@ CVE-2022-47054
RESERVED
CVE-2022-47053
RESERVED
-CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to contain a c ...)
+CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' i ...)
NOT-FOR-US: NETGEAR
CVE-2022-47051
RESERVED
@@ -11634,8 +11660,8 @@ CVE-2022-46970
RESERVED
CVE-2022-46969
RESERVED
-CVE-2022-46968
- RESERVED
+CVE-2022-46968 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=h ...)
+ TODO: check
CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows unaut ...)
TODO: check
CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...)
@@ -13676,8 +13702,8 @@ CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has
NOT-FOR-US: C-DATA Web Management System
CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4255
- RESERVED
+CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE from 13 ...)
+ TODO: check
CVE-2022-4254 [libsss_certmap fails to sanitise certificate data used in LDAP filters]
RESERVED
- sssd 2.3.1-1
@@ -13717,14 +13743,14 @@ CVE-2022-4241
RESERVED
CVE-2022-4240
RESERVED
-CVE-2022-46359
- RESERVED
-CVE-2022-46358
- RESERVED
-CVE-2022-46357
- RESERVED
-CVE-2022-46356
- RESERVED
+CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security Manager ...)
+ TODO: check
+CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security Manager ...)
+ TODO: check
+CVE-2022-46357 (Potential vulnerabilities have been identified in HP Security Manager ...)
+ TODO: check
+CVE-2022-46356 (Potential vulnerabilities have been identified in HP Security Manager ...)
+ TODO: check
CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
NOT-FOR-US: Siemens
CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...)
@@ -13904,8 +13930,7 @@ CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerab
CVE-2022-4206
RESERVED
- gitlab <unfixed>
-CVE-2022-4205
- RESERVED
+CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...)
- gitlab <unfixed>
CVE-2022-4204
RESERVED
@@ -14000,8 +14025,7 @@ CVE-2022-42885
RESERVED
CVE-2022-42489
RESERVED
-CVE-2022-4201
- RESERVED
+CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, ...)
- gitlab <unfixed>
CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...)
NOT-FOR-US: WordPress plugin
@@ -21331,12 +21355,12 @@ CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with
- airflow <itp> (bug #819700)
CVE-2022-43981
RESERVED
-CVE-2022-43980
- RESERVED
-CVE-2022-43979
- RESERVED
-CVE-2022-43978
- RESERVED
+CVE-2022-43980 (There is a stored cross-site scripting vulnerability in Pandora FMS v7 ...)
+ TODO: check
+CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion in Pand ...)
+ TODO: check
+CVE-2022-43978 (There is an improper authentication vulnerability in Pandora FMS v764. ...)
+ TODO: check
CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post withou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3749
@@ -34128,12 +34152,12 @@ CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabi
NOT-FOR-US: NOKIA
CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the ...)
NOT-FOR-US: NOKIA
-CVE-2022-39813
- RESERVED
-CVE-2022-39812
- RESERVED
-CVE-2022-39811
- RESERVED
+CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored ...)
+ TODO: check
+CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal un ...)
+ TODO: check
+CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control unde ...)
+ TODO: check
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
@@ -35094,8 +35118,8 @@ CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQ
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
NOT-FOR-US: Muhammara Nodejs module
-CVE-2022-39380
- RESERVED
+CVE-2022-39380 (Wire web-app is part of Wire communications. Versions prior to 2022-11 ...)
+ TODO: check
CVE-2022-39379 (Fluentd collects events from various data sources and writes them to f ...)
- fluentd <itp> (bug #926692)
CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...)
@@ -35256,8 +35280,8 @@ CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for Gi
NOT-FOR-US: kartverket/github-workflows
CVE-2022-39325 (BaserCMS is a content management system with a japanese language focus ...)
NOT-FOR-US: BaserCMS
-CVE-2022-39324
- RESERVED
+CVE-2022-39324 (Grafana is an open-source platform for monitoring and observability. P ...)
+ TODO: check
CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9
@@ -52877,7 +52901,7 @@ CVE-2022-32954
CVE-2022-32953
RESERVED
CVE-2022-32952
- RESERVED
+ REJECTED
CVE-2022-32951
REJECTED
CVE-2022-32950
@@ -54055,7 +54079,7 @@ CVE-2022-32474
CVE-2022-32473
RESERVED
CVE-2022-32472
- RESERVED
+ REJECTED
CVE-2022-32471
RESERVED
CVE-2022-32470
@@ -81306,8 +81330,8 @@ CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version
TODO: check
CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
TODO: check
-CVE-2022-23552
- RESERVED
+CVE-2022-23552 (Grafana is an open-source platform for monitoring and observability. S ...)
+ TODO: check
CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...)
NOT-FOR-US: aad-pod-identity
CVE-2022-23550
@@ -81365,7 +81389,8 @@ CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Vers
NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
NOT-FOR-US: GuardDog
-CVE-2022-23529 (node-jsonwebtoken is a JsonWebToken implementation for node.js. For ve ...)
+CVE-2022-23529
+ REJECTED
NOT-FOR-US: jsonwebtoken node module
CVE-2022-23528
RESERVED
@@ -92290,8 +92315,8 @@ CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11
CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
-CVE-2019-25053
- RESERVED
+CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before November ...)
+ TODO: check
CVE-2021-44353
RESERVED
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f6ea9266afd4fb0a86741702e34af0479da309f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f6ea9266afd4fb0a86741702e34af0479da309f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230128/002faf30/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list